Index Catalog // Scholar@UC

Type:: Article
Description/Abstract:: Today's industrial equipment is connected over a network to communicate with external systems and make decisions without human intervention, making it vulnerable to cyberattacks and showing the importance of research. This study explored the implementation of a cloud-based virtual testbed for a smart factory for cybersecurity testing and research. As a first step, this paper reports on developing an environment with one programmable logic controller (PLC) simulating a conveyor belt setup. The study examined different virtualization platforms and network designs. In addition, it executed a denial-of-service attack and identified its signature indicators. The study found that VMware Workstation Pro is the most suitable virtualization platform and that network input and output are the DoS attack's signature indicators.
Creator/Author:: Mandalapu, Rohit and Said, Hazem
Submitter:: Rohit Mandalapu
Date Uploaded:: 01/17/2025
Date Modified:: 01/17/2025
Date Created:: 2023-07-27
License:: Attribution 4.0 International

Type:: Article
Description/Abstract:: National Institute of Standards and Technology (NIST) recommends that organizations perform cyber risk assessments regularly to identify security vulnerabilities and to control levels of exposure to threats. We discuss a method to customize the ranking of cyber threats based on the organization’s maturity level of implementing NIST controls and we use FAIR model’s LEF component as a measure of the severity of cyber threats. The methodology integrates NIST maturity levels to calculate the resistance strength factor and produce the LEF values for each threat. The LEF value is then used to represent the severity level of the threat to the specific organization. This hybrid risk assessment approach will help stakeholders make data-informed decisions on improving security measures and provide accurate values that represent the current security state of their organization.
Creator/Author:: Bakare, Adeyinka and Said, Hazem
Submitter:: Jess Kropczynski
Date Uploaded:: 05/15/2020
Date Modified:: 05/15/2020
Date Created:: 2020-04-14
License:: All rights reserved

Type:: Article
Description/Abstract:: As incessant cyber-attacks on organizations increase in complexity and destructiveness with the aim to disrupt services and steal information, proactive measures are critically needed to mitigate these attacks, cyber security risk assessment tops the list of measures. This study provides an overview of cybersecurity risk assessment, various types of frameworks, and the difference between qualitative and quantitative cybersecurity risk assessments. The aim of this early research is the creation of a hybrid system which integrates an existing cybersecurity risk assessment system based on the NIST framework into the Factor Analysis of Information Risk (FAIR) model, an analytic risk assessment model that enables true quantitative measurement. In this study, we propose a hybrid-assessment tool which will be used to describe and compare the impact of using NIST driven values as inputs for the resistance strength to determine the Loss Event Frequent (LEF) and Annual Loss Expectancy (ALE) of a risk scenario as opposed to using experts’ opinion as user inputs for determination of the LEF and ALE values.
Creator/Author:: Gilany, Yahya; Kunapareddy, Vivek; Bakare, Adeyinka, and Said, Hazem
Submitter:: Jess Kropczynski
Date Uploaded:: 05/15/2020
Date Modified:: 05/15/2020
Date Created:: 2019-04-11

Recherche