Methods for determining the categories of cyber incidents and assessing information security risks
Abstract
The article is devoted to the study of categories of cyber incidents and their prioritization in the context of information security. It discusses the main sources that provide information about cyber threats and defines their role in detecting and analyzing incidents, and provides tools for collecting and analyzing data. The concepts of event, incident, and crime and the relationship between them are discussed. The author provides a classification of various types of cyber threats, how they are coded, their characteristics and impact on information systems. Examples of the use of cyber incident classification are given. The authors of the article also consider specific types of cyber incidents that may occur in various fields of activity and the threats they pose to various information systems. The necessity and methods of determining priorities in responding to cyber threats are substantiated, which allows for the effective allocation of resources and the implementation of preventive cyber security measures. The approach to assessing and classifying incidents according to their possible impact on the organization's activities, information security and ability to recover from cyber attacks is revealed. The article highlights various approaches and methodologies for identifying and managing information security risks, including the use of standards, models and assessment tools. This article is a resource for cybersecurity professionals, researchers, and executives interested in risk management and information asset protection in today's digital environment.
Downloads
References
ASD's ACSC - Guidelines for Cyber Security Incidents. Access mode: http://surl.li/pslnn
ENISA, EUROPOL - Common Taxonomy for Law Enforcement and The National Network of CSIRTs - Access mode: https://www.europol.europa.eu/sites/default/files/documents/common_taxonomy_for_law_enforcement_and_csirts_v1.3.pdf
CERT-UA - List of categories of cyber incidents. Access mode: https://cert.gov.ua/recommendation/16904
ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection Information security controls. Access mode: http://www.itref.ir/uploads/editor/d3d149.pdf
NIST Special Publication 800-61 rev.2 Computer Security Incident Handling Guide. Access mode: https://csrc.nist.gov/pubs/sp/800/61/r2/final DOI: https://doi.org/10.6028/NIST.SP.800-61r2
Resolution of the Cabinet of Ministers of Ukraine dated 04.04.2023 No. 299, Some issues of response by cybersecurity entities to various types of events in cyberspace. Access mode: https://zakon.rada.gov.ua/laws/show/299-2023-п
Einar Snekkenes. Position paper: Privacy risk analysis is about understanding conflicting incentives. In Simone Fischer-Haubner, Elisabeth Leeuw, and Chris Mitchell, editors, Policies and Research in Identity Management, volume 396 of IFIP Advances in Information and Communication Technology, pages 100–103. Springer Berlin Heidelberg, 2013. 113 DOI https://doi.org/10.1007/978-3-642-37282-7
NSM. Veiledning i risiko- og srbarhetsanalyse (guidelines for risk and vulnerability assessments). Technical report, Nasjonal Sikkerhetsmyndighet (Norwegian National Security Authority), 2006. 12, 32, 33, 43, 113, 119, 128, 131, 133, 135
Doctoral theses at NTNU, 2017:153. Gaute Bjørklund Wangen. Cyber Security Risk Assessment Practices. Core Unified Risk Framework, pages 111-131. Access mode: http://surl.li/pslmi
