Show simple item record

dc.contributor.authorMeland, Per Håkon
dc.contributor.authorNesheim, Dag Atle
dc.contributor.authorBernsmed, Karin
dc.contributor.authorSindre, Guttorm
dc.identifier.citationJournal of Information Security and Applications. 2022, 64, 103050.en_US
dc.description.abstractA proper assessment of potential cyber threats is vital for security decision-making. This becomes an even more challenging task when dealing with new system designs and industry sectors where there is little or no historical data about past security incidents. We have developed a threat likelihood estimation approach that supports risk management under such circumstances. Quantifiable conditions are determined from the environment in which the system will reside and operate, that is the availability of potential threat actors, their opportunities of performing attacks, the required means that are needed for the attack to succeed, and motivation factors. Our research method follows the principles of practice research where both researchers and practitioners have played central roles in a real-life development project for a maritime communication system. We used a qualitative case study for feature-based evaluation of the approach and associated tool template, and to gather evidence on practical aspects such as suitability for purpose, efficiency and drawbacks from five user groups. The results show that representative participants from the cyber security and maritime community gave positive and consistent scores on the features, and regarded time usage, traceability of the threat assessment and the ability to indicate underlying uncertainty to be very appropriate. The approach has been proven useful for this domain and should be applicable to others as well, but the template requires up-front investments in gathering knowledge that is relevant and reusable in additional context situations.en_US
dc.rightsNavngivelse 4.0 Internasjonal*
dc.subjectCyber threatsen_US
dc.subjectEmpirical evaluationen_US
dc.subjectCase studyen_US
dc.subjectMaritime communicationen_US
dc.titleAssessing cyber threats for storyless systemsen_US
dc.typePeer revieweden_US
dc.typeJournal articleen_US
dc.rights.holder© 2021 The Authorsen_US
dc.source.journalJournal of Information Security and Applicationsen_US

Files in this item


This item appears in the following Collection(s)

Show simple item record

Navngivelse 4.0 Internasjonal
Except where otherwise noted, this item's license is described as Navngivelse 4.0 Internasjonal