Vis enkel innførsel

dc.contributor.authorMeland, Per Håkon
dc.contributor.authorNesheim, Dag Atle
dc.contributor.authorBernsmed, Karin
dc.contributor.authorSindre, Guttorm
dc.date.accessioned2022-08-17T14:25:48Z
dc.date.available2022-08-17T14:25:48Z
dc.date.created2021-11-09T13:37:35Z
dc.date.issued2021
dc.identifier.citationJournal of Information Security and Applications. 2022, 64, 103050.en_US
dc.identifier.issn2214-2134
dc.identifier.urihttps://hdl.handle.net/11250/3012379
dc.description.abstractA proper assessment of potential cyber threats is vital for security decision-making. This becomes an even more challenging task when dealing with new system designs and industry sectors where there is little or no historical data about past security incidents. We have developed a threat likelihood estimation approach that supports risk management under such circumstances. Quantifiable conditions are determined from the environment in which the system will reside and operate, that is the availability of potential threat actors, their opportunities of performing attacks, the required means that are needed for the attack to succeed, and motivation factors. Our research method follows the principles of practice research where both researchers and practitioners have played central roles in a real-life development project for a maritime communication system. We used a qualitative case study for feature-based evaluation of the approach and associated tool template, and to gather evidence on practical aspects such as suitability for purpose, efficiency and drawbacks from five user groups. The results show that representative participants from the cyber security and maritime community gave positive and consistent scores on the features, and regarded time usage, traceability of the threat assessment and the ability to indicate underlying uncertainty to be very appropriate. The approach has been proven useful for this domain and should be applicable to others as well, but the template requires up-front investments in gathering knowledge that is relevant and reusable in additional context situations.en_US
dc.language.isoengen_US
dc.publisherElsevieren_US
dc.rightsNavngivelse 4.0 Internasjonal*
dc.rights.urihttp://creativecommons.org/licenses/by/4.0/deed.no*
dc.subjectCyber threatsen_US
dc.subjectDecision-makingen_US
dc.subjectEstimationen_US
dc.subjectEmpirical evaluationen_US
dc.subjectCase studyen_US
dc.subjectMaritime communicationen_US
dc.titleAssessing cyber threats for storyless systemsen_US
dc.typePeer revieweden_US
dc.typeJournal articleen_US
dc.description.versionpublishedVersionen_US
dc.rights.holder© 2021 The Authorsen_US
dc.source.volume64en_US
dc.source.journalJournal of Information Security and Applicationsen_US
dc.identifier.doi10.1016/j.jisa.2021.103050
dc.identifier.cristin1952792
dc.source.articlenumber103050en_US
cristin.ispublishedtrue
cristin.fulltextoriginal
cristin.qualitycode1


Tilhørende fil(er)

Thumbnail

Denne innførselen finnes i følgende samling(er)

Vis enkel innførsel

Navngivelse 4.0 Internasjonal
Med mindre annet er angitt, så er denne innførselen lisensiert som Navngivelse 4.0 Internasjonal