Nicht aus der Schweiz? Besuchen Sie lehmanns.de

Cyber-Risk Management (eBook)

eBook Download: PDF
2015 | 1st ed. 2015
XI, 145 Seiten
Springer International Publishing (Verlag)
978-3-319-23570-7 (ISBN)

Lese- und Medienproben

Cyber-Risk Management - Atle Refsdal, Bjørnar Solhaug, Ketil Stølen
Systemvoraussetzungen
74,89 inkl. MwSt
(CHF 73,15)
Der eBook-Verkauf erfolgt durch die Lehmanns Media GmbH (Berlin) zum Preis in Euro inkl. MwSt.
  • Download sofort lieferbar
  • Zahlungsarten anzeigen

This book provides a brief and general introduction to cybersecurity and cyber-risk assessment. Not limited to a specific approach or technique, its focus is highly pragmatic and is based on established international standards (including ISO 31000) as well as industrial best practices. It explains how cyber-risk assessment should be conducted, which techniques should be used when, what the typical challenges and problems are, and how they should be addressed.

The content is divided into three parts. First, part I provides a conceptual introduction to the topic of risk management in general and to cybersecurity and cyber-risk management in particular. Next, part II presents the main stages of cyber-risk assessment from context establishment to risk treatment and acceptance, each illustrated by a running example. Finally, part III details four important challenges and how to reasonably deal with them in practice: risk measurement, risk scales, uncertainty, and low-frequency risks with high consequence.

The target audience is mainly practitioners and students who are interested in the fundamentals and basic principles and techniques of security risk assessment, as well as lecturers seeking teaching material. The book provides an overview of the cyber-risk assessment process, the tasks involved, and how to complete them in practice.



Atle Refsdal is a senior research scientist at SINTEF ICT in Norway, where he is involved in international as well as national research projects. His research interests include formal specification and analysis, as well as model-based risk analysis. In addition to his academic background he also has several years of industrial experience from the fields of knowledge engineering and industrial automation.

Ketil Stølen has broad experience from basic research as well as applied research. He has led the development of the CORAS method since the very beginning and was the technical manager of the related EU-project. Since then, he has led several research projects funded by the Research Council of Norway which considerably refined and extended the original CORAS approach. A book on the CORAS method supported by a free tool was published in 2011.

Bjørnar Solhaug is a senior research scientist at SINTEF ICT in Norway. His research interests include risk and security management, threat and risk modelling, and formal/semi-formal techniques. He is one of the co-authors of the book on the CORAS approach to model-driven risk analysis (Springer 2011).

Atle Refsdal is a senior research scientist at SINTEF ICT in Norway, where he is involved in international as well as national research projects. His research interests include formal specification and analysis, as well as model-based risk analysis. In addition to his academic background he also has several years of industrial experience from the fields of knowledge engineering and industrial automation.Ketil Stølen has broad experience from basic research as well as applied research. He has led the development of the CORAS method since the very beginning and was the technical manager of the related EU-project. Since then, he has led several research projects funded by the Research Council of Norway which considerably refined and extended the original CORAS approach. A book on the CORAS method supported by a free tool was published in 2011.Bjørnar Solhaug is a senior research scientist at SINTEF ICT in Norway. His research interests include risk and security management, threat and risk modelling, and formal/semi-formal techniques. He is one of the co-authors of the book on the CORAS approach to model-driven risk analysis (Springer 2011).

Preface 6
Contents 8
Acronyms 12
1Introduction 13
1.1 Aim and Emphasis 14
1.2 Policy of Writing and Presentation 14
1.3 Structure and Organization 15
1.3.1 Part I: Conceptual Introduction 15
1.3.2 Part II: Cyber-risk Assessment Exemplified 16
1.3.3 Part III: Known Challenges 16
1.4 Intended Readers and Ways to Read 17
1.5 Relevant Standards 18
Part IConceptual Introduction 19
2Risk Management 20
2.1 What is Risk? 20
2.2 What is Risk Management? 23
2.3 Communication and Consultation 24
2.3.1 Establish a Consultative Team 25
2.3.2 Define a Plan for Communication and Consultation 25
2.3.3 Ensure Endorsement of the Risk Management Process 25
2.3.4 Communicate Risk Assessment Results 26
2.4 Risk Assessment 26
2.4.1 Context Establishment 26
2.4.2 Risk Identification 29
2.4.3 Risk Analysis 31
2.4.4 Risk Evaluation 32
2.4.5 Risk Treatment 32
2.5 Monitoring and Review 33
2.5.1 Monitoring and Review of Risks 34
2.5.2 Monitoring and Review of Risk Management 34
2.6 Further Reading 35
3Cyber-systems 36
3.1 What is a Cyberspace? 36
3.2 What is a Cyber-system? 37
3.3 Further Reading 37
4Cybersecurity 39
4.1 What is Cybersecurity? 39
4.2 How Does Cybersecurity Relate to Information Security? 40
4.3 How Does Cybersecurity Relate to Critical Infrastructure Protection? 40
4.4 How Does Cybersecurity Relate to Safety? 41
4.5 Further Reading 42
5Cyber-risk Management 43
5.1 What is Cyber-risk? 43
5.2 Communication and Consultation of Cyber-risk 44
5.3 Cyber-risk Assessment 45
5.3.1 Context Establishment for Cyber-risk 47
5.3.2 Identification of Malicious Cyber-risk 47
5.3.3 Identification of Non-malicious Cyber-risk 50
5.3.4 Analysis of Cyber-risk 52
5.3.5 Evaluation of Cyber-risk 53
5.3.6 Treatment of Cyber-risk 54
5.4 Monitoring and Review of Cyber-risk 55
5.4.1 Monitoring and Review of Cyber-risk 56
5.4.2 Monitoring and Review of Cyber-risk Management 56
5.5 Further Reading 57
Part IICyber-risk Assessment Exemplified 58
6Context Establishment 59
6.1 Context, Goals, and Objectives 59
6.1.1 External Context 60
6.1.2 Internal Context 60
6.1.3 Goals and Objectives 60
6.2 Target of Assessment 61
6.2.1 Electricity Customer 62
6.2.2 Distribution System Operator 62
6.2.3 Communication Channels Between Components 63
6.3 Interface to Cyberspace and Attack Surface 63
6.4 Scope, Focus, and Assumptions 64
6.4.1 Scope 64
6.4.2 Focus 64
6.4.3 Assumptions 65
6.5 Assets, Scales, and Risk Evaluation Criteria 65
6.5.1 Assets 65
6.5.2 Likelihood Scale 66
6.5.3 Consequence Scales 66
6.5.4 Risk Evaluation Criteria 67
6.6 Further Reading 68
7Risk Identification 69
7.1 Risk Identification Techniques 69
7.2 Malicious Risks 72
7.2.1 Threat Source Identification 73
7.2.2 Threat Identification 74
7.2.3 Vulnerability Identification 76
7.2.4 Incident Identification 78
7.3 Non-malicious Risks 81
7.3.1 Incident Identification 83
7.3.2 Vulnerability Identification 84
7.3.3 Threat Identification 85
7.3.4 Threat Source Identification 87
7.4 Further Reading 88
8Risk Analysis 89
8.1 Threat Analysis 89
8.1.1 Malicious Threats 90
8.1.2 Non-malicious Threats 91
8.2 Vulnerability Analysis 92
8.2.1 Malicious Threat Vulnerabilities 93
8.2.2 Non-malicious Threat Vulnerabilities 93
8.3 Likelihood of Incidents 94
8.4 Consequence of Incidents 96
8.5 Further Reading 97
9Risk Evaluation 98
9.1 Consolidation of Risk Analysis Results 98
9.2 Evaluation of Risk Level 99
9.3 Risk Aggregation 99
9.4 Risk Grouping 102
9.5 Further Reading 103
10Risk Treatment 104
10.1 Risk Treatment Identification 104
10.1.1 Malicious Risks 104
10.1.2 Non-malicious Risks 106
10.2 Risk Acceptance 108
10.3 Further Reading 110
Part III Known Challenges and How to AddressThem in Practice 111
11Which Measure of Risk Level to Use? 112
11.1 Two-factor Measure 112
11.2 Three-factor Measure 113
11.3 Many-factor Measure 114
11.4 Which Measure to Use for Cyber-risk? 115
11.5 Further Reading 115
12What Scales Are Best Suited Under What Conditions? 116
12.1 Classification of Scales 116
12.2 Qualitative Versus Quantitative Risk Assessment 117
12.3 Scales for Likelihood 119
12.4 Scales for Consequence 120
12.5 What Scales to Use for Cyber-risk? 120
12.6 Further Reading 121
13How to Deal with Uncertainty? 122
13.1 Conceptual Clarification 122
13.2 Kinds of Uncertainty 123
13.3 Representing Uncertainty 124
13.4 Reducing Uncertainty 125
13.5 How to Handle Uncertainty for Cyber-risk? 126
13.6 Further Reading 126
14High-consequence Risk with Low Likelihood 127
14.1 Dealing with Black Swans 127
14.2 Identifying Gray Swans 128
14.3 Communicating Gray Swans 129
14.4 Dealing with Gray Swans 130
14.5 Recognizing Gray Swans in Cyberspace 130
14.6 Further Reading 131
15Conclusion 132
15.1 WhatWe Have Put Forward in General 132
15.2 WhatWe Have Put Forward in Particular 133
15.3 WhatWe Have not Covered 134
Glossary 135
References 138
Index 142

Erscheint lt. Verlag 1.10.2015
Reihe/Serie SpringerBriefs in Computer Science
SpringerBriefs in Computer Science
Zusatzinfo XI, 145 p. 32 illus.
Verlagsort Cham
Sprache englisch
Themenwelt Mathematik / Informatik Informatik
Wirtschaft Betriebswirtschaft / Management Logistik / Produktion
Wirtschaft Betriebswirtschaft / Management Wirtschaftsinformatik
Schlagworte application security • ISO 31000 • probability and statistics • Quality Control, Reliability, Safety and Risk • risk analysis • risk managment • software development • Systems Security
ISBN-10 3-319-23570-2 / 3319235702
ISBN-13 978-3-319-23570-7 / 9783319235707
Haben Sie eine Frage zum Produkt?
PDFPDF (Wasserzeichen)
Größe: 2,0 MB

DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasser­zeichen und ist damit für Sie persona­lisiert. Bei einer missbräuch­lichen Weiter­gabe des eBooks an Dritte ist eine Rück­ver­folgung an die Quelle möglich.

Dateiformat: PDF (Portable Document Format)
Mit einem festen Seiten­layout eignet sich die PDF besonders für Fach­bücher mit Spalten, Tabellen und Abbild­ungen. Eine PDF kann auf fast allen Geräten ange­zeigt werden, ist aber für kleine Displays (Smart­phone, eReader) nur einge­schränkt geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.

Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Mehr entdecken
aus dem Bereich
Grundlagen – Use-Cases – unternehmenseigene KI-Journey

von Ralf T. Kreutzer

eBook Download (2023)
Springer Fachmedien Wiesbaden (Verlag)
CHF 41,95