Automated Cyber and Privacy Risk Management Toolkit

González-Granadillo, Gustavo; Menesidou, Sofia Anna; Papamartzivanos, Dimitrios; Romeu, Ramon; Navarro-Llobet, Diana; Okoh, Caxton; Nifakos, Sokratis; Xenakis, Christos; Panaousis, Emmanouil

doi:10.3390/s21165493

Cited by 18 publications

(8 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover, the information discovered by ISADT can be used by other tools and methodologies, like the one presented in [21], to predict future incidents and identify new threat patterns in each single asset. This information can also be used to detect the cyber-security and the privacy risks in a device before an information exchange is done, as presented in [22].…”

Section: Discussionmentioning

confidence: 99%

A Trusted Platform Module-based, Pre-emptive and Dynamic Asset Discovery Tool

Díaz-Honrubia

Herranz

Santamaría

et al. 2022

Journal of Information Security and Applications

View full text Add to dashboard Cite

Section: Discussionmentioning

confidence: 99%

A Trusted Platform Module-based, Pre-emptive and Dynamic Asset Discovery Tool

Díaz-Honrubia

Herranz

Santamaría

et al. 2022

Journal of Information Security and Applications

View full text Add to dashboard Cite

“…This section presents a general overview of risk management approaches against cyber-attacks. This study identified 23 primary studies, of which two focused on mobile [153,154], six focused on IoT devices [107,[155][156][157][158]181], two focused on cyber-physical systems [168,169], four focused on either fog computing [111,160], the 5G edge-cloud ecosystem [167], or connected and autonomous vehicle (CAV) [159], and eight in general [61,93,[161][162][163][164][165][166]. Furthermore, four primary studies focused on APT [93,107,111,160], while the others are focused on either specific attacks such as DDOS attacks [181], DOS [167], SQL injections attacks [181], or privilege-induced attacks [154], or non-specific attacks [60,61,140,[155][156][157][158][159][161][162][163][164][165][166]…”

Section: Rq2: What Are the Proposed Defensive Mechanisms Available To...mentioning

confidence: 99%

“…This ever-changing threat landscape leads to a lack of a clear and comprehensive understanding of the TTP of APTs [23]. Other solutions proposed risk management approaches that focused on APTs [93,132,146] or traditional attacks [93,111,[161][162][163][164][165][166][167][168][169][170]. Most of the existing studies have focused on qualitative approaches due to their simplicity, risk appetite, and ability to evaluate risk.…”

Section: Research Gapsmentioning

confidence: 99%

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

Jabar

Singh

2022

Sensors

View full text Add to dashboard Cite

During the last several years, the Internet of Things (IoT), fog computing, computer security, and cyber-attacks have all grown rapidly on a large scale. Examples of IoT include mobile devices such as tablets and smartphones. Attacks can take place that impact the confidentiality, integrity, and availability (CIA) of the information. One attack that occurs is Advanced Persistent Threat (APT). Attackers can manipulate a device’s behavior, applications, and services. Such manipulations lead to signification of a deviation from a known behavioral baseline for smartphones. In this study, the authors present a Systematic Literature Review (SLR) to provide a survey of the existing literature on APT defense mechanisms, find research gaps, and recommend future directions. The scope of this SLR covers a detailed analysis of most cybersecurity defense mechanisms and cutting-edge solutions. In this research, 112 papers published from 2011 until 2022 were analyzed. This review has explored different approaches used in cybersecurity and their effectiveness in defending against APT attacks. In a conclusion, we recommended a Situational Awareness (SA) model known as Observe–Orient–Decide–Act (OODA) to provide a comprehensive solution to monitor the device’s behavior for APT mitigation.

show abstract

“…Recently, Murenin et al 55 provided an overview and comparison of the most prominent systems and approaches to design decision‐making systems and their application in heterogeneous distributed information systems, although with very wide conclusions. Emerging issues in this domain seem to be privacy risk management 56 and the use of distributed ledger technologies (e.g., blockchain) that would enable privacy‐preserving countermeasure selection 57…”

Section: Related Workmentioning

confidence: 99%

Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack Graph

Javorník

Husák

2022

Engineering Reports

View full text Add to dashboard Cite

We present an approach to decision support in cybersecurity with respect to cyber threats and stakeholders' requirements. We approach situations in which cybersecurity experts need to take actions to mitigate the risks, such as temporarily putting an IT system out of operation, but need to consult them with other stakeholders. We propose a decision support system that uses a mission decomposition model representing the organization's functional and security requirements on its IT infrastructure. Based on the cybersecurity state assessment, that is, discovery of vulnerabilities and attacker's position, the decision support system calculates the resilience metrics for each IT infrastructure's configuration, that is, how likely are they to not be disrupted. The calculation is enabled by two novel formal models, Privilege-Exploit Attack Graph and Bayesian Privilege Attack Graph, which reduce complex attack graphs into a comprehensible bipartite graph. Moreover, they illustrate the impact of exploiting the vulnerabilities and attackers gaining the privileges. The system recommends the most resilient mission configurations that are comprehensible to both cybersecurity experts and non-technical stakeholders, who may then choose which configuration to apply. Our approach is illustrated in a case study of a real-world medical information system.

show abstract

Automated Cyber and Privacy Risk Management Toolkit

Cited by 18 publications

References 52 publications

A Trusted Platform Module-based, Pre-emptive and Dynamic Asset Discovery Tool

A Trusted Platform Module-based, Pre-emptive and Dynamic Asset Discovery Tool

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack Graph

Contact Info

Product

Resources

About