scispace - formally typeset
Journal ArticleDOI

Risk and the Five Hard Problems of Cybersecurity.

Natalie M. Scala, +3 more
- 29 Mar 2019 - 
- Vol. 39, Iss: 10, pp 2119-2126
TLDR
This perspectives article addresses risk in cyber defense and identifies opportunities to incorporate risk analysis principles into the cybersecurity field and proposes approaches to address these objectives.
Abstract
This perspectives article addresses risk in cyber defense and identifies opportunities to incorporate risk analysis principles into the cybersecurity field. The Science of Security (SoS) initiative at the National Security Agency seeks to further and promote interdisciplinary research in cybersecurity. SoS organizes its research into the Five Hard Problems (5HP): (1) scalability and composability; (2) policy-governed secure collaboration; (3) security-metrics-driven evaluation, design, development, and deployment; (4) resilient architectures; and (5) understanding and accounting for human behavior. However, a vast majority of the research sponsored by SoS does not consider risk and when it does so, only implicitly. Therefore, we identify opportunities for risk analysis in each hard problem and propose approaches to address these objectives. Such collaborations between risk and cybersecurity researchers will enable growth and insight in both fields, as risk analysts may apply existing methodology in a new realm, while the cybersecurity community benefits from accepted practices for describing, quantifying, working with, and mitigating risk.

read more

Citations
More filters
Journal ArticleDOI

Cyber risk management: History and future research directions

Michael K. McShane, +2 more
- 01 Mar 2021 - 
Journal ArticleDOI

Leveraging human factors in cybersecurity: an integrated methodological approach

Alessandro Pollini, +6 more
- 11 Jun 2021 - 
TL;DR: In this paper, a holistic/human factors (HF) approach is presented, where the individual, organisational and technological factors are investigated in pilot healthcare organizations to show how HF vulnerabilities may impact on cybersecurity risks.
Journal ArticleDOI

Towards the Design of a Collaborative Cybersecurity Networked Organisation: Identification and Prioritisation of Governance Needs and Objectives

Todor Tagarev
- 01 Jan 2020 - 
TL;DR: The study aimed to identify and prioritise network governance issues and group them in four tiers, indicative of the respective priority level, to inform and orient the development of alternative models for governance of a cybersecurity network and a set of criteria for their evaluation.
Journal ArticleDOI

Risk management for cyber-infrastructure protection: A bi-objective integer programming approach

Adam Schmidt, +2 more
- 01 Jan 2021 - 
TL;DR: The value of the stochastic model is demonstrated when a relatively high number of attacks are desired to be secured past a risk threshold and the deterministic solution provides near optimal solutions otherwise.
Journal ArticleDOI

A Cyber-Physical Risk Assessment Approach for Internet of Things Enabled Transportation Infrastructure

K. Ntafloukas, +2 more
- 15 Sep 2022 - 
TL;DR: A new risk assessment approach for cyber-physical attacks against IoT based wireless sensor network is proposed that relies on the identification and proposal of novel cyber- physical characteristics, in the aspect of threat source, vulnerability, vulnerability and types of physical impacts.
References
More filters
Journal ArticleDOI

The geographies of community disaster resilience

Susan L. Cutter, +2 more
- 01 Nov 2014 - 
TL;DR: The Baseline Resilience Indicators for Communities (BRIC) as discussed by the authors measure the inherent resilience of counties in the United States according to six different domains or capitals as identified in the extant literature: social, economic, housing and infrastructure, institutional, community, and environmental.
Journal ArticleDOI

Household energy use: Applying behavioural economics to understand consumer decision-making and behaviour

Elisha R. Frederiks, +2 more
- 01 Jan 2015 - 
TL;DR: In this paper, the key cognitive biases and motivational factors that may explain why energy-related behavior so often fails to align with either the personal values or material interests of consumers are explored.
Journal ArticleDOI

Four concepts for resilience and the implications for the future of resilience engineering

David D. Woods
- 01 Sep 2015 - 
TL;DR: The different technical approaches to the question of what is resilience and how to engineer it in complex adaptive systems are organized around four basic concepts.
Journal ArticleDOI

Evacuation from Natural Disasters: A Systematic Review of the Literature

Rebecca R. Thompson, +2 more
- 01 Apr 2017 - 
TL;DR: Risk perception was a consistent positive predictor of evacuation, as were several demographic indicators, prior evacuation behavior, and having an evacuation plan.
ReportDOI

A Critical Analysis of Vulnerability Taxonomies

Matt Bishop, +1 more
TL;DR: Computer vulnerabilities seem to be omnipresent; in every system fielded programming errors configuration errors and operation errors have allowed unauthorized users to enter systems or authorized users to take unauthorized actions.
Related Papers (5)

A dynamic simulation approach to support the evaluation of cyber risks and security investments in SMEs

Stefano Armenia, +4 more

Cybersecurity Leadership: Competencies, Governance, and Technologies for Industrial Control Systems

Jean-Pierre Auffret, +9 more
- 05 Apr 2017 - 

Securing Canada's Information-Technology Infrastructure: Context, Principles, and Focus Areas of Cybersecurity Research

Dan Craigen, +2 more
- 24 Jul 2013 - 

A systemic framework for addressing cybersecurity in construction

Žiga Turk, +5 more
- 01 Jan 2022 - 

Metrics for Measuring the Efficacy of Critical-Infrastructure-Centric Cybersecurity Information Sharing Efforts

Matthew H. Fleming, +1 more
- 15 Nov 2012 -