Survey and Guidelines about Learning Cyber Security Risk Assessment

Christophe Ponsard, Philippe Massonet

2022

Abstract

Risk assessment is a key part of all cyber security frameworks, standards and related certification schemes. It is a complex process involving both the business domain to assess impact and the technical domain to measure feasibility. It requires to produce a realistic risk matrix based on qualitative information and then to decide about measures aligned with relevant standards. Getting experienced in this area is a difficult learning process with many possible pitfalls. In this paper, we report about our lessons learned based on a controlled experiment of 26 risk analyses across different domains including some operators of essential services. We also provide some methodological recommendations for efficient tool support, including model-based.

Download


Paper Citation


in Harvard Style

Ponsard C. and Massonet P. (2022). Survey and Guidelines about Learning Cyber Security Risk Assessment. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-553-1, pages 536-543. DOI: 10.5220/0010900800003120


in Bibtex Style

@conference{icissp22,
author={Christophe Ponsard and Philippe Massonet},
title={Survey and Guidelines about Learning Cyber Security Risk Assessment},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2022},
pages={536-543},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010900800003120},
isbn={978-989-758-553-1},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Survey and Guidelines about Learning Cyber Security Risk Assessment
SN - 978-989-758-553-1
AU - Ponsard C.
AU - Massonet P.
PY - 2022
SP - 536
EP - 543
DO - 10.5220/0010900800003120