Version 1
: Received: 8 April 2019 / Approved: 11 April 2019 / Online: 11 April 2019 (05:45:55 CEST)
Version 2
: Received: 24 December 2020 / Approved: 25 December 2020 / Online: 25 December 2020 (11:35:48 CET)
How to cite:
Radanliev, P.; Charles De Roure, D.; R.C. Nurse, J.; Burnap, P.; Anthi, E.; Uchenna, A.; Maddox, L.; Santos, O.; Mantilla Montalvo, R. Cyber Risk Management for the Internet of Things. Preprints2019, 2019040133. https://doi.org/10.20944/preprints201904.0133.v1
Radanliev, P.; Charles De Roure, D.; R.C. Nurse, J.; Burnap, P.; Anthi, E.; Uchenna, A.; Maddox, L.; Santos, O.; Mantilla Montalvo, R. Cyber Risk Management for the Internet of Things. Preprints 2019, 2019040133. https://doi.org/10.20944/preprints201904.0133.v1
Radanliev, P.; Charles De Roure, D.; R.C. Nurse, J.; Burnap, P.; Anthi, E.; Uchenna, A.; Maddox, L.; Santos, O.; Mantilla Montalvo, R. Cyber Risk Management for the Internet of Things. Preprints2019, 2019040133. https://doi.org/10.20944/preprints201904.0133.v1
APA Style
Radanliev, P., Charles De Roure, D., R.C. Nurse, J., Burnap, P., Anthi, E., Uchenna, A., Maddox, L., Santos, O., & Mantilla Montalvo, R. (2019). Cyber Risk Management for the Internet of Things. Preprints. https://doi.org/10.20944/preprints201904.0133.v1
Chicago/Turabian Style
Radanliev, P., Omar Santos and Rafael Mantilla Montalvo. 2019 "Cyber Risk Management for the Internet of Things" Preprints. https://doi.org/10.20944/preprints201904.0133.v1
Abstract
The Internet-of-Things (IoT) enables enterprises to obtain profits from data but triggers data protection questions and new types of cyber risk. Cyber risk regulations for the IoT however do not exist. The IoT risk is not included in the cyber security assessment standards, hence, often not visible to cyber security experts. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. The outcome of such self-assessment need to define a current and target state, prior to creating a transformation roadmap outlining tasks to achieve the stated target state. In this article, a comparative empirical analysis is performed of multiple cyber risk assessment approaches, to define a high-level potential target state for company integrating IoT devices and/or services. Defining a high-level potential target state represent is followed by a high-level transformation roadmap, describing how company can achieve their target state, based on their current state. The transformation roadmap is used to adapt IoT risk impact assessment with a Goal-Oriented Approach and the Internet of Things Micro Mart model. The main contributions from this paper represent a transformation roadmap for standardisation of IoT risk impact assessment; and transformation design imperatives describing how IoT companies can achieve their target state based on their current state with a Goal-Oriented approach. Verified by epistemological analysis defining a unified cyber risk assessment approach. These can be used for calculating the economic impact of cyber risk; for international cyber risk assessment approach; for quantifying cyber risk; and for planning for impact of cyber-attacks, e.g. cyber insurance. The new methods presented in this paper for applying the roadmap include: IoT Risk Analysis through Functional Dependency; Network-based Linear Dependency Modelling; IoT risk impact assessment with a Goal-Oriented Approach; and a correlation between the Goal-Oriented Approach and the IoTMM model.
Keywords
functional dependency; network-based linear dependency modelling; Internet of Things; Micro Mart model; goal-oriented approach; transformation roadmap; cyber risk regulations; empirical analysis; cyber risk self-assessment; cyber risk target state
Subject
Engineering, Industrial and Manufacturing Engineering
Copyright:
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
,
,
,
,
,
,
,
,
