Enhancing the factor analysis of information risk methodology for assessing cyberresilience in critical infrastructure information systems

Authors

DOI:

https://doi.org/10.5281/zenodo.7876556

Keywords:

cyberresilience, critical infrastructure, information systems, factor analysis

Abstract

Purpose: is to explore the Factor Analysis of Information Risk methodology as a tool for assessing and managing information risk in critical infrastructure systems, and to identify opportunities for improvement in the methodology. The article also provides an overview of other frameworks and standards that can be used in conjunction with the Factor Analysis of Information Risk methodology to enhance the overall effectiveness of risk management in critical infrastructure systems.

Method: factor analysis and empirical research methods were used in the study.

Theoretical implications: involve potential improvements to the Factor Analysis of Information Risk methodology, contributing to a more comprehensive framework for information risk management in critical infrastructure systems.

Practical consequences: involve the potential for improved risk assessments and risk management in critical infrastructure systems through the refinement and development of the Factor Analysis of Information Risk methodology; by identifying gaps and opportunities for improvement in the methodology and providing an overview of other frameworks and standards that can be used in conjunction with Factor Analysis of Information Risk, this article can inform the development of more effective risk management policies and practices; the article may also encourage the use of Factor Analysis of Information Risk and other frameworks and standards in critical infrastructure systems to enhance their security and resilience against potential cyber threats.

Downloads

Download data is not yet available.

References

National Institute of Standards and Technology. (2018). Framework for improving critical infrastructure cybersecurity. Retrieved from : https://www.nist.gov/cyberframework.

U.S. Department of Homeland Security. (n.d.). NIST cybersecurity framework. Retrieved from : https://www.cisa.gov/nist-cybersecurity-framework.

International Organization for Standardization. (2013). ISO/IEC 27001:2013 Information technology – Security techniques – Information security management systems – Requirements. Geneva, Switzerland: Author.

National Institute of Standards and Technology. (2019). Special publication 800-53, revision 5: Security and privacy controls for information systems and organizations. Retrieved from : https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf.

International Society of Automation. (2020). ISA/IEC 62443: Industrial automation and control systems security. Retrieved from : https://www.isa.org/standards-and-publications/isa-standards/isa-standards-committees/isa99

International Electrotechnical Commission. (2020). IEC 62443-1-1:2019: Security for industrial automation and control systems – Part 1-1: Terminology, concepts and models. Retrieved from : https://webstore.iec.ch/publication/62849

International Electrotechnical Commission. (2020). IEC 62443-2-1:2020: Security for industrial automation and control systems – Part 2-1: Establishing an industrial automation and control systems security program. Retrieved from :https://webstore.iec.ch/publication/67403

Factor Analysis of Information Risk (FAIR) Institute. (2021). What is FAIR? Retrieved from : https://www.fairinstitute.org/what-is-fair

Verma, D., & Verma, A. (2018). A review of quantitative risk management methodologies for critical infrastructure systems. Reliability Engineering & System Safety, 180, 198-219. https://doi.org/10.1016/j.ress.2018.07.005

U.S. Department of Homeland Security. (2012). Cyber security evaluation tool (CSET). Retrieved from : https://www.us-cert.gov/ccubedvp/cset

Froschauer, J., & Held, M. (2017). Combining the FAIR and NIST Cybersecurity Frameworks for improved critical infrastructure protection. Journal of Information Security and Applications, 37, 1-10. https://doi.org/10.1016/j.jisa.2017.06.002

Bai, Y., Wang, W., Liu, Y., & Chen, H. (2019). A system dynamics approach for assessing the cascading effects of cyber-physical attacks on critical infrastructures. Reliability Engineering & System Safety, 190, 106560. https://doi.org/10.1016/j.ress.2019.106560

Downloads


Abstract views: 562
Downloads: 84

Published

2023-04-28

How to Cite

Shypovskyi, V. (2023). Enhancing the factor analysis of information risk methodology for assessing cyberresilience in critical infrastructure information systems. Political Science and Security Studies Journal, 4(1), 25-33. https://doi.org/10.5281/zenodo.7876556

Issue

Section

Articles