Title | ||
---|---|---|
Using formal distributions for threat likelihood estimation in cloud-enabled IT risk assessment. |
Abstract | ||
---|---|---|
We present a quantitative business-process risk assessment methodology that utilizes formal mathematical distributions over historical data to enable better granularity and less subjective assessment on cyber-physical systems (CPS) and IT systems that use cloud services in general. The proposed methodology supports risks on asset-based processes associated with cloud computing platforms. ISO and US standards for cloud platforms are used to detect cloud-based attack vectors, threats and vulnerabilities both for CPS and traditional IT systems. Poisson distributions are proposed as a scientific means to quantify the likelihood of threat manifestation for assessing security risks. The key advantage of the presented method is its non-subjective likelihood threat estimation (contrary to current standards) and its ability to assess risk based on novel asset-based processes that fully support cloud services and CPS, which can aid stakeholders to comparatively assess the risk of using cloud services to process data. A real-world critical infrastructure was used to compare results of the presented methodology with its current security plan. |
Year | DOI | Venue |
---|---|---|
2018 | 10.1016/j.comnet.2018.01.033 | Computer Networks |
Keywords | Field | DocType |
Risk assessment,Threat likelihood,Cyber-physical systems,Cloud computing | Information technology,Computer science,Critical infrastructure,Risk assessment,Risk analysis (engineering),Poisson distribution,Granularity,IT risk management,Cloud computing,Vulnerability,Distributed computing | Journal |
Volume | Issue | ISSN |
134 | C | 1389-1286 |
Citations | PageRank | References |
1 | 0.36 | 4 |
Authors | ||
3 |
Name | Order | Citations | PageRank |
---|---|---|---|
George Stergiopoulos | 1 | 36 | 9.25 |
D. Gritzalis | 2 | 22 | 6.05 |
Vasilis Kouktzoglou | 3 | 3 | 0.81 |