An Integrated Approach to Cyber Risk Management with Cyber Threat Intelligence Framework to Secure Critical Infrastructure-Reference-Cited by-同舟云学术

An Integrated Approach to Cyber Risk Management with Cyber Threat Intelligence Framework to Secure Critical Infrastructure

Published:2024-06-09 Issue:2 Volume:4 Page:357-381
ISSN:2624-800X
Container-title:Journal of Cybersecurity and Privacy
language:en
Short-container-title:JCP

Author:

El Amin Habib¹²³,Samhat Abed Ellatif²^ORCID,Chamoun Maroun¹,Oueidat Lina²,Feghali Antoine³

Affiliation:

1. CIMTI, Faculty of Engineering, University of Saint Joseph, Beirut 1104, Lebanon

2. Centre de Recherche Scientifique en Ingénierie (CRSI), Faculty of Engineering, Lebanese University, Hadath 1533, Lebanon

3. Potech Labs, P.O.TECH, Beirut 1107, Lebanon

Abstract

Emerging cyber threats’ sophistication, impact, and complexity rapidly evolve, confronting organizations with demanding challenges. This severe escalation requires a deeper understanding of adversary dynamics to develop enhanced defensive strategies and capabilities. Cyber threat actors’ advanced techniques necessitate a proactive approach to managing organizations’ risks and safeguarding cyberspace. Cyber risk management is one of the most efficient measures to anticipate cyber threats. However, it often relies on organizations’ contexts and overlooks adversaries, their motives, capabilities, and tactics. A new cyber risk management framework incorporating emergent information about the dynamic threat landscape is needed to overcome these limitations and bridge the knowledge gap between adversaries and security practitioners. Such information is the product of a cyber threat intelligence process that proactively delivers knowledge about cyber threats to inform decision-making and strengthen defenses. In this paper, we overview risk management and threat intelligence frameworks. Then, we highlight the necessity of integrating cyber threat intelligence and assessment in cyber risk management. After that, we propose a novel risk management framework with integrated threat intelligence on top of EBIOS Risk Manager. Finally, we apply the proposed framework in the scope of a national telecommunications organization.

Publisher

MDPI AG

Link

https://www.mdpi.com/2624-800X/4/2/18/pdf

Reference55 articles.

1. IBM (2024, May 31). Cost of a Data Breach Report 2023. Available online: https://www.ibm.com/security/digital-assets/cost-data-breach-report/.

2. The nature of losses from cyber-related events: Risk categories and business sectors;Shevchenko;J. Cybersecur.,2023

3. How can organizations develop situation awareness for incident response: A case study of management practice;Ahmad;Comput. Secur.,2021

4. Verizon (2024, May 31). 2024 Data Breach Investigations Report. Available online: https://enterprise.verizon.com/resources/reports/dbir/.

5. Gartner (2024, May 31). Forecast: Information Security and Risk Management, Worldwide, 2021–2027, 2Q23 Update. Available online: https://www.gartner.com/en/documents/4488199.