Projects per year
Abstract
Risk assessment is an essential step for architecting the resilience (safety/security) of a mission critical software-intensive system as well as a regular maintenance procedures. It closely relates to estimating the (cyber) insurance needs of the system. Managing of cyber risk involves gathering threat intelligence, prioritizing the current threats against the system of interest, and planning mitigation strategies. While reliability engineering can rely on a relatively stable set of failure modes and statistical data related to their probabilities of occurrence, security deals with a dynamic threat environment. This reality has dictated the use of qualitative methods (like STRIDE and DREAD), relying on the experience and the specific background of the person performing the study. This subjectivity leads to criticism, since results calculated by different experts for the same system can vary significantly. This challenge has been addressed in the past with a method called DELPHI aiming to reduce subjectivity using a group of experts. The scientific contribution of this paper is the development of the CyberRiskDELPHI, a modified version of original DELPHI method for the identification and prioritization of cyber risks. It is demonstrated over a case study of a 5G tactical bubble covering the communication needs of a critical operation. An early evaluation of the use of a large language model (ChatGPT) in risk identification and prioritization for this case study is also included as a complementary side-activity giving an indication of future developments in the risk assessment domain.
Original language | English |
---|---|
Title of host publication | 43rd Computers and Information in Engineering Conference (CIE) |
Publisher | American Society of Mechanical Engineers (ASME) |
Number of pages | 10 |
Volume | 2 |
ISBN (Electronic) | 978-0-7918-8729-5 |
DOIs | |
Publication status | Published - 21 Nov 2023 |
MoE publication type | A4 Article in a conference publication |
Event | International Design Engineering Technical Conferences: Computers and Information in Engineering Conference - Boston, United States Duration: 20 Aug 2023 → 23 Aug 2023 |
Conference
Conference | International Design Engineering Technical Conferences |
---|---|
Abbreviated title | IDETC/CIE2023 |
Country/Territory | United States |
City | Boston |
Period | 20/08/23 → 23/08/23 |
Keywords
- Risk assessment
- risk management
- Cyber insurance
- Cybersecurity
- DELPHI
- CyberRiskDELPHI
Fingerprint
Dive into the research topics of 'CyberRiskDELPHI: towards objective cyber risk assessment for complex systems'. Together they form a unique fingerprint.Projects
- 1 Finished
-
AI-NET-ANTILLAS: Accellerating digital transformation in Europe by Intelligent NETwork automation - Autonomous end-to-end optimization
Suomalainen, J. (Manager) & Räty, T. (Participant)
1/06/21 → 31/08/24
Project: Business Finland project