70 likes | 220 Views
Cyber Security Challenges and Risk Analysis Miguel Areias EDP Distribuição. Miguel Areias – Portugal – RT S3c – Paper ID: 0625. Threat. Vulnerability. Risk. Risk Analysis. Event , actor, or action with potential to harm. Weakness. Operational or Economic.
E N D
Cyber Security Challenges and Risk Analysis Miguel Areias EDP Distribuição Miguel Areias – Portugal – RT S3c – Paper ID: 0625
Threat Vulnerability Risk Risk Analysis Event, actor, oractionwithpotential to harm Weakness Operational or Economic Unauthorized access or attempt to a system or resource A potential security gap in some parts of the infrastructure Assess and quantify the risk There is only a risk when a vulnerability exists and can be exploited. Quantifying the risk represents the magnitude of the damage caused by the materialized threat
Threat Vulnerability Intrusion (Risk of) Threats, Vulnerability and Risk • Virus Attack • Virus not Updated • Tools not Adequate • People Awareness • Loss of Reputation • Loss of Data • Rework • Stress on People Not all vulnerabilities need to be addressed. Risk analysis must be done in order to identify the quantity of threats that each vulnerability is exposed
Likely Almost Certain Possible Unlikely Rare Major Moderate Catastrophic Insignificant Minor LowRisk Moderate Probability Impact LowRisk LowRisk LowRisk LowRisk Moderate Moderate High Risk High Risk High Risk Moderate Moderate High Risk High Risk High Risk Moderate Extreme Extreme Extreme Extreme Extreme Extreme Extreme Extreme Quantitative Risk Measurement The Risk analysis is based on the probability to exploit one vulnerability and its effects (exploitation Impact). The same vulnerability could be different in different contexts.
System Performance Requirements In many situations, Critical Infrastructures are considered isolated and the security is based on obscurity.
Cyber Security Risk Management Framework Supported on standards, this approach allows us to assess and implement security issues on a Critical infrastructure. Taking into account the criticality, vulnerability and risk to which they are exposed.
Mitigation • Vulnerability Assessment • Internal • External Security Life Cycle ThreatandAttackModeling Prioritize what vulnerabilities must be first addressed RankRiskAnalysis (quantifytherisk) Assess and risk analysis in order to identify measures to reduce or eliminate its impact.