EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Yet another cybersecurity risk assessment framework
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.ORCID iD: 0000-0003-0478-9347
Show others and affiliations
2023 (English)In: International Journal of Information Security, ISSN 1615-5262, E-ISSN 1615-5270, no 22, p. 1713-1729Article in journal (Refereed) Published
Abstract [en]

IT systems pervade our society more and more, and we become heavily dependent on them. At the same time, these systems are increasingly targeted in cyberattacks, making us vulnerable. Enterprise and cybersecurity responsibles face the problem of defining techniques that raise the level of security. They need to decide which mechanism provides the most efficient defense with limited resources. Basically, the risks need to be assessed to determine the best cost-to-benefit ratio. One way to achieve this is through threat modeling; however, threat modeling is not commonly used in the enterprise IT risk domain. Furthermore, the existing threat modeling methods have shortcomings. This paper introduces a metamodel-based approach named Yet Another Cybersecurity Risk Assessment Framework (Yacraf). Yacraf aims to enable comprehensive risk assessment for organizations with more decision support. The paper includes a risk calculation formalization and also an example showing how an organization can use and benefit from Yacraf.
Place, publisher, year, edition, pages
2023. no 22, p. 1713-1729
Keywords [en]
Threat modeling, Enterprise IT risk, Risk assessment, Attack tree
National Category
Information Systems
Research subject
Computer and Systems Sciences
Identifiers
URN: urn:nbn:se:su:diva-219255DOI: 10.1007/s10207-023-00713-yISI: 001027329600001Scopus ID: 2-s2.0-85164669184OAI: oai:DiVA.org:su-219255DiVA, id: diva2:1783260
Available from: 2023-07-19 Created: 2023-07-19 Last updated: 2023-10-06Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Hacks, Simon

Search in DiVA

By author/editor
Hacks, Simon
By organisation
Department of Computer and Systems Sciences
In the same journal
International Journal of Information Security
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 159 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
Stockholm University Library
|
DiVA portal
|
DiVA Contact
|
DiVA Log in