Anglia Ruskin Research Online (ARRO)
Browse

An integrated cyber security risk management framework and risk predication for the critical infrastructure protection

Download (1.51 MB)
journal contribution
posted on 2023-08-30, 19:33 authored by Halima I. Kure, Shareeful Islam, Haralambos Mouratidis
Cyber security risk management plays an important role for today’s businesses due to the rapidly changing threat landscape and the existence of evolving sophisticated cyber attacks. It is necessary for organisations, of any size, but in particular those that are associated with a critical infrastructure, to understand the risks, so that suitable controls can be taken for the overall business continuity and critical service delivery. There are a number of works that aim to develop systematic processes for risk assessment and management. However, the existing works have limited input from threat intelligence properties and evolving attack trends, resulting in limited contextual information related to cyber security risks. This creates a challenge, especially in the context of critical infrastructures, since attacks have evolved from technical to socio-technical and protecting against them requires such contextual information. This research proposes a novel integrated cyber security risk management (i-CSRM) framework that responds to that challenge by supporting systematic identification of critical assets through the use of a decision support mechanism built on fuzzy set theory, by predicting risk types through machine learning techniques, and by assessing the effectiveness of existing controls. The framework is composed of a language, a process, and it is supported by an automated tool. The paper also reports on the evaluation of our work to a real case study of a critical infrastructure. The results reveal that using the fuzzy set theory in assessing assets' criticality, our work supports stakeholders towards an effective risk management by assessing each asset's criticality. Furthermore, the results have demonstrated the machine learning classifiers’ exemplary performance to predict different risk types including denial of service, cyber espionage and crimeware.

History

Refereed

  • Yes

Volume

0

Issue number

0

Page range

0

Publication title

Neural Computing and Applications

ISSN

1433-3058

Publisher

Springer

File version

  • Accepted version

Language

  • eng

Legacy posted date

2022-02-04

Legacy creation date

2022-02-04

Legacy Faculty/School/Department

Faculty of Science & Engineering

Usage metrics

    ARU Outputs

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC