Predicting Cybersecurity Risk - A Methodology for Assessments

Daniel Jorge Ferreira; Henrique São Mamede

doi:10.56394/aris2.v2i2.23

Authors

Daniel Jorge Ferreira Universidade de Trás-os-Montes e Alto Douro | LAPI2S - Laboratory of Privacy and Information Systems Security & COPELABS https://orcid.org/0000-0002-6155-5443
Henrique São Mamede Universidade Aberta https://orcid.org/0000-0002-5383-9884

DOI:

https://doi.org/10.56394/aris2.v2i2.23

Keywords:

Information Security, Cybersecurity, cybercrime, iso

Abstract

Defining an appropriate cybersecurity incident response model is a critical challenge that all companies face on a daily basis.
However, there is not always an adequate answer. This is due to the lack of predictive models based on data (evidence). There is a significant investment in research to identify the main factors that can cause such incidents, always trying to have the most appropriate response and, consequently, enhancing response capacity and success. At the same time, several different methodologies assess the risk management and maturity level of organizations.
There is, however, a gap in determining an organization's degree of proactive responsiveness to successfully adopt cybersecurity and an even more significant gap in assessing it from a risk management perspective. This paper proposes a model to evaluate this capacity, a model that intends to evaluate the methodological aspects of an organization and indicates the apparent gaps that can negatively impact the future of the organization in the management of cybersecurity incidents and presents a model that intends to be proactive.

References

Abu MS et al. (2018) Cyber threat intelligence–issue and challenges. Indones J Electr Eng Comput Sci 10(1):371–379 DOI: https://doi.org/10.11591/ijeecs.v10.i1.pp371-379

Ahmad, A., Desouza, K. C., Maynard, S. B., Naseer, H., & Baskerville, R. L. (2020). How the integration of cyber security management and incident response enables organizational learning. DOI: https://doi.org/10.1002/asi.24311

Atkins, S., & Lawson, C. (2020). An Improvised Patchwork: Success and Failure in Cybersecurity Policy for Critical Infrastructure. DOI: https://doi.org/10.1111/puar.13322

Balla Moussa Dioubate & Wan Daud, Wan Norhayate, A Review of Cybersecurity Risk Management Framework in Malaysia Higher Education Institutions, 10 May 2022 DOI: https://doi.org/10.6007/IJARBSS/v12-i5/12924

Bowen, B. M., Devarajan, R., & Stolfo, S. (2011). Measuring the human factor of cyber security. Paper presented at 2011 IEEE International Conference on Technologies for Homeland Security (HST), Boston, MA. (230–235). IEEE; DOI: https://doi.org/10.1109/THS.2011.6107876

Chad Ashley, Michelle Preiksaitis, Strategic Cybersecurity Risk Management Practices for Information in Small and Medium Enterprises, ARTICLES Published 2022-06-01