The Design and Evaluation of a User-Centric Information Security Risk Assessment and Response Framework

Alohali, Manal; Clarke, Nathan; Furnell, Steven

doi:10.14569/ijacsa.2018.091018

Cited by 4 publications

(3 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Juliadotter and Choo [119] 2015 Risk Theoretical Both Otero [120] 2015 Risk Theoretical Defender Solic et al [121] 2015 Risk Theoretical Defender Sugiura et al [122] 2015 Risk Theoretical Defender Wei et al [123] 2015 Risk Theoretical Defender You et al [75] 2015 Security Theoretical Defender Brožová et al [51] 2016 Risk Theoretical Defender Brynielsson et al [124] 2016 Awareness Theoretical Defender Granåsen and Andersson [125] 2016 Resilience Theoretical Defender Orojloo and Azgomi [126] 2016 Risk Theoretical Attacker Aiba and Hiromatsu [127] 2017 Risk Theoretical Defender Damenu and Beaumont [103] 2017 Risk Implementation Defender Ramos et al [41] 2017 Review -Defender Rass et al [52] 2017 Risk Theoretical Defender Alohali et al [128] 2018 Risk Theoretical Defender Li et al [82] 2018 Risk Theoretical Defender Morrison et al [43] 2018 Review -Both Pramod and Bharathi [129] 2018 Risk Theoretical Defender Proença and Borbinha [89] 2018 Maturity Implementation Defender Rueda and Avila [130] 2018 Risk Theoretical Defender Shokouhyar et al [104] 2018 Risk Theoretical Defender Stergiopoulos et al [131] 2018 Risk Theoretical Defender You et al [132] 2018 Maturity Theoretical Defender Akinsanya et al [133] 2019 Maturity Theoretical Defender Bharathi [134] 2019 Risk Theoretical Defender Fertig et al [135] 2019 Awareness Theoretical Defender Husák et al [31] 2019 Review -Defender Salih et al [136] 2019 Risk Theoretical Defender Cadena et al [34] 2020 Review -Defender Wirtz and Heisel [137] 2020 Risk Theoretical Defender Ganin et al [138] 2020 Risk Theoretical Defender Luh et al [90] 2020 Risk Theoretical Both Table A3. The in...…”

Section: Validation Methodsmentioning

confidence: 99%

Respite for SMEs: A Systematic Review of Socio-Technical Cybersecurity Metrics

et al. 2021

View full text Add to dashboard Cite

Cybersecurity threats are on the rise, and small- and medium-sized enterprises (SMEs) struggle to cope with these developments. To combat threats, SMEs must first be willing and able to assess their cybersecurity posture. Cybersecurity risk assessment, generally performed with the help of metrics, provides the basis for an adequate defense. Significant challenges remain, however, especially in the complex socio-technical setting of SMEs. Seemingly basic questions, such as how to aggregate metrics and ensure solution adaptability, are still open to debate. Aggregation and adaptability are vital topics to SMEs, as they require the assimilation of metrics into an actionable advice adapted to their situation and needs. To address these issues, we systematically review socio-technical cybersecurity metric research in this paper. We analyse aggregation and adaptability considerations and investigate how current findings apply to the SME situation. To ensure that we provide valuable insights to researchers and practitioners, we integrate our results in a novel socio-technical cybersecurity framework geared towards the needs of SMEs. Our framework allowed us to determine a glaring need for intuitive, threat-based cybersecurity risk assessment approaches for the least digitally mature SMEs. In the future, we hope our framework will help to offer SMEs some deserved respite by guiding the design of suitable cybersecurity assessment solutions.

show abstract

Section: Validation Methodsmentioning

confidence: 99%

Respite for SMEs: A Systematic Review of Socio-Technical Cybersecurity Metrics

et al. 2021

View full text Add to dashboard Cite

show abstract

“…In a cybersecurity concept, cyber risk is associated with the risk of operational activities in cyberspace, in which the impact can threaten the information systems and assets, the information and communication technology, devices, and peripheral technology resources, and can create damage to the tangible and intangible materials [56]. By managing information security risks, good information security practices in cybersecurity are expected to maintain reliable services by the system [57].…”

Section: A Cybersecurity Risk Assessment In Nuclear Facilitiesmentioning

confidence: 99%

Risk Assessment Methods for Cybersecurity in Nuclear Facilities: Compliance to Regulatory Requirements

Setianingsih¹,

Pulungan²,

Putra³

et al. 2021

IJACSA

View full text Add to dashboard Cite

As strategic infrastructures, nuclear facilities are considered attractive targets for attackers to commit their malicious intention. At the same time, for efficiency, those infrastructures are increasingly implemented, equipped with, and managed by digitally computerized systems. Attackers, therefore, try to realign their attack scenarios through such cyber systems. It is crucial to understand various existing risk assessment methods for cybersecurity in nuclear facilities to prevent such attacks. Risk assessment is designed to study the nature of the originated attack threats and the consequences implied. This paper studies a series of risk assessment methods implemented for security related to cybersecurity of strategic infrastructures, including nuclear facilities. Extended from cybersecurity, the required concepts in nuclear security cover defense-in-depth, synergy of safety and security, and probabilistic safety/risk assessment. Selecting cybersecurity risk assessment methods should integrate these three essential concepts in their evaluation. This paper highlights the suitable and appropriate risk assessment methods that meet security requirements in the nuclear industry as specified in the national and international regulations.

show abstract

“…Also, it should not be forgotten that, with the growing popularity of the Internet and its services, there is an increase in information security threats, such as social engineering, malware, and hacking, of which some users may not be aware [10]. Additionally, while many different security methods, such as intrusion detection systems and antivirus software, are used to protect IT systems from different attacks, the information security threat landscape continues to rapidly evolve and attackers are putting more effort into developing sophisticated and advanced malware and hacking methods [11]. Therefore, it is evident that there is an urgency on the part of companies to take new measures to face the wide variety of forms that cyberattacks are adopting.…”

Section: Introductionmentioning

confidence: 99%

Information Security in the Banking Sector: A Systematic Literature Review on Current Trends, Issues, and Challenges

Ubaldo¹,

Barreto²,

Albines³

et al. 2023

IJSSE

View full text Add to dashboard Cite

In recent years, information security has become a very important aspect, since it creates serious trouble for organizations that do not take it into consideration. In this regard, it was detected that many entities in the banking sector experience multiple problems that are mainly related to the way in which they protect their data, so it is necessary to pay close attention to this issue. For this reason, in this investigation it was decided to carry out a systematic review of the literature, obtaining 2,787 articles through searches in electronic databases. Likewise, the PRISMA method was used, which allowed the identification of 15 relevant articles to form the synthesis of the investigation. In the same way, a bibliometric analysis was carried out, which allowed knowing the gaps in knowledge. Finally, in the conclusions emphasis is placed on several aspects; for example, it is highlighted that cybercriminals constantly attack the banking sector and it is mentioned that all the research questions posed were successfully answered.

show abstract

The Design and Evaluation of a User-Centric Information Security Risk Assessment and Response Framework

Cited by 4 publications

References 43 publications

Respite for SMEs: A Systematic Review of Socio-Technical Cybersecurity Metrics

Respite for SMEs: A Systematic Review of Socio-Technical Cybersecurity Metrics

Risk Assessment Methods for Cybersecurity in Nuclear Facilities: Compliance to Regulatory Requirements

Information Security in the Banking Sector: A Systematic Literature Review on Current Trends, Issues, and Challenges

Contact Info

Product

Resources

About