ICT Risk Management Report 2022
VerifiedAdded on 2022/10/13
|13
|3149
|10
AI Summary
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: ICT RISK MANAGEMENT
ICT Risk Management
Name of the Student
Name of the University
Author’s Note:
ICT Risk Management
Name of the Student
Name of the University
Author’s Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
ICT RISK MANAGEMENT
Executive Summary
The main aim of this report is knowing about information risk management after
consideration of one case scenario. The IT security risks and threats, as well as the strategies
for risk management have eventually become one of the most top priorities for the digital
organizations. As a result, a proper plan for risk management incrementally involves the
major procedures of the companies to identify or control threats to the digitalized assets, like
proprietary corporate information, intellectual properties and even personally identifiable
information. A program for cyber risk management eventually prioritizes all the identified
threats by considering the likelihood of occurrence and making all the coordinated efforts in
minimizing, monitoring or controlling the effects of the risks. Information technology
governance defines these cyber risks as the events, which could lead to subsequent data
breaches, operation disruption, reputational damages and financial losses that are being
caused by the failure of technological processes and systems. The report has demonstrated an
effective security plan and training and awareness program for the employees.
ICT RISK MANAGEMENT
Executive Summary
The main aim of this report is knowing about information risk management after
consideration of one case scenario. The IT security risks and threats, as well as the strategies
for risk management have eventually become one of the most top priorities for the digital
organizations. As a result, a proper plan for risk management incrementally involves the
major procedures of the companies to identify or control threats to the digitalized assets, like
proprietary corporate information, intellectual properties and even personally identifiable
information. A program for cyber risk management eventually prioritizes all the identified
threats by considering the likelihood of occurrence and making all the coordinated efforts in
minimizing, monitoring or controlling the effects of the risks. Information technology
governance defines these cyber risks as the events, which could lead to subsequent data
breaches, operation disruption, reputational damages and financial losses that are being
caused by the failure of technological processes and systems. The report has demonstrated an
effective security plan and training and awareness program for the employees.
2
ICT RISK MANAGEMENT
Table of Contents
1. Introduction............................................................................................................................3
2. Discussion..............................................................................................................................3
2.1 Brief Description of Given Case Scenario.......................................................................3
2.2 Identifying and Describing Organizational Holding at Threat........................................4
2.3 Identifying and Describing every Potential Security Risk to the Company....................5
2.4 Designing a proper Security Plan after considering Details related to Effective Counter
Measures to manage and address the Threats........................................................................7
2.5 Developing an Information Security Training as well as Awareness Programs for Staff
................................................................................................................................................9
3. Conclusion..............................................................................................................................9
References................................................................................................................................11
ICT RISK MANAGEMENT
Table of Contents
1. Introduction............................................................................................................................3
2. Discussion..............................................................................................................................3
2.1 Brief Description of Given Case Scenario.......................................................................3
2.2 Identifying and Describing Organizational Holding at Threat........................................4
2.3 Identifying and Describing every Potential Security Risk to the Company....................5
2.4 Designing a proper Security Plan after considering Details related to Effective Counter
Measures to manage and address the Threats........................................................................7
2.5 Developing an Information Security Training as well as Awareness Programs for Staff
................................................................................................................................................9
3. Conclusion..............................................................................................................................9
References................................................................................................................................11
3
ICT RISK MANAGEMENT
1. Introduction
Risk management is the significant procedure for successful identification, assessment
and management of risks, associated to organizational earning and capital. These risks can
stem from the broad range of sources, such as legal liabilities, accidents, errors in strategic
management and financial uncertainty (Biener, Eling and Wirfs 2015). Regulatory
compliance should be expanded for scrutinizing organizational risk management plans and
policies. It is needed to ensure that such risk management plan is being effective for
maintenance of cyber security. An organization has decided to implement a training as well
as awareness programme for their employees so that effect of cyber threats are reduced. This
report will demonstrate about a security plan and different mitigation strategies for reducing
effects of these cyber threats.
2. Discussion
2.1 Brief Description of Given Case Scenario
The management of a business organization has appointed a new head in their
existing security team to protect the respective informational holdings in the business. More
than one thousand employees are working in this organization and they have placed the
business in a separate multi-storeyed building, located in a central city. This particular
security team is responsible for protecting their informational holdings from any type of risk
or threat. They would also have to manage information security on top priority. This
particular security team has also found that some of the major areas like BCP, DR plan and
incident response plan are extremely weak, in comparison to the type of data, they are
dealing. Furthermore, there exists subsequent chance for social engineering attacks, security
of passwords and also lacking an employee awareness program for notifying those regarding
threats and vulnerabilities for data and assets.
ICT RISK MANAGEMENT
1. Introduction
Risk management is the significant procedure for successful identification, assessment
and management of risks, associated to organizational earning and capital. These risks can
stem from the broad range of sources, such as legal liabilities, accidents, errors in strategic
management and financial uncertainty (Biener, Eling and Wirfs 2015). Regulatory
compliance should be expanded for scrutinizing organizational risk management plans and
policies. It is needed to ensure that such risk management plan is being effective for
maintenance of cyber security. An organization has decided to implement a training as well
as awareness programme for their employees so that effect of cyber threats are reduced. This
report will demonstrate about a security plan and different mitigation strategies for reducing
effects of these cyber threats.
2. Discussion
2.1 Brief Description of Given Case Scenario
The management of a business organization has appointed a new head in their
existing security team to protect the respective informational holdings in the business. More
than one thousand employees are working in this organization and they have placed the
business in a separate multi-storeyed building, located in a central city. This particular
security team is responsible for protecting their informational holdings from any type of risk
or threat. They would also have to manage information security on top priority. This
particular security team has also found that some of the major areas like BCP, DR plan and
incident response plan are extremely weak, in comparison to the type of data, they are
dealing. Furthermore, there exists subsequent chance for social engineering attacks, security
of passwords and also lacking an employee awareness program for notifying those regarding
threats and vulnerabilities for data and assets.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4
ICT RISK MANAGEMENT
2.2 Identifying and Describing Organizational Holding at Threat
The business organization comprises of more than one thousand staffs and they have
even ensured that the technical systems are extremely effective and efficient for successful
maintenance of database (Refsdal, Solhaug and Støle 2015). The organization has also
emphasized on the security of document management and are getting better services from
their information technology team. In spite of the fact that the database and other technical
systems are quite efficient, several risks and threats associated to cyber security and privacy
in their organizational holdings. In present situation, their new security team has identified
the weakness areas related to IR plans, BCP and DR plan. Proper security measures are not
undertaken in these areas and the threats and risks are prevailing within the situation and
these distinctive threats are required to be treated to ensure organizational holdings are
absolutely safe and secured (Eling and Schnell 2016).
There are some of the major as well as the most significant methodologies that are
extremely effective in identification of organizational holding at risk and these methodologies
should be implemented by the respective organization to ensure security and privacy in the
most effective manner. The first as well as one of the most significant methodology for this
purpose would be considering regular or at least periodical feedback from the employees at
different levels. More than one thousand employees are present and it is extremely important
for the entire security group to learn, whether the staffs are facing any kind of issue or
problem in their work related to security (Cherdantseva et al. 2016). They should report such
activity to their immediate boss or other stakeholders and thus the issue could be highlighted.
Another effective and efficient methodology by which the risks and threats in
organizational holdings could be found out would be conducting subsequent internal as well
as external researches. The internal research can be conducted only by security team head to
find out about the weak areas, which required to be emphasized and even comprises of
ICT RISK MANAGEMENT
2.2 Identifying and Describing Organizational Holding at Threat
The business organization comprises of more than one thousand staffs and they have
even ensured that the technical systems are extremely effective and efficient for successful
maintenance of database (Refsdal, Solhaug and Støle 2015). The organization has also
emphasized on the security of document management and are getting better services from
their information technology team. In spite of the fact that the database and other technical
systems are quite efficient, several risks and threats associated to cyber security and privacy
in their organizational holdings. In present situation, their new security team has identified
the weakness areas related to IR plans, BCP and DR plan. Proper security measures are not
undertaken in these areas and the threats and risks are prevailing within the situation and
these distinctive threats are required to be treated to ensure organizational holdings are
absolutely safe and secured (Eling and Schnell 2016).
There are some of the major as well as the most significant methodologies that are
extremely effective in identification of organizational holding at risk and these methodologies
should be implemented by the respective organization to ensure security and privacy in the
most effective manner. The first as well as one of the most significant methodology for this
purpose would be considering regular or at least periodical feedback from the employees at
different levels. More than one thousand employees are present and it is extremely important
for the entire security group to learn, whether the staffs are facing any kind of issue or
problem in their work related to security (Cherdantseva et al. 2016). They should report such
activity to their immediate boss or other stakeholders and thus the issue could be highlighted.
Another effective and efficient methodology by which the risks and threats in
organizational holdings could be found out would be conducting subsequent internal as well
as external researches. The internal research can be conducted only by security team head to
find out about the weak areas, which required to be emphasized and even comprises of
5
ICT RISK MANAGEMENT
subsequent scope for improvement, such as IR plans, BCP and DR plan (Kopp, Kaffenberger
and Jenkinson 2017). Similarly, external research is required to identify the unique trends in a
specific industry regarding recognition of risks and vulnerabilities for the respective
organizational holdings.
2.3 Identifying and Describing every Potential Security Risk to the Company
The business organization comprises of the major scope for improving their security
and privacy plan and also successful identification of every significant and potential security
threats and risks for this specific organization. The major risks are described in the following
paragraphs:
a) Trojan Horses: This is the first as well as the most significant risk or threat, which
could be extremely vulnerable for the business organization (Biener, Eling and Wirfs 2018).
In this specific risk, the victim is being tricked by the attacker in inviting in a safe and
secured area. As soon as the user gets into the safe site, a malware is being held that tricks the
user in execution of the illegal program. However, the user considers it as a legal program.
b) Ransomware Attacks: The second distinct and important type of attack is
ransomware attack. This type of malware, which is eventually designed to block total
accessibility of computer systems only by demanding money gets paid to hacker. Such
attacks have become common in recent days and the company may face similar situation.
They would not be able to deal with these issues, if precautions are not undertaken.
c) Phishing Attacks: The next type of issue that is being faced in any organization
would be phishing attack (Ruan 2017). Such attacks are fraudulent attempts to obtain
confidential information like passwords or usernames after disguising as the most efficient
and trustworthy entity, only before user not getting any type of idea regarding such fraudulent
attempt. Such phishing attacks are majorly conducted by electronic mails.
ICT RISK MANAGEMENT
subsequent scope for improvement, such as IR plans, BCP and DR plan (Kopp, Kaffenberger
and Jenkinson 2017). Similarly, external research is required to identify the unique trends in a
specific industry regarding recognition of risks and vulnerabilities for the respective
organizational holdings.
2.3 Identifying and Describing every Potential Security Risk to the Company
The business organization comprises of the major scope for improving their security
and privacy plan and also successful identification of every significant and potential security
threats and risks for this specific organization. The major risks are described in the following
paragraphs:
a) Trojan Horses: This is the first as well as the most significant risk or threat, which
could be extremely vulnerable for the business organization (Biener, Eling and Wirfs 2018).
In this specific risk, the victim is being tricked by the attacker in inviting in a safe and
secured area. As soon as the user gets into the safe site, a malware is being held that tricks the
user in execution of the illegal program. However, the user considers it as a legal program.
b) Ransomware Attacks: The second distinct and important type of attack is
ransomware attack. This type of malware, which is eventually designed to block total
accessibility of computer systems only by demanding money gets paid to hacker. Such
attacks have become common in recent days and the company may face similar situation.
They would not be able to deal with these issues, if precautions are not undertaken.
c) Phishing Attacks: The next type of issue that is being faced in any organization
would be phishing attack (Ruan 2017). Such attacks are fraudulent attempts to obtain
confidential information like passwords or usernames after disguising as the most efficient
and trustworthy entity, only before user not getting any type of idea regarding such fraudulent
attempt. Such phishing attacks are majorly conducted by electronic mails.
6
ICT RISK MANAGEMENT
d) Rootkit Attacks: The fourth distinct and noteworthy type of cyber threat would be
rootkit attacks. These are certain programs that is responsible for providing subsequent threat
actors and remote access to effectively manage their total computerized system. The business
organization, would not be getting any type of ideology as BCP is extremely weak in their
business. As a result, the data could be completely lost without any prior notice.
e) Distributed Denial of Service Attacks: This kind of vulnerability is considered as
one of the major and the most significant issue, in which the attacks eventually makes the
entire computerized system absolutely unavailable for victims and then denies the respective
services, after overloading their services with extremely higher network traffic (Bailey 2014).
These attacks should be eradicated on time and proper security measures are needed to be
undertaken.
f) Computer Viruses: Another distinctive and popular type of security issue that often
becomes quite vulnerable for the security or privacy system or data. Computer viruses are
software pieces that are prepared by hackers to spread from one system to another system.
Such distinct viruses are even sent as attachments over electronic mails and are also copied
from different websites, so that the computer system could get infected and the user would
not get any idea about such vulnerability.
g) Rogue based Security Software: The seventh significant potential security risk for
this business organization would be rogue based security software. The hackers have
developed this type of software to mislead the respective users into believing that computer
viruses are not deployed in the system (Radanliev et al. 2018). Moreover, security measures
are absolutely ineffective in this purpose.
ICT RISK MANAGEMENT
d) Rootkit Attacks: The fourth distinct and noteworthy type of cyber threat would be
rootkit attacks. These are certain programs that is responsible for providing subsequent threat
actors and remote access to effectively manage their total computerized system. The business
organization, would not be getting any type of ideology as BCP is extremely weak in their
business. As a result, the data could be completely lost without any prior notice.
e) Distributed Denial of Service Attacks: This kind of vulnerability is considered as
one of the major and the most significant issue, in which the attacks eventually makes the
entire computerized system absolutely unavailable for victims and then denies the respective
services, after overloading their services with extremely higher network traffic (Bailey 2014).
These attacks should be eradicated on time and proper security measures are needed to be
undertaken.
f) Computer Viruses: Another distinctive and popular type of security issue that often
becomes quite vulnerable for the security or privacy system or data. Computer viruses are
software pieces that are prepared by hackers to spread from one system to another system.
Such distinct viruses are even sent as attachments over electronic mails and are also copied
from different websites, so that the computer system could get infected and the user would
not get any idea about such vulnerability.
g) Rogue based Security Software: The seventh significant potential security risk for
this business organization would be rogue based security software. The hackers have
developed this type of software to mislead the respective users into believing that computer
viruses are not deployed in the system (Radanliev et al. 2018). Moreover, security measures
are absolutely ineffective in this purpose.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
ICT RISK MANAGEMENT
2.4 Designing a proper Security Plan after considering Details related to Effective
Counter Measures to manage and address the Threats
An effective and efficient cyber security plan is required to deal with every mentioned
risk and threat within the business organization. When the organization requires a major need
for network security and plan for incident responses, the core ability to prevent and mitigate
each kind of cyber-attack is being proved. Such distinct security plan even specifies the major
approach, several responsibilities and resources to manage the identified risk.
a) Purpose of the Plan: The most significant purpose of such information security
plan is drafting the required standard processes that are associated to cyber and physical
security for their business (Paté‐Cornell et al. 2018). All the employees of this business
organization should be aware of the security plan, so that they are maintaining security under
every circumstance.
b) Network and Physical Security: The respective network of the company is being
provided with better security after considering access controlling and firewalls. The entire
security group of the company would also develop few up graded strategies to reduce the
effect of such risks. The assets or other physical resources of the company would also be
protected and there exists no chance of an unauthenticated access within the company, thus
high security is being maintained.
c) Involving Different Standards and Policies and Legal Aspect: Several new
standards as well as policies should be involved in the new security plan for ensuring that no
employee is violating the rules and if anyone is found to violate the rules, would be
eventually charged with legalized standards and also could be terminated from that particular
company (Leuprecht, Skillicorn and Tait 2016). It is the major responsibility of the
employees to follow every aspect related to resources and time.
ICT RISK MANAGEMENT
2.4 Designing a proper Security Plan after considering Details related to Effective
Counter Measures to manage and address the Threats
An effective and efficient cyber security plan is required to deal with every mentioned
risk and threat within the business organization. When the organization requires a major need
for network security and plan for incident responses, the core ability to prevent and mitigate
each kind of cyber-attack is being proved. Such distinct security plan even specifies the major
approach, several responsibilities and resources to manage the identified risk.
a) Purpose of the Plan: The most significant purpose of such information security
plan is drafting the required standard processes that are associated to cyber and physical
security for their business (Paté‐Cornell et al. 2018). All the employees of this business
organization should be aware of the security plan, so that they are maintaining security under
every circumstance.
b) Network and Physical Security: The respective network of the company is being
provided with better security after considering access controlling and firewalls. The entire
security group of the company would also develop few up graded strategies to reduce the
effect of such risks. The assets or other physical resources of the company would also be
protected and there exists no chance of an unauthenticated access within the company, thus
high security is being maintained.
c) Involving Different Standards and Policies and Legal Aspect: Several new
standards as well as policies should be involved in the new security plan for ensuring that no
employee is violating the rules and if anyone is found to violate the rules, would be
eventually charged with legalized standards and also could be terminated from that particular
company (Leuprecht, Skillicorn and Tait 2016). It is the major responsibility of the
employees to follow every aspect related to resources and time.
8
ICT RISK MANAGEMENT
Various counter measures for resolving the issues and threats, related to cyber
security are described in the following paragraphs:
a) Solution to Trojan horse: The successful usage as well as implementation of
Malware Bytes would be extremely efficient in successful removal of the various issues
related to Trojan horses as well as termination of every suspicious activity (Shackelford
2016).
b) Solution to Ransomware Attacks: This type of issue could be resolved by using
encryption techniques in the business organization and threats would be reduced.
c) Solution to Phishing Attacks: Such distinct attacks could be resolved by installing
firewalls and anti phishing software within the business.
d) Solution to Rootkit Attacks: A successful deployment of an anti-rootkit tool would
be extremely effective and efficient for this particular to reduce the effectiveness of rootkit
attacks within the business (Wallner 2014).
e) Solution to Distributed Denial of Service Attacks: Proper security of each and
every web application in seven layers would be the most effective and suitable solution
related to distributed denial of service attack. A proper reduction of the anomalies in TCP
layer would be much more effective to resolve such issues.
f) Solution to Computer Viruses: Antivirus software should be implemented for
reducing issues related to computer viruses within the business.
g) Solution to Rogue based Security Software: Installing proper firewall would be
extremely effective and efficient for treating the rogue based security software (Bannink et al.
2014).
ICT RISK MANAGEMENT
Various counter measures for resolving the issues and threats, related to cyber
security are described in the following paragraphs:
a) Solution to Trojan horse: The successful usage as well as implementation of
Malware Bytes would be extremely efficient in successful removal of the various issues
related to Trojan horses as well as termination of every suspicious activity (Shackelford
2016).
b) Solution to Ransomware Attacks: This type of issue could be resolved by using
encryption techniques in the business organization and threats would be reduced.
c) Solution to Phishing Attacks: Such distinct attacks could be resolved by installing
firewalls and anti phishing software within the business.
d) Solution to Rootkit Attacks: A successful deployment of an anti-rootkit tool would
be extremely effective and efficient for this particular to reduce the effectiveness of rootkit
attacks within the business (Wallner 2014).
e) Solution to Distributed Denial of Service Attacks: Proper security of each and
every web application in seven layers would be the most effective and suitable solution
related to distributed denial of service attack. A proper reduction of the anomalies in TCP
layer would be much more effective to resolve such issues.
f) Solution to Computer Viruses: Antivirus software should be implemented for
reducing issues related to computer viruses within the business.
g) Solution to Rogue based Security Software: Installing proper firewall would be
extremely effective and efficient for treating the rogue based security software (Bannink et al.
2014).
9
ICT RISK MANAGEMENT
2.5 Developing an Information Security Training as well as Awareness Programs for
Staff
Security from all types of threats and risks is quite important to increase subsequent
reliance on the computer systems, Internet connectivity and wireless network standard like
Bluetooth and wireless fidelity (Radanliev et al. 2019). Data security would be maintained on
top priority and data complexities would be successfully resolved without much issue. A
training program for staffs of the company is provided in the following paragraphs:
a) Involvement of Details for Management of Data: Every employee will be having
the concept of data management and thus data recovery is easier.
b) Security Controls for Network and Physical Assets: The network and physical
assets are required to be secured by implementing antivirus software in the organization.
c) Security for Emails: The emails would be safe and secured and the employees
should be aware of this issue for avoidance of phishing attacks.
d) New Policy Implementation: BYOD policy would be extremely effective for them
and thus the respective removable media would be safe and secured in the entire department
of information technology (Radanliev et al. 2018). New policies would be implemented for
this purpose.
3. Conclusion
Thus, from the above discussion, conclusion is drawn that cyber risk assessment
would be a proper identification, analyses or evaluation of various cyber threats. It helps in
analysing the total information technology infrastructure and even identifies every possible
vulnerability after consideration of technology, procedures and people in various systems. A
detailed security plan and training awareness program is required for ensuring that the
confidential information is absolutely safe and secured and the employees are well aware of
ICT RISK MANAGEMENT
2.5 Developing an Information Security Training as well as Awareness Programs for
Staff
Security from all types of threats and risks is quite important to increase subsequent
reliance on the computer systems, Internet connectivity and wireless network standard like
Bluetooth and wireless fidelity (Radanliev et al. 2019). Data security would be maintained on
top priority and data complexities would be successfully resolved without much issue. A
training program for staffs of the company is provided in the following paragraphs:
a) Involvement of Details for Management of Data: Every employee will be having
the concept of data management and thus data recovery is easier.
b) Security Controls for Network and Physical Assets: The network and physical
assets are required to be secured by implementing antivirus software in the organization.
c) Security for Emails: The emails would be safe and secured and the employees
should be aware of this issue for avoidance of phishing attacks.
d) New Policy Implementation: BYOD policy would be extremely effective for them
and thus the respective removable media would be safe and secured in the entire department
of information technology (Radanliev et al. 2018). New policies would be implemented for
this purpose.
3. Conclusion
Thus, from the above discussion, conclusion is drawn that cyber risk assessment
would be a proper identification, analyses or evaluation of various cyber threats. It helps in
analysing the total information technology infrastructure and even identifies every possible
vulnerability after consideration of technology, procedures and people in various systems. A
detailed security plan and training awareness program is required for ensuring that the
confidential information is absolutely safe and secured and the employees are well aware of
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10
ICT RISK MANAGEMENT
each and every type of vulnerability to the assets and information of the company. This report
has demonstrated about the detailed discussion for a popular case study of an organization
that wants to protect the respective information holdings with an InfoSec training program
and security plan.
ICT RISK MANAGEMENT
each and every type of vulnerability to the assets and information of the company. This report
has demonstrated about the detailed discussion for a popular case study of an organization
that wants to protect the respective information holdings with an InfoSec training program
and security plan.
11
ICT RISK MANAGEMENT
References
Bailey, L., 2014. Mitigating moral hazard in cyber-risk insurance. JL & Cyber Warfare, 3,
p.1.
Bannink, R., Broeren, S., van de Looij–Jansen, P.M., de Waart, F.G. and Raat, H., 2014.
Cyber and traditional bullying victimization as a risk factor for mental health problems and
suicidal ideation in adolescents. PloS one, 9(4), p.e94026.
Biener, C., Eling, M. and Wirfs, J.H., 2015. Insurability of cyber risk: An empirical
analysis. The Geneva Papers on Risk and Insurance-Issues and Practice, 40(1), pp.131-158.
Biener, C., Eling, M. and Wirfs, J.H., 2018. Insurability of cyber risk. Methodology, p.9.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K.,
2016. A review of cyber security risk assessment methods for SCADA systems. Computers
& security, 56, pp.1-27.
Eling, M. and Schnell, W., 2016. What do we know about cyber risk and cyber risk
insurance?. The Journal of Risk Finance, 17(5), pp.474-491.
Kopp, E., Kaffenberger, L. and Jenkinson, N., 2017. Cyber risk, market failures, and
financial stability. International Monetary Fund.
Leuprecht, C., Skillicorn, D.B. and Tait, V.E., 2016. Beyond the Castle Model of cyber-risk
and cyber-security. Government Information Quarterly, 33(2), pp.250-257.
Paté‐Cornell, M.E., Kuypers, M., Smith, M. and Keller, P., 2018. Cyber risk management for
critical infrastructure: a risk analysis model and three case studies. Risk Analysis, 38(2),
pp.226-241.
ICT RISK MANAGEMENT
References
Bailey, L., 2014. Mitigating moral hazard in cyber-risk insurance. JL & Cyber Warfare, 3,
p.1.
Bannink, R., Broeren, S., van de Looij–Jansen, P.M., de Waart, F.G. and Raat, H., 2014.
Cyber and traditional bullying victimization as a risk factor for mental health problems and
suicidal ideation in adolescents. PloS one, 9(4), p.e94026.
Biener, C., Eling, M. and Wirfs, J.H., 2015. Insurability of cyber risk: An empirical
analysis. The Geneva Papers on Risk and Insurance-Issues and Practice, 40(1), pp.131-158.
Biener, C., Eling, M. and Wirfs, J.H., 2018. Insurability of cyber risk. Methodology, p.9.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K.,
2016. A review of cyber security risk assessment methods for SCADA systems. Computers
& security, 56, pp.1-27.
Eling, M. and Schnell, W., 2016. What do we know about cyber risk and cyber risk
insurance?. The Journal of Risk Finance, 17(5), pp.474-491.
Kopp, E., Kaffenberger, L. and Jenkinson, N., 2017. Cyber risk, market failures, and
financial stability. International Monetary Fund.
Leuprecht, C., Skillicorn, D.B. and Tait, V.E., 2016. Beyond the Castle Model of cyber-risk
and cyber-security. Government Information Quarterly, 33(2), pp.250-257.
Paté‐Cornell, M.E., Kuypers, M., Smith, M. and Keller, P., 2018. Cyber risk management for
critical infrastructure: a risk analysis model and three case studies. Risk Analysis, 38(2),
pp.226-241.
12
ICT RISK MANAGEMENT
Radanliev, P., De Roure, D., Cannady, S., Montalvo, R.M., Nicolescu, R. and Huth, M.,
2018. Economic impact of IoT cyber risk-analysing past and present to predict the future
developments in IoT risk analysis and IoT cyber insurance.
Radanliev, P., De Roure, D., Nurse, J., Montalvo, R.M. and Burnap, P., 2019. Standardisation
of cyber risk impact assessment for the Internet of Things (IoT). arXiv preprint
arXiv:1903.04428.
Radanliev, P., De Roure, D.C., Nicolescu, R., Huth, M., Montalvo, R.M., Cannady, S. and
Burnap, P., 2018. Future developments in cyber risk assessment for the internet of
things. Computers in Industry, 102, pp.14-22.
Refsdal, A., Solhaug, B. and Stølen, K., 2015. Cyber-risk management. In Cyber-Risk
Management (pp. 33-47). Springer, Cham.
Ruan, K., 2017. Introducing cybernomics: A unifying economic framework for measuring
cyber risk. Computers & Security, 65, pp.77-89.
Shackelford, S.J., 2016. Protecting intellectual property and privacy in the digital age: the use
of national cybersecurity strategies to mitigate cyber risk. Chap. L. Rev., 19, p.445.
Wallner, J., 2014. Cyber Risk Management. Wiley StatsRef: Statistics Reference Online.
ICT RISK MANAGEMENT
Radanliev, P., De Roure, D., Cannady, S., Montalvo, R.M., Nicolescu, R. and Huth, M.,
2018. Economic impact of IoT cyber risk-analysing past and present to predict the future
developments in IoT risk analysis and IoT cyber insurance.
Radanliev, P., De Roure, D., Nurse, J., Montalvo, R.M. and Burnap, P., 2019. Standardisation
of cyber risk impact assessment for the Internet of Things (IoT). arXiv preprint
arXiv:1903.04428.
Radanliev, P., De Roure, D.C., Nicolescu, R., Huth, M., Montalvo, R.M., Cannady, S. and
Burnap, P., 2018. Future developments in cyber risk assessment for the internet of
things. Computers in Industry, 102, pp.14-22.
Refsdal, A., Solhaug, B. and Stølen, K., 2015. Cyber-risk management. In Cyber-Risk
Management (pp. 33-47). Springer, Cham.
Ruan, K., 2017. Introducing cybernomics: A unifying economic framework for measuring
cyber risk. Computers & Security, 65, pp.77-89.
Shackelford, S.J., 2016. Protecting intellectual property and privacy in the digital age: the use
of national cybersecurity strategies to mitigate cyber risk. Chap. L. Rev., 19, p.445.
Wallner, J., 2014. Cyber Risk Management. Wiley StatsRef: Statistics Reference Online.
1 out of 13
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.