Working Paper Article Version 2 This version is not peer-reviewed

Dynamic Real-Time Risk Analytics of Uncontrollable States in Complex Internet of Things Systems: Cyber Risk at the Edge

Version 1 : Received: 8 April 2019 / Approved: 11 April 2019 / Online: 11 April 2019 (05:45:55 CEST)
Version 2 : Received: 24 December 2020 / Approved: 25 December 2020 / Online: 25 December 2020 (11:35:48 CET)

How to cite: Radanliev, P.; De Roure, D.; Van Kleek, M.; Burnap, P.; Anthi, E.; R.C. Nurse, J.; Santos, O.; Mantilla Montalvo, R.; Maddox, L. Dynamic Real-Time Risk Analytics of Uncontrollable States in Complex Internet of Things Systems: Cyber Risk at the Edge. Preprints 2019, 2019040133 Radanliev, P.; De Roure, D.; Van Kleek, M.; Burnap, P.; Anthi, E.; R.C. Nurse, J.; Santos, O.; Mantilla Montalvo, R.; Maddox, L. Dynamic Real-Time Risk Analytics of Uncontrollable States in Complex Internet of Things Systems: Cyber Risk at the Edge. Preprints 2019, 2019040133

Abstract

The Internet-of-Things (IoT) triggers new types of cyber risks. Therefore, the integration of new IoT devices and services requires a self-assessment of IoT cyber security posture. By security posture this article refers to the cybersecurity strength of an organisation to predict, prevent and respond to cyberthreats. At present, there is a gap in the state-of-the-art, because there are no self-assessment methods for quantifying IoT cyber risk posture. To address this gap, an empirical analysis is performed of 12 cyber risk assessment approaches. The results and the main findings from the analysis is presented as the current and a target risk state for IoT systems, followed by conclusions and recommendations on a transformation roadmap, describing how IoT systems can achieve the target state with a new goal-oriented dependency model. By target state, we refer to the cyber security target that matches the generic security requirements of an organisation. The research paper studies and adapts four alternatives for IoT risk assessment and identifies the goal-oriented dependency modelling as a dominant approach among the risk assessment models studied. The new goal-oriented dependency model in this article enables the assessment of uncontrollable risk states in complex IoT systems and can be used for a quantitative self-assessment of IoT cyber risk posture.

Subject Areas

functional dependency; network-based linear dependency modelling; internet of things; micro mort model; goal-oriented approach; transformation roadmap; cyber risk regulations; empirical analysis; cyber risk self-assessment; cyber risk target state.

Comments (1)

Comment 1
Received: 25 December 2020
Commenter: Petar Radanliev
Commenter's Conflict of Interests: Author
Comment: Revised text and references, edited chapter structure and title.
+ Respond to this comment

We encourage comments and feedback from a broad range of readers. See criteria for comments and our diversity statement.

Leave a public comment
Send a private comment to the author(s)
Views 0
Downloads 0
Comments 1
Metrics 0


×
Alerts
Notify me about updates to this article or when a peer-reviewed version is published.
We use cookies on our website to ensure you get the best experience.
Read more about our cookies here.