Call for Paper - October 2019 Edition
IJCA solicits original research papers for the October 2019 Edition. Last date of manuscript submission is September 20, 2019. Read More

A Conceptual Framework for the Design of a Nationwide Cyber-Risk Monitoring System

Print
PDF
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2018
Authors:
Ebot Ebot Enaw, Djoursoubo Pagou Prosper
10.5120/ijca2018917849

Ebot Ebot Enaw and Djoursoubo Pagou Prosper. A Conceptual Framework for the Design of a Nationwide Cyber-Risk Monitoring System. International Journal of Computer Applications 181(17):40-47, September 2018. BibTeX

@article{10.5120/ijca2018917849,
	author = {Ebot Ebot Enaw and Djoursoubo Pagou Prosper},
	title = {A Conceptual Framework for the Design of a Nationwide Cyber-Risk Monitoring System},
	journal = {International Journal of Computer Applications},
	issue_date = {September 2018},
	volume = {181},
	number = {17},
	month = {Sep},
	year = {2018},
	issn = {0975-8887},
	pages = {40-47},
	numpages = {8},
	url = {http://www.ijcaonline.org/archives/volume181/number17/29917-2018917849},
	doi = {10.5120/ijca2018917849},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}
}

Abstract

In recent years, our society has become more dependent on the Internet and ICT in almost every domains (finance, health, education, etc.) making it a major driver of economy growth. However, with the wide adoption of ICT and the Internet, new threats have emerged in the cyberspace called cybercrimes which figure among the key risks factors of companies and governments.

However, due to the complexity of the components of those risks, it is very difficult for top management to get an effective assessment of the risk induced by IT. This in turn jeopardizes the allocation of budget to IT and cybersecurity as well as the prioritization of their related initiatives.

In this light, a system for the automation of risk assessment and monitoring is then highly needed.

In an effort to provide governments and private companies especially those of developing countries with an affordable solution for real time monitoring of the risk level incurred by their information system and to get a nationwide insight of cyber risks, an architecture of a system aimed at automating the collection and centralization of cyber-risk factors nationwide is proposed in this paper.

The novelty of this architecture is that it doesn’t only capture the risks related to individual asset vulnerabilities as other frameworks such as CVSS but in addition proposes an XML schema that captures the risks related to asset vulnerabilities and their attack surface as well as the risks related to attack scenario requiring the combination of breaches of several assets.

This article is structured as follows: section 1 introduces the article, section 2 presents some concepts and works related to the topic covered by the article, section 3 states the problem, section 4 specifies the articles contribution to research, section 5 presents the solution and section 6 presents a case study.

References

  1. Yancui Duan, Yonghua Cai, Zhikang Wang, Xinyang Deng. 2018. A novel network security risk assessment approach by combining subjective and objectivve weights under uncertainty in MDPI applied sciences
  2. Thomas Llanso, Martha McNeil. 2018. Estimating Software Vulnerability Counts in the Context of Cyber Risk Assessments in Proceedings of the 51st Hawaii International Conference on System Sciences
  3. P.Dreyer, T.Jones, K.Klima, J.Oberholtzer, Aaron Strong, J.W Welburn, Z.Winkelman. 2018. Estimating the Global Cost of Cyber Risk Methodology and examples in RAND
  4. Sachin Shettya , Michael McShanea , Linfeng Zhangb , Jay P. Kesanb , Charles A. Kamhouac , Kevin Kwiatc and Laurent L. Njilla, 2018. Reducing Informational Disadvantages to Improve Cyber Risk Management in Geneva Papers
  5. Gante Wangen, Andri Shalaginov, Christoffer Hallstensen, Xinyang Deng. 2016. Cyber security risk assessment of a DDoS attack in International Conference on Information Security.
  6. Ebot Ebot Enaw. 2014. A system for collecting security alerts and diffusing customized security bulletins in International Journal of Advanced Computer Technology, volume 3 Issue 2.
  7. Artur Rot, 2008. IT Risk assessment: quantitative and qualitative approach in Proceeding of the world congress on Engineering and Computer science.
  8. Forum of Incident Response Team, “Common Vulnerability Scoring System (CVSS) v3.0" https://www.first.org/cvss/cvss-v30-specification-v1.8.pdf.

Keywords

Risk, vulnerability, attack surface.