From ICT Framework Compliance to Quantitative Risk Assessment: An Example of Methodology using Risk Scenarios
Author
Abstract

Cybersecurity is largely based on the use of frameworks (ISO27k, NIST, etc.) which main objective is compliance with the standard. They do not, however, address the quantification of the risk deriving from a threat scenario. This paper proposes a methodology that, having evaluated the overall capability of the controls of an ISO27001 framework, allows to select those that mitigate a threat scenario and evaluate the risk according to a Cybersecurity Risk Quantification model.

Year of Publication
2023
Date Published
oct
URL
https://ieeexplore.ieee.org/document/10330350
DOI
10.23919/AEIT60520.2023.10330350
Google Scholar | BibTeX | DOI