当前位置:
X-MOL 学术
›
EURASIP J. Info. Secur.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
IoT cyber risk: a holistic analysis of cyber risk assessment frameworks, risk vectors, and risk ranking process
EURASIP Journal on Information Security ( IF 2.5 ) Pub Date : 2020-05-26 , DOI: 10.1186/s13635-020-00111-0 Kamalanathan Kandasamy , Sethuraman Srinivas , Krishnashree Achuthan , Venkat P. Rangan
EURASIP Journal on Information Security ( IF 2.5 ) Pub Date : 2020-05-26 , DOI: 10.1186/s13635-020-00111-0 Kamalanathan Kandasamy , Sethuraman Srinivas , Krishnashree Achuthan , Venkat P. Rangan
Security vulnerabilities of the modern Internet of Things (IoT) systems are unique, mainly due to the complexity and heterogeneity of the technology and data. The risks born out of these IoT systems cannot easily fit into an existing risk framework. There are many cybersecurity risk assessment approaches and frameworks that are under deployment in many governmental and commercial organizations. Extending these existing frameworks to IoT systems alone will not address the new risks that have arisen in the IoT ecosystem. This study has included a review of existing popular cyber risk assessment methodologies and their suitability to IoT systems. National Institute of Standards and Technology, Operationally Critical Threat, Asset, and Vulnerability Evaluation, Threat Assessment & Remediation Analysis, and International Standards Organization are the four main frameworks critically analyzed in this research study. IoT risks are presented and reviewed in terms of the IoT risk category and impacted industries. IoT systems in financial technology and healthcare are dealt with in detail, given their high-risk exposure. Risk vectors for IoT and the Internet of Medical Things (IoMT) are discussed in this study. A unique risk ranking method to rank and quantify IoT risk is introduced in this study. This ranking method initiates a risk assessment approach exclusively for IoT systems by quantifying IoT risk vectors, leading to effective risk mitigation strategies and techniques. A unique computational approach to calculate the cyber risk for IoT systems with IoT-specific impact factors has been designed and explained in the context of IoMT systems.
中文翻译:
物联网网络风险:对网络风险评估框架,风险向量和风险排名流程的整体分析
现代物联网(IoT)系统的安全漏洞是独特的,主要是由于技术和数据的复杂性和异构性。这些物联网系统产生的风险无法轻易地融入现有的风险框架。许多政府和商业组织都在部署许多网络安全风险评估方法和框架。仅将这些现有框架扩展到物联网系统将无法解决物联网生态系统中出现的新风险。这项研究包括对现有流行的网络风险评估方法及其对物联网系统的适用性的综述。美国国家标准技术研究院,操作关键威胁,资产和漏洞评估,威胁评估与补救分析,国际标准组织(International Standards Organization)和国际标准组织(International Standards Organization)是本研究中严格分析的四个主要框架。物联网风险根据物联网风险类别和受影响的行业进行介绍和审查。考虑到它们面临的高风险,将详细讨论金融技术和医疗保健中的物联网系统。这项研究讨论了物联网和医疗物联网(IoMT)的风险向量。这项研究引入了一种独特的风险分级方法来对物联网风险进行分级和量化。这种排名方法通过量化IoT风险向量来启动专门针对IoT系统的风险评估方法,从而产生有效的风险缓解策略和技术。在IoMT系统的背景下,已经设计并解释了一种独特的计算方法,用于计算具有IoT特定影响因素的IoT系统的网络风险。
更新日期:2020-05-26
中文翻译:
物联网网络风险:对网络风险评估框架,风险向量和风险排名流程的整体分析
现代物联网(IoT)系统的安全漏洞是独特的,主要是由于技术和数据的复杂性和异构性。这些物联网系统产生的风险无法轻易地融入现有的风险框架。许多政府和商业组织都在部署许多网络安全风险评估方法和框架。仅将这些现有框架扩展到物联网系统将无法解决物联网生态系统中出现的新风险。这项研究包括对现有流行的网络风险评估方法及其对物联网系统的适用性的综述。美国国家标准技术研究院,操作关键威胁,资产和漏洞评估,威胁评估与补救分析,国际标准组织(International Standards Organization)和国际标准组织(International Standards Organization)是本研究中严格分析的四个主要框架。物联网风险根据物联网风险类别和受影响的行业进行介绍和审查。考虑到它们面临的高风险,将详细讨论金融技术和医疗保健中的物联网系统。这项研究讨论了物联网和医疗物联网(IoMT)的风险向量。这项研究引入了一种独特的风险分级方法来对物联网风险进行分级和量化。这种排名方法通过量化IoT风险向量来启动专门针对IoT系统的风险评估方法,从而产生有效的风险缓解策略和技术。在IoMT系统的背景下,已经设计并解释了一种独特的计算方法,用于计算具有IoT特定影响因素的IoT系统的网络风险。
京公网安备 11010802027423号