01590nas a2200229 4500000000100000008004100001260000900042653002800051653002600079653001800105653001000123653001700133653002300150653002200173100001800195700002500213700002100238245005900259300001000318490000700328520102500335 2020 d c202010aCritical Infrastructure10acyber risk assessment10aCybersecurity10aE-MAF10aECHO project10aessential services10ainterdependencies1 aTodor Tagarev1 aSalvatore Pappalardo1 aNikolai Stoianov00aA Logical Model for Multi-Sector Cyber Risk Management a13-260 v473 a
The increasing reliance on digital infrastructures makes whole sectors of the economy and public services vulnerable to attacks through cyberspace. Some progress has been made in understanding vulnerabilities and ways of reducing cyber risk at the sub-sectoral level. While the sectoral level remains a significant challenge, this study goes beyond, also addressing cyber risk resulting from the cross- and multi-sectoral interdependencies in a consistent logical model. The paper presents the scope of this logical model, outlines the problem of risk assessment, structured around the triplet “Threats – Vulnerabilities – Impact,” and the structuring of risk mitigation around types of risk reduction measures, the objective of decision-making on risk treatment, and the modalities of application. We provide examples of the implementation of the logical model, underlying the ECHO Multi-sector Assessment Framework, and conclude by emphasising the advantages the logical model and the framework provide.