دانلود مقاله چارچوب مدیریت ریسک امنیت سایبری یکپارچه
چکیده
مقدمه
مطالب مرتبط
مدیریت یکپارچه ریسک امنیت سایبری (i-CSRM)
ابزار یکپارچه مدیریت ریسک امنیت سایبری (i-CSRMT)
ارزیابی i-CSRM
بحث
نتیجه گیری
منابع
Abstract
Introduction
Related works
Integrated cybersecurity risk management (i-CSRM)
Integrated cyber security risk management tool (i-CSRMT)
Evaluation of i-CSRM
Discussion
Conclusion
Declarations
References
چکیده
مدیریت ریسک امنیت سایبری به دلیل تغییر سریع چشم انداز تهدید و وجود حملات سایبری پیچیده در حال تکامل، نقش مهمی را برای کسب و کارهای امروزی ایفا میکند. برای سازمان ها، با هر اندازه، به ویژه آنهایی که با زیرساختهای حیاتی مرتبط هستند، لازم است خطرات را درک کنند تا بتوان کنترل های مناسبی را برای تداوم کلی کسب و کار و ارائه خدمات حیاتی انجام داد. تعدادی کار وجود دارد که هدف آنها توسعه فرآیندهای سیستماتیک برای ارزیابی و مدیریت ریسک است. با این حال، آثار موجود ورودی محدودی از ویژگیهای اطلاعاتی تهدید و روندهای حمله در حال تحول دارند که منجر به اطلاعات متنی محدود مرتبط با خطرات امنیت سایبری میشود. این یک چالش ایجاد میکند، بهویژه در زمینه زیرساختهای حیاتی، زیرا حملات از فنی به اجتماعی-فنی تبدیل شدهاند و محافظت در برابر آنها به چنین اطلاعات زمینهای نیاز دارد. این تحقیق یک چارچوب جدید مدیریت ریسک امنیت سایبری یکپارچه (i-CSRM) را پیشنهاد میکند که با پشتیبانی از شناسایی سیستماتیک داراییهای حیاتی از طریق استفاده از مکانیزم پشتیبانی تصمیم ساخته شده بر اساس نظریه مجموعههای فازی، با پیشبینی انواع ریسک از طریق تکنیکهای یادگیری ماشین، به آن چالش پاسخ میدهد. و با ارزیابی اثربخشی کنترل های موجود. چارچوب از یک زبان، یک فرآیند تشکیل شده است و توسط یک ابزار خودکار پشتیبانی می شود. این مقاله همچنین در مورد ارزیابی کار ما به یک مطالعه موردی واقعی از یک زیرساخت حیاتی گزارش میدهد. نتایج نشان میدهد که با استفاده از تئوری مجموعههای فازی در ارزیابی بحرانی بودن داراییها، کار ما از ذینفعان در جهت مدیریت ریسک مؤثر با ارزیابی بحرانی بودن هر دارایی حمایت میکند. علاوه بر این، نتایج عملکرد نمونه طبقهبندیکنندههای یادگیری ماشین را برای پیشبینی انواع خطرات مختلف از جمله انکار سرویس، جاسوسی سایبری و نرمافزار جنایی نشان دادهاند.
توجه! این متن ترجمه ماشینی بوده و توسط مترجمین ای ترجمه، ترجمه نشده است.
Abstract
Cyber security risk management plays an important role for today’s businesses due to the rapidly changing threat landscape and the existence of evolving sophisticated cyber attacks. It is necessary for organisations, of any size, but in particular those that are associated with a critical infrastructure, to understand the risks, so that suitable controls can be taken for the overall business continuity and critical service delivery. There are a number of works that aim to develop systematic processes for risk assessment and management. However, the existing works have limited input from threat intelligence properties and evolving attack trends, resulting in limited contextual information related to cyber security risks. This creates a challenge, especially in the context of critical infrastructures, since attacks have evolved from technical to socio-technical and protecting against them requires such contextual information. This research proposes a novel integrated cyber security risk management (i-CSRM) framework that responds to that challenge by supporting systematic identification of critical assets through the use of a decision support mechanism built on fuzzy set theory, by predicting risk types through machine learning techniques, and by assessing the effectiveness of existing controls.
Introduction
Critical infrastructures (CIs), such as energy and healthcare, heavily rely on Information and Communication Technology (ICT) to support reliable service delivery. Such integration of ICT to CIs introduces a number of advantages, such as higher degree of flexibility, scalability and efficiency in the communication and coordination of advanced services and processes. On the other hand, the increase usage of ICT in CIs creates new opportunities for cyber attacks and increases the vulnerability of those systems. Due to the importance of critical infrastructures, there are recently an increased number of attacks that are evolving in terms of sophistication, persistence and the resources that attackers have available. Such attacks consider not just the technical limitations of the relevant technologies but also the contextual information related to the critical infrastructure.
Despite of several existing works on cybersecurity risk management, the literature fails to present works that consider such contextual information when performing risk management for critical infrastructures. Moreover, existing works focus more on the prediction of risks and do not consider—as part of the same process—necessary controls that mitigate those risks. Our work advances the state of the art through the integration of cyber threat intelligence (CTI) to the risk management process, to understand contextual information related to the threat actor’s behaviour, tactics, techniques and procedures (TTP) and indicators. Moreover, it provides a unified process that integrates both risk prediction and risk mitigation with the aid of machine learning.
Conclusion
Risk management is a continuous process for maintaining the effective functioning of critical assets for any organisational context. In particular, critical infrastructures need resilience for the service delivery and risk management is an essential component to achieve this. The threat landscape is constantly evolving with new techniques and more sophisticated organised attacks. Therefore, it is necessary for the risk management activities to consider the threat context to assess and manage the risks. This research proposes the integrated cyber security risk management framework (i-CSRM) that adopts various existing standards and cyber threat intelligence data for risk management. i-CSRM also includes machine learning (ML) models to predicate the risk types so that organisations can undertake the necessary proactive measures to tackle the risks. The framework also includes a tool support to automate some of the risk management activities. Finally, i-CSRM is applied in a CI-based industrial context and the results of applying the framework are very promising. Specifically the studied context was able to identify and assess risks using i-CSRM and determine the right level of control for the overall business continuity. The participants’ observation is that i-CSRM is a practical approach for the risk management, and integration of CTI makes the risk management activities more effective. We believe that the proposed i-CSRM framework, its process and supporting tool will significantly impact the cybersecurity domain and state of the art in general. The i-CSRM framework focuses only on the supervised learning method, which requires labelled dataset. As a part of our future research, we would like to deploy the i-CSRM in different CI context and implement different data sets for the risk type predication. Additionally, it is necessary to develop a checklist to make the process easy to use for risk assessment and management.