Kure, Halima Ibrahim and Islam, Shareeful and Mouratidis, Haralambos (2022) An integrated cyber security risk management framework and risk predication for the critical infrastructure protection. Neural Computing and Applications, 34 (18). pp. 15241-15271. DOI https://doi.org/10.1007/s00521-022-06959-2
Kure, Halima Ibrahim and Islam, Shareeful and Mouratidis, Haralambos (2022) An integrated cyber security risk management framework and risk predication for the critical infrastructure protection. Neural Computing and Applications, 34 (18). pp. 15241-15271. DOI https://doi.org/10.1007/s00521-022-06959-2
Kure, Halima Ibrahim and Islam, Shareeful and Mouratidis, Haralambos (2022) An integrated cyber security risk management framework and risk predication for the critical infrastructure protection. Neural Computing and Applications, 34 (18). pp. 15241-15271. DOI https://doi.org/10.1007/s00521-022-06959-2
Abstract
Cyber security risk management plays an important role for today’s businesses due to the rapidly changing threat landscape and the existence of evolving sophisticated cyber attacks. It is necessary for organisations, of any size, but in particular those that are associated with a critical infrastructure, to understand the risks, so that suitable controls can be taken for the overall business continuity and critical service delivery. There are a number of works that aim to develop systematic processes for risk assessment and management. However, the existing works have limited input from threat intelligence properties and evolving attack trends, resulting in limited contextual information related to cyber security risks. This creates a challenge, especially in the context of critical infrastructures, since attacks have evolved from technical to socio-technical and protecting against them requires such contextual information. This research proposes a novel integrated cyber security risk management (i-CSRM) framework that responds to that challenge by supporting systematic identification of critical assets through the use of a decision support mechanism built on fuzzy set theory, by predicting risk types through machine learning techniques, and by assessing the effectiveness of existing controls. The framework is composed of a language, a process, and it is supported by an automated tool. The paper also reports on the evaluation of our work to a real case study of a critical infrastructure. The results reveal that using the fuzzy set theory in assessing assets' criticality, our work supports stakeholders towards an effective risk management by assessing each asset's criticality. Furthermore, the results have demonstrated the machine learning classifiers’ exemplary performance to predict different risk types including denial of service, cyber espionage and crimeware.
Item Type: | Article |
---|---|
Uncontrolled Keywords: | Cyber security risk management; Threat intelligence; Fuzzy theory; Control effectiveness; Risk prediction; Machine learning; Case study |
Divisions: | Faculty of Science and Health Faculty of Science and Health > Computer Science and Electronic Engineering, School of |
SWORD Depositor: | Unnamed user with email elements@essex.ac.uk |
Depositing User: | Unnamed user with email elements@essex.ac.uk |
Date Deposited: | 11 Feb 2022 22:08 |
Last Modified: | 30 Oct 2024 16:57 |
URI: | http://repository.essex.ac.uk/id/eprint/32252 |
Available files
Filename: After Revision_Final-Submission.pdf