Research Repository

An integrated cyber security risk management framework and risk predication for the critical infrastructure protection

Kure, Halima Ibrahim and Islam, Shareeful and Mouratidis, Haralambos (2022) 'An integrated cyber security risk management framework and risk predication for the critical infrastructure protection.' Neural Computing and Applications, 34 (18). pp. 15241-15271. ISSN 0941-0643

[img] Text
After Revision_Final-Submission.pdf - Accepted Version
Restricted to Repository staff only until 2 February 2023.

Download (2MB)

Abstract

Cyber security risk management plays an important role for today’s businesses due to the rapidly changing threat landscape and the existence of evolving sophisticated cyber attacks. It is necessary for organisations, of any size, but in particular those that are associated with a critical infrastructure, to understand the risks, so that suitable controls can be taken for the overall business continuity and critical service delivery. There are a number of works that aim to develop systematic processes for risk assessment and management. However, the existing works have limited input from threat intelligence properties and evolving attack trends, resulting in limited contextual information related to cyber security risks. This creates a challenge, especially in the context of critical infrastructures, since attacks have evolved from technical to socio-technical and protecting against them requires such contextual information. This research proposes a novel integrated cyber security risk management (i-CSRM) framework that responds to that challenge by supporting systematic identification of critical assets through the use of a decision support mechanism built on fuzzy set theory, by predicting risk types through machine learning techniques, and by assessing the effectiveness of existing controls. The framework is composed of a language, a process, and it is supported by an automated tool. The paper also reports on the evaluation of our work to a real case study of a critical infrastructure. The results reveal that using the fuzzy set theory in assessing assets' criticality, our work supports stakeholders towards an effective risk management by assessing each asset's criticality. Furthermore, the results have demonstrated the machine learning classifiers’ exemplary performance to predict different risk types including denial of service, cyber espionage and crimeware.

Item Type: Article
Uncontrolled Keywords: Cyber security risk management; Threat intelligence; Fuzzy theory; Control effectiveness; Risk prediction; Machine learning; Case study
Divisions: Faculty of Science and Health
Faculty of Science and Health > Computer Science and Electronic Engineering, School of
SWORD Depositor: Elements
Depositing User: Elements
Date Deposited: 11 Feb 2022 22:08
Last Modified: 23 Sep 2022 19:52
URI: http://repository.essex.ac.uk/id/eprint/32252

Actions (login required)

View Item View Item