Logo des Repositoriums

Auflistung nach Schlagwort "Risk Assessment"

1 - 4 von 4
  • Zeitschriftenartikel
    Cybersecurity im medialen Diskurs
    (HMD Praxis der Wirtschaftsinformatik: Vol. 57, No. 3, 2020) Griesbacher, Eva-Maria; Griesbacher, Martin
    Die Digitalisierung hat in den letzten Jahren ein komplexes, sich scheinbar ständig veränderndes Feld möglicher Risiken hervorgebracht, dessen Ausmaße für Unternehmen zunehmend schwer erkennbar sind. Entsprechend wichtig wird die Frage, wie EntscheidungsträgerInnen und MitarbeiterInnen Gefahren im digitalen Raum besser erkennen, adäquat einschätzen und auf diese reagieren können. Da sich EntscheidungsträgerInnen in kleineren KMU meist über Internetrecherchen oder in der Tagespresse über Cybersecurity informieren, hängt ihre Risikoeinschätzung und Maßnahmensetzung davon ab, wie Cybersecurity-Themen in diversen Medien dargestellt und diskutiert werden. Basierend auf einer Diskursanalyse von 504 Medienberichten zum Thema Cybersecurity in Unternehmen zwischen 2010 und 2019 kommt der Beitrag zu dem Ergebnis, dass sich die Medien weniger an langfristig bestehenden Bedrohungslagen orientiert haben, sondern vielmehr an den spektakulärsten Zwischenfällen und typischen Rollenverteilungen zwischen „Gut“ und „Böse“. Insgesamt wurde der Cyberspace als ein unsicherer Raum für Unternehmen dargestellt – teilweise aufgrund des Verhaltens ihrer eigenen MitarbeiterInnen. Für IT-Unternehmen, Polizeibehörden und die Forschung bedeutet der Nachvollzug des medialen Cybersecurity-Diskurses eine verbesserte Einsicht in die selektive und situative Behandlung von Bedrohungslagen durch Medien und die damit verbundenen Verzerrungen unternehmerischer Risikoeinschätzungen. Zentral für die unternehmerische Cybersecurity ist zudem die Kompetenz der MitarbeiterInnen, die Gefahren akkurat erkennen zu können. In recent years, digitization has created a complex, seemingly ever-changing field of possible risks. The extent of these risks is increasingly difficult for companies to identify. Accordingly, the question of how decision-makers and employees can recognize, assess and react to dangers from cyberspace becomes increasingly important. Since decision-makers in smaller SMEs usually obtain information about cybersecurity through Internet research or through daily press, their risk assessment and measures depend on how cybersecurity issues are presented and discussed in various media. Based on a discourse analysis of 504 media reports on the topic of cyber security in companies between 2010 and 2019, the article comes to the following conclusion: The media has focused less on long-term existing threats and more on the most spectacular incidents and typical role distribution between “good” and “evil”. All in all, cyberspace was portrayed as an insecure space for companies—partly due to the behaviour of their own employees. For IT companies, police authorities and research, the understanding of the media cybersecurity discourse means an improved insight into the selective and situational treatment of threat situations by the media and the associated distortions in corporate risk assessments. Finally, the competence of the employees to accurately recognize the risks is central to corporate cybersecurity.
  • Konferenzbeitrag
    On the Perception of Risk Assessment in Intrusion Detection Systems
    (10. DFN-Forum Kommunikationstechnologien, 2017) Golling, Mario; Koch, Robert; Dreo Rodosek, Gabi
    Especially in the area of Intrusion Detection, the concept as well as the understanding of the term "risk" is of fundamental irnportance. Generally, risk assessment represents an important means of evaluating certain situations, plans, events or systems in a systematic and comprehensive procedure. As in other areas, within the field of IT security, the systematic assessment process (risk analysis) also aims at recomrnending how to allocate available resources. Referring to this, both, the categorization oftraffic (whether traffic has to be classified as an attack or not - "benign vs. malicious") as we11 as a corresponding estimation of the expected damage (severity) are of central importance. Therefore, within this publication, the authors address the following questions in detail: (1) To what extent are the detection results of different IDSs comparable - with regard to the assessment of the risk / extent of damage - or are there strong deviations? (2) How do both vendor-dependent and vendor-independent alerts address the topic of risk assessment and enable the implementation of a comprehensive risk concept? To this end, at the heart of this paper, an overview as weil as an evaluation of important representatives of open source IDSs is presented, focusing on methods for risk assessment resp. risk rating including cross-vendor risk rating and the Common Vulnerability Scoring System (CVSS). Furthermore, the paper also contains a brief demise of the most important representatives of comrnercial IDSs.
  • Konferenzbeitrag
    Risk variance: Towards a definition of varying outcomes of IT security risk assessment
    (Open Identity Summit 2022, 2022) Kurowski, Sebastian; Schunck, Christian H.
    Assessing IT-security risks in order to achieve adequate and efficient protection measures has become the core idea of various industry practices and regulatory frameworks in the last five years. Some research however suggests that the practice of assessing IT security risks may be subject to varying outcomes depending on personal, situational and contextual factors. In this contribution we first provide a definition of risk variance as the variation of risk assessment outcomes due to individual traits, the processual environment, the domain of the assessor, and possibly the target of the assessed risk. We then present the outcome of an interview series with 9 decision makers from different companies that aimed at discussing whether risk variance is an issue in their risk assessment procedures. Finally, we elaborate on the generalizability of the concept of risk variance, despite the low sample size in light of varying risk assessment procedures discussed in the interviews. We find that risk variance could be a general problem of current risk assessment procedures.
  • Konferenzbeitrag
    Scalable Modeling of Preventive and Detective Security Controls for Cyber-Physical Systems
    (INFORMATIK 2024, 2024) Shun, Hnin Yee; Al Sardy, Loui; Waedt, Karl; Le Berre, Gabriel
    Critical infrastructure and Industry 4.0 depend heavily on Cyber-Physical Systems (CPS), necessitating significant support for cybersecurity and safety professionals throughout development and implementation. This paper explores safety measures linked to physical protection at different CPS levels and how they interact with features of the digital twin. However, digital twins require comprehensive preventative and detective procedures to ensure security. The objective is to facilitate advanced attack tree analysis. Utilizing 3D modeling to incorporate features such as tamper-indicating devices, forensic biometric security, digital CCTV/video monitoring, physical/logical zones, and graded security controls enhances the depiction of the real world. Furthermore, functional safety assessments and risk assessments are carried out. The frameworks will include Babylon JS 7.0, Vue 3.x, and Element+, enabling a tool-based method designed to help subject matter experts analyze complex security postures of CPS efficiently and consistently. This scalable method can be applied in smart manufacturing as well as large-scale plant operations.