Cyber-Risks in the Industrial Internet of Things (IIoT): Towards a Method for Continuous Assessment

Autor: Carolina Adaros Boye, Paul Kearney, Mark B. Josephs
Rok vydání: 2018
Předmět:
Zdroj: Developments in Language Theory ISBN: 9783319986531
ISC
DOI: 10.1007/978-3-319-99136-8_27
Popis: Continuous risk monitoring is considered in the context of cybersecurity management for the Industrial Internet-of-Thing. Cyber-risk management best practice is for security controls to be deployed and configured in order to bring down risk exposure to an acceptable level. However, threats and known vulnerabilities are subject to change, and estimates of risk are subject to many uncertainties, so it is important to review risk assessments and update controls when required. Risks are typically reviewed periodically (e.g. once per month), but the accelerating pace of change means that this approach is not sustainable, and there is a requirement for continuous monitoring of cybersecurity risks. The method described in this paper aims to alert security staff of significant changes or trends in estimated risk exposure to facilitate rational and timely decisions. Additionally, it helps predict the success and impact of a nascent security breach allowing better prioritisation of threats and selection of appropriate responses. The method is illustrated using a scenario based on environmental control in a data centre.
Databáze: OpenAIRE