Abstract
The paper presents the analysis of national and foreign literature on the methods of cybersecurity risk assessment including critical infrastructure facilities. It is stated that cybersecurity and risk assessment are an important issue of critical infrastructure facilities. The paper proposes graphical and analytical methods for assessing the total cybersecurity risk of I&C systems including critical infrastructure facilities. These total risk assessment methods are based on determining the maximum values of consequences for each risk. It is shown that the maximum values of cyber threat effects can be determined by expert means, as the maximum losses that can be caused to the company assets. The proposed methods make it possible to determine the total cybersecurity risk of critical infrastructure, the total losses due to multiple cyber threats, the total losses due to a single cyber threat for a certain period of time, the likelihood of maximum losses due to multiple cyber threats. There are the advantages of these methods for assessing total risk. Based on the proposed methods, it is possible to develop a methodology for assessing the cybersecurity risks of I&C systems including critical infrastructure facilities, and build decision support systems for the application of risk reduction measures. The economic feasibility of applying these or other risk treatment measures, both organizational and technical, is defined by evaluating the cost of such measures with the maximum amount of losses due to the total risk.
Publisher
State Scientific and Technical Center for Nuclear and Radiation Safety
Subject
Safety, Risk, Reliability and Quality,Nuclear Energy and Engineering
Cited by
14 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献