Paper Info
Title
Using formal distributions for threat likelihood estimation in cloud-enabled IT risk assessment.
Abstract
We present a quantitative business-process risk assessment methodology that utilizes formal mathematical distributions over historical data to enable better granularity and less subjective assessment on cyber-physical systems (CPS) and IT systems that use cloud services in general. The proposed methodology supports risks on asset-based processes associated with cloud computing platforms. ISO and US standards for cloud platforms are used to detect cloud-based attack vectors, threats and vulnerabilities both for CPS and traditional IT systems. Poisson distributions are proposed as a scientific means to quantify the likelihood of threat manifestation for assessing security risks. The key advantage of the presented method is its non-subjective likelihood threat estimation (contrary to current standards) and its ability to assess risk based on novel asset-based processes that fully support cloud services and CPS, which can aid stakeholders to comparatively assess the risk of using cloud services to process data. A real-world critical infrastructure was used to compare results of the presented methodology with its current security plan.
Year
DOI
Venue
2018
10.1016/j.comnet.2018.01.033
Computer Networks
Keywords
Field
DocType
Risk assessment,Threat likelihood,Cyber-physical systems,Cloud computing
Information technology,Computer science,Critical infrastructure,Risk assessment,Risk analysis (engineering),Poisson distribution,Granularity,IT risk management,Cloud computing,Vulnerability,Distributed computing
Journal
Volume
Issue
ISSN
134
C
1389-1286
Citations 
PageRank 
References 
1
0.36
4
Authors
3
Name
Order
Citations
PageRank
George Stergiopoulos1369.25
D. Gritzalis2226.05
Vasilis Kouktzoglou330.81