{"response":{"docs":[{"system_create_dtsi":"2020-05-15T23:00:14Z","system_modified_dtsi":"2020-05-15T23:00:16Z","has_model_ssim":["Article"],"id":"xd07gt933","accessControl_ssim":["8c66a3d3-5a92-4ed3-9acd-293699c27565"],"depositor_ssim":["kropczjn@ucmail.uc.edu"],"depositor_tesim":["kropczjn@ucmail.uc.edu"],"title_tesim":["A methodology for cyberthreat ranking"],"date_uploaded_dtsi":"2020-05-15T23:00:14Z","date_modified_dtsi":"2020-05-15T23:00:14Z","isPartOf_ssim":["admin_set/default"],"journal_title_tesim":["IT Research Symposium’20"],"college_tesim":["Education, Criminal Justice, and Human Services"],"department_tesim":["- School of Information Technology"],"creator_tesim":["Bakare, Adeyinka","Said, Hazem"],"subject_tesim":["Information Technology"],"language_tesim":["English"],"description_tesim":["National Institute of Standards and Technology (NIST) recommends that organizations perform cyber risk assessments regularly to identify security vulnerabilities and to control levels of exposure to threats. We discuss a method to customize the ranking of cyber threats based on the organization’s maturity level of implementing NIST controls and we use FAIR model’s LEF component as a measure of the severity of cyber threats. The methodology integrates NIST maturity levels to calculate the resistance strength factor and produce the LEF values for each threat. The LEF value is then used to represent the severity level of the threat to the specific organization. This hybrid risk assessment approach will help stakeholders make data-informed decisions on improving security measures and provide accurate values that represent the current security state of their organization."],"license_tesim":["http://rightsstatements.org/vocab/InC/1.0/"],"date_created_tesim":["2020-04-14"],"related_url_tesim":["https://itexpo20.live/research/1 "],"source_tesim":["IT Research Symposium’20"],"thumbnail_path_ss":"/assets/work-ff055336041c3f7d310ad69109eda4a887b16ec501f35afc0a547c4adb97ee72.png","suppressed_bsi":false,"actionable_workflow_roles_ssim":["admin_set/default-default-depositing"],"workflow_state_name_ssim":["deposited"],"member_of_collections_ssim":["2020 Information Technology Research Symposium"],"member_of_collection_ids_ssim":["ws859g993"],"visibility_ssi":"open","admin_set_tesim":["Default Admin Set"],"sort_title_ssi":"METHODOLOGY FOR CYBERTHREAT RANKING","human_readable_type_tesim":["Article"],"read_access_group_ssim":["public"],"edit_access_group_ssim":["admin"],"edit_access_person_ssim":["kropczjn@ucmail.uc.edu"],"nesting_collection__ancestors_ssim":["ws859g993"],"nesting_collection__parent_ids_ssim":["ws859g993"],"nesting_collection__pathnames_ssim":["ws859g993/xd07gt933"],"nesting_collection__deepest_nested_depth_isi":2,"_version_":1697086683829239808,"timestamp":"2021-04-15T06:26:23.083Z","score":0.00049999997},{"system_create_dtsi":"2020-05-15T22:10:46Z","system_modified_dtsi":"2020-05-15T22:10:54Z","has_model_ssim":["Article"],"id":"b5644s84b","accessControl_ssim":["b5cd1fc7-8b0f-4f9f-9f2b-018f99483d1f"],"hasRelatedMediaFragment_ssim":["6w924d32n"],"hasRelatedImage_ssim":["6w924d32n"],"depositor_ssim":["kropczjn@ucmail.uc.edu"],"depositor_tesim":["kropczjn@ucmail.uc.edu"],"title_tesim":["Integrating NIST Framework into FAIR model for Quantitative Risk Assessment of Cyber Threats"],"date_uploaded_dtsi":"2020-05-15T22:10:46Z","date_modified_dtsi":"2020-05-15T22:10:46Z","isPartOf_ssim":["admin_set/default"],"doi_tesim":["doi:10.7945/r35x-0f80"],"journal_title_tesim":["IT Research Symposium’19"],"college_tesim":["Education, Criminal Justice, and Human Services"],"department_tesim":["- School of Information Technology"],"creator_tesim":["Gilany, Yahya","Kunapareddy, Vivek","Bakare, Adeyinka","Said, Hazem"],"publisher_tesim":["University of Cincinnati"],"subject_tesim":["Information Technology"],"language_tesim":["English"],"description_tesim":["As incessant cyber-attacks on organizations increase in complexity and destructiveness with the aim\r\nto disrupt services and steal information, proactive measures are critically needed to mitigate these\r\nattacks, cyber security risk assessment tops the list of measures. This study provides an overview of\r\ncybersecurity risk assessment, various types of frameworks, and the difference between qualitative\r\nand quantitative cybersecurity risk assessments. The aim of this early research is the creation of a\r\nhybrid system which integrates an existing cybersecurity risk assessment system based on the NIST framework into the Factor Analysis of Information Risk (FAIR) model, an analytic risk assessment model that enables true quantitative measurement. In this study, we propose a hybrid-assessment tool which will be used to describe and compare the impact of using NIST driven values\r\nas inputs for the resistance strength to determine the Loss Event Frequent (LEF) and Annual Loss\r\nExpectancy (ALE) of a risk scenario as opposed to using experts’ opinion as user inputs for determination of the LEF and ALE values."],"license_tesim":["http://rightsstatements.org/vocab/InC/1.0/"],"date_created_tesim":["2019-04-11"],"source_tesim":["IT Research Symposium’19"],"thumbnail_path_ss":"/downloads/6w924d32n?file=thumbnail","suppressed_bsi":false,"actionable_workflow_roles_ssim":["admin_set/default-default-depositing"],"workflow_state_name_ssim":["deposited"],"member_ids_ssim":["6w924d32n"],"member_of_collections_ssim":["2019 Information Technology Research Symposium"],"member_of_collection_ids_ssim":["jq085m248"],"file_set_ids_ssim":["6w924d32n"],"visibility_ssi":"open","admin_set_tesim":["Default Admin Set"],"sort_title_ssi":"INTEGRATING NIST FRAMEWORK INTO FAIR MODEL FOR QUANTITATIVE RISK ASSESSMENT OF CYBER THREATS","human_readable_type_tesim":["Article"],"read_access_group_ssim":["public"],"edit_access_group_ssim":["admin"],"edit_access_person_ssim":["kropczjn@ucmail.uc.edu"],"nesting_collection__ancestors_ssim":["jq085m248"],"nesting_collection__parent_ids_ssim":["jq085m248"],"nesting_collection__pathnames_ssim":["jq085m248/b5644s84b"],"nesting_collection__deepest_nested_depth_isi":2,"_version_":1697097427570393088,"timestamp":"2021-04-15T09:17:09.113Z","score":0.00049999997}],"facets":[{"name":"human_readable_type_sim","items":[{"value":"Article","hits":2,"label":"Article"}],"label":"Human Readable Type Sim"},{"name":"creator_sim","items":[{"value":"Bakare, Adeyinka","hits":2,"label":"Bakare, Adeyinka"},{"value":"Said, Hazem","hits":2,"label":"Said, Hazem"},{"value":"Gilany, Yahya","hits":1,"label":"Gilany, Yahya"},{"value":"Kunapareddy, Vivek","hits":1,"label":"Kunapareddy, Vivek"}],"label":"Creator Sim"},{"name":"subject_sim","items":[{"value":"Information Technology","hits":2,"label":"Information Technology"}],"label":"Subject Sim"},{"name":"college_sim","items":[{"value":"Education, Criminal Justice, and Human Services","hits":2,"label":"Education, Criminal Justice, and Human Services"}],"label":"College Sim"},{"name":"department_sim","items":[{"value":"- School of Information Technology","hits":2,"label":"- School of Information Technology"}],"label":"Department Sim"},{"name":"language_sim","items":[{"value":"English","hits":2,"label":"English"}],"label":"Language Sim"},{"name":"publisher_sim","items":[{"value":"University of Cincinnati","hits":1,"label":"University of Cincinnati"}],"label":"Publisher Sim"},{"name":"date_created_sim","items":[{"value":"2019-04-11","hits":1,"label":"2019-04-11"},{"value":"2020-04-14","hits":1,"label":"2020-04-14"}],"label":"Date Created Sim"},{"name":"member_of_collection_ids_ssim","items":[{"value":"jq085m248","hits":1,"label":"jq085m248"},{"value":"ws859g993","hits":1,"label":"ws859g993"}],"label":"Member Of Collection Ids Ssim"},{"name":"generic_type_sim","items":[{"value":"Work","hits":2,"label":"Work"}],"label":"Generic Type Sim"}],"pages":{"current_page":1,"next_page":null,"prev_page":null,"total_pages":1,"limit_value":10,"offset_value":0,"total_count":2,"first_page?":true,"last_page?":true}}}