Survey and Guidelines about Learning Cyber Security Risk Assessment
Christophe Ponsard, Philippe Massonet
2022
Abstract
Risk assessment is a key part of all cyber security frameworks, standards and related certification schemes. It is a complex process involving both the business domain to assess impact and the technical domain to measure feasibility. It requires to produce a realistic risk matrix based on qualitative information and then to decide about measures aligned with relevant standards. Getting experienced in this area is a difficult learning process with many possible pitfalls. In this paper, we report about our lessons learned based on a controlled experiment of 26 risk analyses across different domains including some operators of essential services. We also provide some methodological recommendations for efficient tool support, including model-based.
DownloadPaper Citation
in Harvard Style
Ponsard C. and Massonet P. (2022). Survey and Guidelines about Learning Cyber Security Risk Assessment. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-553-1, pages 536-543. DOI: 10.5220/0010900800003120
in Bibtex Style
@conference{icissp22,
author={Christophe Ponsard and Philippe Massonet},
title={Survey and Guidelines about Learning Cyber Security Risk Assessment},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2022},
pages={536-543},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010900800003120},
isbn={978-989-758-553-1},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Survey and Guidelines about Learning Cyber Security Risk Assessment
SN - 978-989-758-553-1
AU - Ponsard C.
AU - Massonet P.
PY - 2022
SP - 536
EP - 543
DO - 10.5220/0010900800003120