Managing cyber security in an organization involves allocating the protection budget across a spectrum of possible options. This requires assessing the benefits and the costs of these options. The risk analyses presented here are statistical when relevant data are available, and system-based for high-consequence events that have not happened yet. This article presents, first, a general probabilistic risk analysis framework for cyber security in an organization to be specified. It then describes three examples of forward-looking analyses motivated by recent cyber attacks. The first one is the statistical analysis of an actual database, extended at the upper end of the loss distribution by a Bayesian analysis of possible, high-consequence attack scenarios that may happen in the future. The second is a systems analysis of cyber risks for a smart, connected electric grid, showing that there is an optimal level of connectivity. The third is an analysis of sequential decisions to upgrade the software of an existing cyber security system or to adopt a new one to stay ahead of adversaries trying to find their way in. The results are distributions of losses to cyber attacks, with and without some considered countermeasures in support of risk management decisions based both on past data and anticipated incidents.
Download full-text PDF |
Source |
|---|---|
| http://dx.doi.org/10.1111/risa.12844 | DOI Listing |
Publication Analysis
Top Keywords
Similar Publications
Energy-Efficient and Trust-Based Autonomous Underwater Vehicle Scheme for 6G-Enabled Internet of Underwater Things.
Sensors (Basel)
January 2025
Institute of Intelligent Manufacturing Technology, Shenzhen Polytechnic University, Shenzhen 518000, China.
This paper introduces a novel energy-efficient lightweight, void hole avoidance, localization, and trust-based scheme, termed as Energy-Efficient and Trust-based Autonomous Underwater Vehicle (EETAUV) protocol designed for 6G-enabled underwater acoustic sensor networks (UASNs). The proposed scheme addresses key challenges in UASNs, such as energy consumption, network stability, and data security. It integrates a trust management framework that enhances communication security through node identification and verification mechanisms utilizing normal and phantom nodes.
View Article and Find Full Text PDFCANGuard: An Enhanced Approach to the Detection of Anomalies in CAN-Enabled Vehicles.
Sensors (Basel)
January 2025
Department of Computer Science, College of Charleston, Charleston, SC 29424, USA.
As modern vehicles continue to evolve, advanced technologies are integrated to enhance the driving experience. A key enabler of this advancement is the Controller Area Network (CAN) bus, which facilitates seamless communication between vehicle components. Despite its widespread adoption, the CAN bus was not designed with security as a priority, making it vulnerable to various attacks.
View Article and Find Full Text PDFParallelized Field-Programmable Gate Array Data Processing for High-Throughput Pulsed-Radar Systems.
Sensors (Basel)
January 2025
Computer-Aided Design and Test (CADT) Research Group, McMaster University, Hamilton, ON L8S 4L8, Canada.
A parallelized field-programmable gate array (FPGA) architecture is proposed to realize an ultra-fast, compact, and low-cost dual-channel ultra-wideband (UWB) pulsed-radar system. This approach resolves the main shortcoming of current FPGA-based radars, namely their low processing throughput, which leads to a significant loss of data provided by the radar receiver. The architecture is integrated with an in-house UWB pulsed radar operating at a sampling rate of 20 gigasamples per second (GSa/s).
View Article and Find Full Text PDFSecurity Evaluation of Provably Secure ECC-Based Anonymous Authentication and Key Agreement Scheme for IoT.
Sensors (Basel)
January 2025
School of Electronic and Electrical Engineering, Kyungpook National University, Daegu 41566, Republic of Korea.
The proliferation of the Internet of Things (IoT) has worsened the challenge of maintaining data and user privacy. IoT end devices, often deployed in unsupervised environments and connected to open networks, are susceptible to physical tampering and various other security attacks. Thus, robust, efficient authentication and key agreement (AKA) protocols are essential to protect data privacy during exchanges between end devices and servers.
View Article and Find Full Text PDFA Scalable Approach to Internet of Things and Industrial Internet of Things Security: Evaluating Adaptive Self-Adjusting Memory K-Nearest Neighbor for Zero-Day Attack Detection.
Sensors (Basel)
January 2025
African Centre of Excellence for Internet of Things, University of Rwanda, Kigali P.O. Box 4285, Rwanda.
The Internet of Things (IoT) and Industrial Internet of Things (IIoT) have drastically transformed industries by enhancing efficiency and flexibility but have also introduced substantial cybersecurity risks. The rise of zero-day attacks, which exploit unknown vulnerabilities, poses significant threats to these interconnected systems. Traditional signature-based intrusion detection systems (IDSs) are insufficient for detecting such attacks due to their reliance on pre-defined attack signatures.
View Article and Find Full Text PDFWant AI Summaries of new PubMed Abstracts delivered to your In-box?
Enter search terms and have AI summaries delivered each week - change queries or unsubscribe any time!