Cyber-risks in the Industrial Internet of Things (IIoT): towards a method for continuous assessment.
Adaros Boye, Carolina and Kearney, Paul and Josephs, Mark (2018) Cyber-risks in the Industrial Internet of Things (IIoT): towards a method for continuous assessment. In: 21st Information Security Conference ISC 2018, 9 to 12 September, 2018, Guildford.
|
Text
Cyber-risks_in_the_Industrial_Internet_of_Things_a_method_for_continuous_assessment.pdf Download (479kB) |
Abstract
Continuous risk monitoring is considered in the context of
cybersecurity management for the Industrial Internet-of-Thing. Cyber risk management best practice is for security controls to be deployed and configured in order to bring down risk exposure to an acceptable level. However, threats and known vulnerabilities are subject to change, and estimates of risk are subject to many uncertainties, so it is important to review risk assessments and update controls when required. Risks are typically reviewed periodically (e.g. once per month), but the accelerating
pace of change means that this approach is not sustainable, and there is a requirement for continuous monitoring of cybersecurity risks.
The method described in this paper aims to alert security staff of significant changes or trends in estimated risk exposure to facilitate rational and timely decisions. Additionally, it helps predict the success and impact
of a nascent security breach allowing better prioritisation of threats and selection of appropriate responses. The method is illustrated using a scenario based on environmental control in a data centre.
| Item Type: | Conference or Workshop Item (Paper) | ||||||
|---|---|---|---|---|---|---|---|
| Additional Information: | ISBN: 9783319991368 | ||||||
| Dates: |
|
||||||
| Uncontrolled Keywords: | Internet of Things Industrial IoT Industrial Control Systems Cyber-security Control systems Risk analysis | ||||||
| Subjects: | CAH11 - computing > CAH11-01 - computing > CAH11-01-01 - computer science | ||||||
| Divisions: | Faculty of Computing, Engineering and the Built Environment Faculty of Computing, Engineering and the Built Environment > School of Computing and Digital Technology |
||||||
| Depositing User: | Carolina Adaros Boye | ||||||
| Date Deposited: | 24 Jul 2018 14:05 | ||||||
| Last Modified: | 22 Mar 2023 12:01 | ||||||
| URI: | https://www.open-access.bcu.ac.uk/id/eprint/6157 |
Actions (login required)
 |
View Item |
Tools
Tools