Enhancing the factor analysis of information risk methodology for assessing cyberresilience in critical infrastructure information systems
Keywords:cyberresilience, critical infrastructure, information systems, factor analysis
Purpose: is to explore the Factor Analysis of Information Risk methodology as a tool for assessing and managing information risk in critical infrastructure systems, and to identify opportunities for improvement in the methodology. The article also provides an overview of other frameworks and standards that can be used in conjunction with the Factor Analysis of Information Risk methodology to enhance the overall effectiveness of risk management in critical infrastructure systems.
Method: factor analysis and empirical research methods were used in the study.
Theoretical implications: involve potential improvements to the Factor Analysis of Information Risk methodology, contributing to a more comprehensive framework for information risk management in critical infrastructure systems.
Practical consequences: involve the potential for improved risk assessments and risk management in critical infrastructure systems through the refinement and development of the Factor Analysis of Information Risk methodology; by identifying gaps and opportunities for improvement in the methodology and providing an overview of other frameworks and standards that can be used in conjunction with Factor Analysis of Information Risk, this article can inform the development of more effective risk management policies and practices; the article may also encourage the use of Factor Analysis of Information Risk and other frameworks and standards in critical infrastructure systems to enhance their security and resilience against potential cyber threats.
National Institute of Standards and Technology. (2018). Framework for improving critical infrastructure cybersecurity. Retrieved from : https://www.nist.gov/cyberframework.
U.S. Department of Homeland Security. (n.d.). NIST cybersecurity framework. Retrieved from : https://www.cisa.gov/nist-cybersecurity-framework.
International Organization for Standardization. (2013). ISO/IEC 27001:2013 Information technology – Security techniques – Information security management systems – Requirements. Geneva, Switzerland: Author.
National Institute of Standards and Technology. (2019). Special publication 800-53, revision 5: Security and privacy controls for information systems and organizations. Retrieved from : https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf.
International Society of Automation. (2020). ISA/IEC 62443: Industrial automation and control systems security. Retrieved from : https://www.isa.org/standards-and-publications/isa-standards/isa-standards-committees/isa99
International Electrotechnical Commission. (2020). IEC 62443-1-1:2019: Security for industrial automation and control systems – Part 1-1: Terminology, concepts and models. Retrieved from : https://webstore.iec.ch/publication/62849
International Electrotechnical Commission. (2020). IEC 62443-2-1:2020: Security for industrial automation and control systems – Part 2-1: Establishing an industrial automation and control systems security program. Retrieved from :https://webstore.iec.ch/publication/67403
Factor Analysis of Information Risk (FAIR) Institute. (2021). What is FAIR? Retrieved from : https://www.fairinstitute.org/what-is-fair
Verma, D., & Verma, A. (2018). A review of quantitative risk management methodologies for critical infrastructure systems. Reliability Engineering & System Safety, 180, 198-219. https://doi.org/10.1016/j.ress.2018.07.005
U.S. Department of Homeland Security. (2012). Cyber security evaluation tool (CSET). Retrieved from : https://www.us-cert.gov/ccubedvp/cset
Froschauer, J., & Held, M. (2017). Combining the FAIR and NIST Cybersecurity Frameworks for improved critical infrastructure protection. Journal of Information Security and Applications, 37, 1-10. https://doi.org/10.1016/j.jisa.2017.06.002
Bai, Y., Wang, W., Liu, Y., & Chen, H. (2019). A system dynamics approach for assessing the cascading effects of cyber-physical attacks on critical infrastructures. Reliability Engineering & System Safety, 190, 106560. https://doi.org/10.1016/j.ress.2019.106560
Abstract views: 17 Downloads: 19
How to Cite
Copyright (c) 2023 Volodymyr Shypovskyi
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors agree with the following conditions:
1. Authors retain copyright and grant the journal right of first publication (Download agreement) with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
2. Authors have the right to complete individual additional agreements for the non-exclusive spreading of the journal’s published version of the work (for example, to post work in the electronic repository of the institution or to publish it as part of a monograph), with the reference to the first publication of the work in this journal.
3. Journal’s politics allows and encourages the placement on the Internet (for example, in the repositories of institutions, personal websites, SSRN, ResearchGate, MPRA, SSOAR, etc.) manuscript of the work by the authors, before and during the process of viewing it by this journal, because it can lead to a productive research discussion and positively affect the efficiency and dynamics of citing the published work (see The Effect of Open Access).