Skip navigation

Automated cyber and privacy risk management toolkit

Automated cyber and privacy risk management toolkit

González-Granadillo, Gustavo, Menesidou, Sofia Anna, Papamartzivanos, Dimitrios, Romeu, Ramon, Navarro-Llobet, Diana, Okoh, Caxton, Nifakos, Sokratis, Xenakis, Christos and Panaousis, Emmanouil ORCID: 0000-0001-7306-4062 (2021) Automated cyber and privacy risk management toolkit. Sensors, 21 (16):5493. ISSN 1424-8220 (doi:https://doi.org/10.3390/s21165493)

[img]
Preview
PDF (Open Access Article)
33600 PANAOUSIS_Automated_Cyber_And_Privacy_Risk_Management_Toolkit_(OA)_2021.pdf - Published Version
Available under License Creative Commons Attribution.

Download (3MB) | Preview

Abstract

Addressing cyber and privacy risks has never been more critical for organisations. While a number of risk assessment methodologies and software tools are available, it is most often the case that one must, at least, integrate them into a holistic approach that combines several appropriate risk sources as input to risk mitigation tools. In addition, cyber risk assessment primarily investigates cyber risks as the consequence of vulnerabilities and threats that threaten assets of the investigated infrastructure. In fact, cyber risk assessment is decoupled from privacy impact assessment, which aims to detect privacy-specific threats and assess the degree of compliance with data protection legislation. Furthermore, a Privacy Impact Assessment (PIA) is conducted in a proactive manner during the design phase of a system, combining processing activities and their inter-dependencies with assets, vulnerabilities, real-time threats and Personally Identifiable Information (PII) that may occur during the dynamic life-cycle of systems. In this paper, we propose a cyber and privacy risk management toolkit, called AMBIENT (AutoMated cyBer and prIvacy risk managEmeNt Toolkit) that addresses the above challenges by implementing and integrating three distinct software tools. AMBIENT not only assesses cyber and privacy risks in a thorough and automated manner but it also offers decision-support capabilities, to recommend optimal safeguards using the well-known repository of the Center for Internet Security (CIS) Controls. To the best of our knowledge, AMBIENT is the first toolkit, in the academic literature, that brings together the aforementioned capabilities. To demonstrate its use, we have created a case scenario based on information about cyber attacks we have received from a healthcare organisation, as a reference sector that faces critical cyber and privacy threats.

Item Type: Article
Uncontrolled Keywords: healthcare, cyber risk, assessment, management
Subjects: H Social Sciences > HD Industries. Land use. Labor > HD61 Risk Management
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Q Science > QA Mathematics > QA76 Computer software
Faculty / School / Research Centre / Research Group: Faculty of Liberal Arts & Sciences
Faculty of Liberal Arts & Sciences > Internet of Things and Security (ISEC)
Faculty of Liberal Arts & Sciences > School of Computing & Mathematical Sciences (CAM)
Last Modified: 16 Sep 2021 13:40
Selected for GREAT 2016: None
Selected for GREAT 2017: None
Selected for GREAT 2018: None
Selected for GREAT 2019: None
Selected for REF2021: None
URI: http://gala.gre.ac.uk/id/eprint/33600

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics