Article

National Institute of Standards and Technology (NIST) recommends that organizations perform cyber risk assessments regularly to identify security vulnerabilities and to control levels of exposure to threats. We discuss a method to customize the ranking of cyber threats based on the organization’s maturity level of implementing NIST controls and we use FAIR model’s LEF component as a measure of the severity of cyber threats. The methodology integrates NIST maturity levels to calculate the resistance strength factor and produce the LEF values for each threat. The LEF value is then used to represent the severity level of the threat to the specific organization. This hybrid risk assessment approach will help stakeholders make data-informed decisions on improving security measures and provide accurate values that represent the current security state of their organization.

Creator

• Bakare, Adeyinka
• Said, Hazem

License

• All rights reserved

Subject

• Information Technology

Submitter

Jess Kropczynski

College

• Education, Criminal Justice, and Human Services

Department

• - School of Information Technology

Date Created

• 2020-04-14

Journal Title

• IT Research Symposium’20

Language

• English

Related URL

•  https://itexpo20.live/research/1

Relationships

In Collection:

• 2020 Information Technology Research Symposium

Items