From ICT Framework Compliance to Quantitative Risk Assessment: An Example of Methodology using Risk Scenarios | |
---|---|
Author | |
Abstract |
Cybersecurity is largely based on the use of frameworks (ISO27k, NIST, etc.) which main objective is compliance with the standard. They do not, however, address the quantification of the risk deriving from a threat scenario. This paper proposes a methodology that, having evaluated the overall capability of the controls of an ISO27001 framework, allows to select those that mitigate a threat scenario and evaluate the risk according to a Cybersecurity Risk Quantification model. |
Year of Publication |
2023
|
Date Published |
oct
|
URL |
https://ieeexplore.ieee.org/document/10330350
|
DOI |
10.23919/AEIT60520.2023.10330350
|
Google Scholar | BibTeX | DOI |