Risk Assessment Method for Insider Threats in Cyber Security: A Review

Hashim, Nurul Akmal; Abidin, Zaheera Zainal; Puvanasvaran, A. P.; Zakaria, Nurul Azma; Ahmad, Rabiah

doi:10.14569/ijacsa.2018.091119

Cited by 9 publications

(3 citation statements)

References 18 publications

(15 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The capability of the adversaries determines the severity level of the impact after attacks. The adversaries can consist of terrorists, criminals, extremists or demonstrators, outsider agents, and insider agents [18], [64], [44], [65], [66], with their respective capacity and capability based on their financial and technical assets. The better the capacity of the adversaries to execute the attack, the more significant is the probability of the attack succeeding.…”

Section: H Discussionmentioning

confidence: 99%

“…This method focuses on the lack of cybersecurity procedures that may lead to cybersecurity incidents originated from unintentional actions. Meanwhile, the possibility of cyberattacks involving insider threats also exists [2], [44]. A typical case of applying this method is the modernization of digital control, including I&C, which is unavoidable anymore in the nuclear industry.…”

Section: H Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Risk Assessment Methods for Cybersecurity in Nuclear Facilities: Compliance to Regulatory Requirements

Setianingsih¹,

Pulungan²,

Putra³

et al. 2021

IJACSA

View full text Add to dashboard Cite

As strategic infrastructures, nuclear facilities are considered attractive targets for attackers to commit their malicious intention. At the same time, for efficiency, those infrastructures are increasingly implemented, equipped with, and managed by digitally computerized systems. Attackers, therefore, try to realign their attack scenarios through such cyber systems. It is crucial to understand various existing risk assessment methods for cybersecurity in nuclear facilities to prevent such attacks. Risk assessment is designed to study the nature of the originated attack threats and the consequences implied. This paper studies a series of risk assessment methods implemented for security related to cybersecurity of strategic infrastructures, including nuclear facilities. Extended from cybersecurity, the required concepts in nuclear security cover defense-in-depth, synergy of safety and security, and probabilistic safety/risk assessment. Selecting cybersecurity risk assessment methods should integrate these three essential concepts in their evaluation. This paper highlights the suitable and appropriate risk assessment methods that meet security requirements in the nuclear industry as specified in the national and international regulations.

show abstract

Section: H Discussionmentioning

confidence: 99%

Section: H Discussionmentioning

confidence: 99%

Risk Assessment Methods for Cybersecurity in Nuclear Facilities: Compliance to Regulatory Requirements

Setianingsih¹,

Pulungan²,

Putra³

et al. 2021

IJACSA

View full text Add to dashboard Cite

show abstract

“…As for the NIST method, the risk assessment process is refined into nine steps. Each step has a clear goal and all the possible approaches to accomplish the goal, which alleviates the bias brought by merely depending on participants' or security evaluator's knowledge [16].…”

Section: A Cybersecurity Risk Assessment Frameworkmentioning

confidence: 99%

Cybersecurity Risk Assessment: Modeling Factors Associated with Higher Education Institutions

Ganesen¹,

Bakar²,

Ramli³

et al. 2022

IJACSA

View full text Add to dashboard Cite

Most universities rely heavily on Information Technology (IT) to process their information and support their vision and mission. This rapid advancement in internet technology leads to increased cyberattacks in Higher Education Institutions (HEIs). To secure their infrastructure from cyberattacks, they must implement the best cybersecurity risk management approach, which involves technological and education-based solutions, to safeguard their environment. However, the main challenges in existing cybersecurity risk management approaches are limited knowledge of how organizations can determine or minimize the significance of risks. As a result, this research seeks to advance understanding to establish a risk assessment model for universities to measure and evaluate the risk in HEIs. The proposed model is based on theoretical aspects that we organized as follows: First, we review the existing cybersecurity frameworks to identify the suitability and limitation of each model. Next, we review current works on cybersecurity risk assessment in HEIs to evaluate the proposed risk assessment approaches, scope and steps. Based on the information gathered, we developed a risk assessment model. Finally, we conclude the study with directions for future research. The result presented from this study may give an insig1ht for HEIs staff to analyze what is to be assessed, how to measure the severity of the risk, and determine the level of risk acceptance, improving their decision-making on risk management.

show abstract

CORAS Model for Security Risk Assessment in Advanced Metering Infrastructure Systems

Shokry

Awad

Abd-Ellah

et al. 2022

Proceedings of the 8th International Conference on Advanced Intelligent Systems and Informatics 2022

View full text Add to dashboard Cite

Risk Assessment Method for Insider Threats in Cyber Security: A Review

Cited by 9 publications

References 18 publications

Risk Assessment Methods for Cybersecurity in Nuclear Facilities: Compliance to Regulatory Requirements

Risk Assessment Methods for Cybersecurity in Nuclear Facilities: Compliance to Regulatory Requirements

Cybersecurity Risk Assessment: Modeling Factors Associated with Higher Education Institutions

CORAS Model for Security Risk Assessment in Advanced Metering Infrastructure Systems

Contact Info

Product

Resources

About