Nowadays, our society is increasingly becoming economically and socially dependent on the cyberspace. However, the cyberspace is exposed to numerous risks, and there is a constant threat of exploitable vulnerabilities, which could cause significant reputational and economic damages. For addressing these threats, the Italian National Cyber Security Framework was developed to offer an approach to assessing cyber risks into organizations, as well as to help improve the related security through focused investments. Still, this evaluation is not a straightforward endeavour. Using the principles of the Systems Thinking paradigm, this work puts into causal relationships the self-assessment risk-categories by associating them to the various aspects of an organization structure used as a case study (composed of business areas and process). Finally, it presents a systemic causal-effect relationship map capable of evidencing how a change in one or more categories could impact other security-related elements of the company. © 2018 John Wiley & Sons, Ltd.
Towards the Definition of a Dynamic and Systemic Assessment for Cybersecurity Risks / Armenia, S.; Ferreira Franco, E.; Nonino, F.; Spagnoli, E.; Medaglia, C. M.. - In: SYSTEMS RESEARCH AND BEHAVIORAL SCIENCE. - ISSN 1092-7026. - 36:4(2019), pp. 404-423. [10.1002/sres.2556]
Towards the Definition of a Dynamic and Systemic Assessment for Cybersecurity Risks
Armenia S.
;Ferreira Franco E.;Nonino F.;Medaglia C. M.
2019
Abstract
Nowadays, our society is increasingly becoming economically and socially dependent on the cyberspace. However, the cyberspace is exposed to numerous risks, and there is a constant threat of exploitable vulnerabilities, which could cause significant reputational and economic damages. For addressing these threats, the Italian National Cyber Security Framework was developed to offer an approach to assessing cyber risks into organizations, as well as to help improve the related security through focused investments. Still, this evaluation is not a straightforward endeavour. Using the principles of the Systems Thinking paradigm, this work puts into causal relationships the self-assessment risk-categories by associating them to the various aspects of an organization structure used as a case study (composed of business areas and process). Finally, it presents a systemic causal-effect relationship map capable of evidencing how a change in one or more categories could impact other security-related elements of the company. © 2018 John Wiley & Sons, Ltd.File | Dimensione | Formato | |
---|---|---|---|
Armenia_Towards_2019.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
1.66 MB
Formato
Adobe PDF
|
1.66 MB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.