TY - JOUR KW - Critical Infrastructure KW - cyber risk assessment KW - Cybersecurity KW - E-MAF KW - ECHO project KW - essential services KW - interdependencies AU - Todor Tagarev AU - Salvatore Pappalardo AU - Nikolai Stoianov AB -
The increasing reliance on digital infrastructures makes whole sectors of the economy and public services vulnerable to attacks through cyberspace. Some progress has been made in understanding vulnerabilities and ways of reducing cyber risk at the sub-sectoral level. While the sectoral level remains a significant challenge, this study goes beyond, also addressing cyber risk resulting from the cross- and multi-sectoral interdependencies in a consistent logical model. The paper presents the scope of this logical model, outlines the problem of risk assessment, structured around the triplet “Threats – Vulnerabilities – Impact,” and the structuring of risk mitigation around types of risk reduction measures, the objective of decision-making on risk treatment, and the modalities of application. We provide examples of the implementation of the logical model, underlying the ECHO Multi-sector Assessment Framework, and conclude by emphasising the advantages the logical model and the framework provide.
BT - Information & Security: An International Journal DA - 2020 DO - https://doi.org/10.11610/isij.4701 IS - 1 N2 -The increasing reliance on digital infrastructures makes whole sectors of the economy and public services vulnerable to attacks through cyberspace. Some progress has been made in understanding vulnerabilities and ways of reducing cyber risk at the sub-sectoral level. While the sectoral level remains a significant challenge, this study goes beyond, also addressing cyber risk resulting from the cross- and multi-sectoral interdependencies in a consistent logical model. The paper presents the scope of this logical model, outlines the problem of risk assessment, structured around the triplet “Threats – Vulnerabilities – Impact,” and the structuring of risk mitigation around types of risk reduction measures, the objective of decision-making on risk treatment, and the modalities of application. We provide examples of the implementation of the logical model, underlying the ECHO Multi-sector Assessment Framework, and conclude by emphasising the advantages the logical model and the framework provide.
PY - 2020 SE - 13 SP - 13 EP - 26 T2 - Information & Security: An International Journal TI - A Logical Model for Multi-Sector Cyber Risk Management VL - 47 ER -