Cyber-Risks in the Industrial Internet of Things (IIoT): Towards a Method for Continuous Assessment
Autor: | Carolina Adaros Boye, Paul Kearney, Mark B. Josephs |
---|---|
Rok vydání: | 2018 |
Předmět: |
Risk analysis
Computer science Best practice 020208 electrical & electronic engineering Continuous monitoring Context (language use) 02 engineering and technology Industrial control system Security controls Continuous assessment Risk analysis (engineering) 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing Risk assessment |
Zdroj: | Developments in Language Theory ISBN: 9783319986531 ISC |
DOI: | 10.1007/978-3-319-99136-8_27 |
Popis: | Continuous risk monitoring is considered in the context of cybersecurity management for the Industrial Internet-of-Thing. Cyber-risk management best practice is for security controls to be deployed and configured in order to bring down risk exposure to an acceptable level. However, threats and known vulnerabilities are subject to change, and estimates of risk are subject to many uncertainties, so it is important to review risk assessments and update controls when required. Risks are typically reviewed periodically (e.g. once per month), but the accelerating pace of change means that this approach is not sustainable, and there is a requirement for continuous monitoring of cybersecurity risks. The method described in this paper aims to alert security staff of significant changes or trends in estimated risk exposure to facilitate rational and timely decisions. Additionally, it helps predict the success and impact of a nascent security breach allowing better prioritisation of threats and selection of appropriate responses. The method is illustrated using a scenario based on environmental control in a data centre. |
Databáze: | OpenAIRE |
Externí odkaz: |