City Research Online

Abstract

A cyber risk assessment is a process of identifying, analysing, and managing potential risks to an organisation’s information assets. Its goal is to detect vulnerabilities and threats, assess their potential impact, and develop a plan to mitigate or eliminate risks. To conduct the assessment, the organisation’s current cyber security measures and practices are thoroughly reviewed to identify weaknesses and areas for improvement. The results are then used to develop a comprehensive cyber security strategy that safeguards against known and potential risks.

Despite the existence of several risk assessment techniques and tools, they may not adequately anticipate and protect against cyber threats. With attackers becoming increasingly sophisticated, they are constantly devising new tactics and techniques to breach an organisation’s defences. Security professionals may find it challenging to stay ahead of the curve and ensure the security of their systems. Furthermore, even the most advanced cyber security measures can be ineffective if implemented incorrectly. For instance, employees not trained to use security systems or systems not regularly updated and maintained can be vulnerable to attacks. The rapid pace of technological change can also make it difficult for organisations to keep up with the latest security developments and trends, creating new vulnerabilities and potential points of attack. Furthermore, to ensure a comprehensive assessment of an organisation’s cyber risks, it is crucial for risk assessment tools to be able to combine information from multiple sources, including network logs, vulnerability scans, threat intelligence feeds, and employee activity reports. If these tools cannot integrate data from various sources, they may overlook critical risks, leading to incomplete or inaccurate assessments that expose organisations to cyber attacks. Thus, despite the availability of powerful tools and techniques for cyber risk assessment, it is essential to address the limitations and challenges to safeguarding an organisation’s information assets.

The focus of this thesis is CRISES, a query-type language that enables the definition of custom risk detection models to evaluate multiple risk assessments in a pipelined manner. Additionally, CRISES allows for hybrid analysis, which combines different types of assessments to provide a comprehensive evaluation. With CRISES, users can (a) create standalone or hybrid risk detection models for various assessment types, (b) execute these models using the proposed implementation, and (c) leverage the results to evaluate the security status of the cyber system. In addition, CRISES provides impact analysis capabilities in both economic and technical terms, allowing organisations to estimate the potential cost of an attack and evaluate the potential risks or challenges associated with particular courses of action. This is made possible through the use of the proposed underlying model, which facilitates a comprehensive definition of the asset inventory by taking into account several critical factors, including the interdependencies between the assets. By adopting CRISES, organisations can significantly enhance their incident response capabilities, minimise downtime, and mitigate potential cybersecurity threats. Furthermore, the comprehensive insights provided by CRISES can be utilised by cybersecurity analysts and administrators to develop robust countermeasures against future cyber-attacks.

Publication Type:	Thesis (Doctoral)
Subjects:	Q Science > QA Mathematics > QA76 Computer software
Departments:	School of Science & Technology > Computer Science School of Science & Technology > School of Science & Technology Doctoral Theses Doctoral Theses

Export

Downloads