Countermeasures and their taxonomies for risk treatment in cybersecurity: A systematic mapping review

Sánchez-García, Isaac Daniel; Feliú, Tomás San; Calvo-Manzano, José A.

doi:10.1016/j.cose.2023.103170

Cited by 6 publications

(1 citation statement)

References 56 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…By implementing the risk management principles outlined in ISO 31000, organizations can enhance their risk management effectiveness and efficiency, bolstering their credibility and reputation among stakeholders. Compliance with the ISO 31000 standard also aids organizations in meeting the legal and regulatory requirements concerning risk management applicable in their region [30,31].…”

Section: Risk Management Principlesmentioning

confidence: 99%

Risk Management Analysis of SMK Telkom Makassar's Integrated Academic Information System in Compliance with ISO 31000 Standards

Sahibu,

Sakti,

Iskandar

2024

ISI

View full text Add to dashboard Cite

This investigation seeks to analyze the security risks associated with the Integrated Academic Information System (iGracias) application at SMK Telkom Makassar, using the ISO 31000 standards as a benchmark. The study employs the ISO 31000:2018 Information Technology Risk Management methodology, encompassing stages of risk identification, risk analysis, risk evaluation, and risk treatment. This methodology enables the researchers to ascertain that risks have been accurately identified, thoroughly analyzed, and appropriately mitigated, minimizing their potential impact on the organization. The findings reveal security issues in the iGracias application at SMK Telkom Makassar, identified through scanning with NMAP Kali Linux, which exposed several open ports, including port 21/tcp, port 22/tcp, and port 25/tcp. Consequently, these open ports present potential opportunities for unauthorized access and cyber-attacks. Moreover, the Mobile Security Framework (MobSF) test results yielded a Common Vulnerability Scoring System (CVSS) of 6.1, indicating a medium security level for the iGracias application in the Android environment. User responses revealed process risk at 84%, system security risk at 62%, and incidental risk at 57%. The outcomes of this investigation may serve as a guide in formulating and implementing strategies to uphold the security and quality of the applications in use.

show abstract

Section: Risk Management Principlesmentioning

confidence: 99%

Risk Management Analysis of SMK Telkom Makassar's Integrated Academic Information System in Compliance with ISO 31000 Standards

Sahibu,

Sakti,

Iskandar

2024

ISI

View full text Add to dashboard Cite

show abstract

CRAG: A Guideline to Perform a Cybersecurity Risk Audits

Sánchez-García,

Gilabert,

Calvo-Manzano

2023

Communications in Computer and Information Science

View full text Add to dashboard Cite

The threat of ransomware in the food supply chain: a challenge for food defence

Manning,

Kowalska

2023

Trends Organ Crim

View full text Add to dashboard Cite

In the food industry, the level of awareness of the need for food defence strategies has accelerated in recent years, in particular, mitigating the threat of ransomware. During the Covid-19 pandemic there were a number of high-profile organised food defence attacks on the food industry using ransomware, leading to imperative questions over the extent of the sector’s vulnerability to cyber-attack. This paper explores food defence through the lens of contemporary ransomware attacks in order to frame the need for an effective ransomware defence strategy at organisational and industry level. Food defence strategies have historically focused on extortion and sabotage as threats, but often in terms of physical rather than cyber-related attacks. The globalisation, digitalisation and integration of food supply chains can increase the level of vulnerability to ransomware. Ransomware is an example of an organised food defence threat that can operationalise both extortion and sabotage, but the perpetrators are remote, non-visible and often anonymous. Organisations need to adopt an effective food defence strategy that reduces the risk of a ransomware attack and can enable targeted and swift action in the event an incident occurs. Further collaboration between government and the private sector is needed for the development of effective governance structures addressing the risk of ransomware attacks. The novelty of this article lies in analysing the issue of ransomware attacks from the perspective of the food sector and food defence strategy. This study is of potential interest to academics, policy makers and those working in the industry.

show abstract

Countermeasures and their taxonomies for risk treatment in cybersecurity: A systematic mapping review

Cited by 6 publications

References 56 publications

Risk Management Analysis of SMK Telkom Makassar's Integrated Academic Information System in Compliance with ISO 31000 Standards

Risk Management Analysis of SMK Telkom Makassar's Integrated Academic Information System in Compliance with ISO 31000 Standards

CRAG: A Guideline to Perform a Cybersecurity Risk Audits

The threat of ransomware in the food supply chain: a challenge for food defence

Contact Info

Product

Resources

About