Article
Integrating NIST Framework into FAIR model for Quantitative Risk Assessment of Cyber Threats Open Access Deposited
Downloadable Content
Download PDFDate Modified: 05/15/2020
As incessant cyber-attacks on organizations increase in complexity and destructiveness with the aim
to disrupt services and steal information, proactive measures are critically needed to mitigate these
attacks, cyber security risk assessment tops the list of measures. This study provides an overview of
cybersecurity risk assessment, various types of frameworks, and the difference between qualitative
and quantitative cybersecurity risk assessments. The aim of this early research is the creation of a
hybrid system which integrates an existing cybersecurity risk assessment system based on the NIST framework into the Factor Analysis of Information Risk (FAIR) model, an analytic risk assessment model that enables true quantitative measurement. In this study, we propose a hybrid-assessment tool which will be used to describe and compare the impact of using NIST driven values
as inputs for the resistance strength to determine the Loss Event Frequent (LEF) and Annual Loss
Expectancy (ALE) of a risk scenario as opposed to using experts’ opinion as user inputs for determination of the LEF and ALE values.
- Creator
- License
- Subject
- Submitter
- College
- Department
- Date Created
- Publisher
- Journal Title
- IT Research Symposium’19
- Language
Digital Object Identifier (DOI)
Identifier: doi:10.7945/r35x-0f80
Link: https://doi.org/10.7945/r35x-0f80
This DOI link is the best way for others to cite your work.
-
- In Collection:
Relationships
Items
Thumbnail | Title | Date Uploaded | Visibility | Actions |
---|---|---|---|---|
Submission_17_Bakare.pdf | 2020-05-15 | Open Access |
|
Permanent link to this page: https://scholar.uc.edu/show/b5644s84b