Review
BibTex RIS Cite

Siber Risk Yönetimi Üzerine Bir İnceleme

Year 2019, , 34 - 45, 28.06.2019
https://doi.org/10.26650/acin.502589

Abstract

      Bu
çalışmada Siber Risk Yönetimi ile ilgili yapılmış önemli çalışmalar
aktarılmaktadır. Bu çalışmaların içeriğinde hangi aşamalara, yöntemlere ve
adımlara yer verdikleri örneklerle açıklanmakta ve yapılan çalışmalarla ilgili
detaylar sunulmaktadır. Bu detaylar sunulmadan önce giriş kısmında risk
analizinden ve siber risk ile ilgili önemli ve detaylı bilgiler verilmektedir.
Ayrıca yine giriş bölümünde siber tehdit hazırlık seviyelerinden ve siber
tehdit araçlarından bahsedilmektedir. Bahsedilen siber tehdit araçları
detaylıca anlatılarak örneklenmektedir. 
Sonrasında daha öncede belirttiğimiz gibi toplamda konu ile alakalı 9
çalışma incelenmiştir. Bu çalışmalar ışığında bu alanda başka ne tür çalışmalar
yapılabileceği veya mevcut çalışmalara başka hangi yöntem ve adımlar
eklenebileceği de ileriki çalışmalarda yer verilebilecek bir nokta olarak da
belirtilmiştir.

References

  • Altundal Ömer F., “DDoS nedir, ne değildir?”, http://www.siberguvenlik.org.tr/makaleler/ddos-nedir-ne-degildir/, August 2012
  • Bodreu Deborah J., Graubart Richard, Fabius-Greene Jennifer,” Improving Cyber Security and Mission Assurance Via Cyber Preparedness (Cyber Prep) Levels”, 2010 IEEE Second International Conference on Social Computing (SocialCom), August 2010 ,( 1147 – 1152).Byres E, Franz M, Miller D. The use of attack trees in assessing vulnerabilities in SCADA systems. Proceedings of the international infrastructure survivability workshop, 2004
  • Choo Kim-Kwang Raymond , “The cyber threat landscape: Challenges and future research directions”, Computers and Security, November 2011, (719-731)Çitil Ferhat, “HTML Injection Tehlikesi”, http://www.cybersecurity.org.tr/Madde/220/HTML-Injection-Tehlikesi- ,2009
  • Dwen-Ren Tsai; Chang A.Y., Peichi Liu, Hsuan-Chang Chen, “Optimum Tuning of Defense Settings for Common Attacks on the Web Applications”, Security Technology, 2009. 43rd Annual 2009 International Carnahan Conference on ,January 2009, (89 – 94)
  • Gertman D, Folkers R, Roberts J. Scenario-based approach to risk analysis in support of cyber security. Proceedings of the 5th international topical meeting on nuclear plant instrumentation controls, and human machine interface technology, 2006
  • Haimes YY, Horowitz BM. Adaptive two-player hierarchical holographic modeling game for counterterrorism intelligence analysis. J Homel Secur Emerg Manag 2004;1(3):121
  • Henry M, Haimes Y. A comprehensive network security risk model for process control networks. Risk Anal 2009;29(2):223248.Jumratjaroenvanit A. , Teng-amnuay Y., ” Probability of Attack Based on System Vulnerability Life Cycle”, Electronic Commerce and Security, 2008 International Symposium on, August 2008, (531 – 535)
  • In Hoh Peter, Kim Young-Gab, Lee Taek, Moon Chang-Joo, Jung Yoonjung, Kim Injung, “A Security Risk Analysis Model for Information Systems”, http://www.luisolis.com/seminario2011/papers/A Security Risk Analysis Model for Information Systems.pdf, 2011
  • Internet World Stats, www.internetworldstats.com/stats.htm, June 30, 2018
  • LeMay E, Unkenholz W, Parks D, Muehrcke C, Keefe K, Sanders WH. Adversary-driven state-based system security evaluation. In: Proceedings of the 6th international workshop on security measurements and metrics. ACM; 2010. p. 5
  • LeMay E, Ford M, Keefe K, Sanders W, Muehrcke C. Model-based security metrics using adversary view security evaluation (advise). In: 2011 eighth international conference on quantitative evaluation of systems (QEST). IEEE; 2011. p. 191– 200
  • Mass Soldal Lund, Bjørnar Solhaug & Ketil Stølen (2011): Model-Driven Risk Analysis: The CORAS Approach, 1st edition.McQueen M, Boyer W, Flynn M, Beitel G. A quantitative cyber risk reduction estimation methodology for a Small SCADA control system. In: Proceedings of the 39th annual Hawaii international conference on system sciences. ACM; 2006
  • Patel S, Graham J, Ralston P. Quantitatively assessing the vulnerability of critical information systems: a new method for evaluating security enhancements. Int J Inf Manage 2008;28(6):483–91
  • Permann MR, Rohde K. Cyber assessment methods for SCADA security. 15th annual joint ISA POWID/EPRI controls and instrumentation conference, Nashville, TN, 2005
  • Salinas MH. Combining multiple perspectives in the specification of a security assessment methodology [Ph.D. thesis], University of Virginia, 2003
  • Song J, Lee J, Lee C, Kwon K, Lee D. A cyber security risk assessment for the design of I&C Systems in nuclear power plants. Nucl Eng Technol 2012;44(8):919–28
  • Ten C-W, Manimaran G, Liu C-C. Cybersecurity for critical infrastructures: attack and defense modeling. IEEE Trans Syst Man Cybern A Syst Hum 2010;40(4):853–65
  • Wills David Barnard, Ashenden Debi, “Securing Virtual Space: Cyber War, Cyber Terror, and Risk” ,Space and Culture, May 2012, (110-123)

A Review on Cyber Risk Management

Year 2019, , 34 - 45, 28.06.2019
https://doi.org/10.26650/acin.502589

Abstract

    In this study, important studies on Cyber Risk
Management are discussed. The stages of these studies are explained with
examples of the steps, methods and steps they take and the details of the
studies are presented. Before these details are presented, important and
detailed information about risk analysis and cyber risk is provided in the
introduction. In addition, cyber threat preparednessation levels and cyber threat tools
are mentioned in the introduction. The mentioned cyber threat tools are
described in detail. As mentioned earlier, 9 studies related to the subject
were examined. In the light of these studies, it is stated that what kind of
studies can be done in this area or what other methods and steps can be added
to the current studies as a point that can be included in future studies.

References

  • Altundal Ömer F., “DDoS nedir, ne değildir?”, http://www.siberguvenlik.org.tr/makaleler/ddos-nedir-ne-degildir/, August 2012
  • Bodreu Deborah J., Graubart Richard, Fabius-Greene Jennifer,” Improving Cyber Security and Mission Assurance Via Cyber Preparedness (Cyber Prep) Levels”, 2010 IEEE Second International Conference on Social Computing (SocialCom), August 2010 ,( 1147 – 1152).Byres E, Franz M, Miller D. The use of attack trees in assessing vulnerabilities in SCADA systems. Proceedings of the international infrastructure survivability workshop, 2004
  • Choo Kim-Kwang Raymond , “The cyber threat landscape: Challenges and future research directions”, Computers and Security, November 2011, (719-731)Çitil Ferhat, “HTML Injection Tehlikesi”, http://www.cybersecurity.org.tr/Madde/220/HTML-Injection-Tehlikesi- ,2009
  • Dwen-Ren Tsai; Chang A.Y., Peichi Liu, Hsuan-Chang Chen, “Optimum Tuning of Defense Settings for Common Attacks on the Web Applications”, Security Technology, 2009. 43rd Annual 2009 International Carnahan Conference on ,January 2009, (89 – 94)
  • Gertman D, Folkers R, Roberts J. Scenario-based approach to risk analysis in support of cyber security. Proceedings of the 5th international topical meeting on nuclear plant instrumentation controls, and human machine interface technology, 2006
  • Haimes YY, Horowitz BM. Adaptive two-player hierarchical holographic modeling game for counterterrorism intelligence analysis. J Homel Secur Emerg Manag 2004;1(3):121
  • Henry M, Haimes Y. A comprehensive network security risk model for process control networks. Risk Anal 2009;29(2):223248.Jumratjaroenvanit A. , Teng-amnuay Y., ” Probability of Attack Based on System Vulnerability Life Cycle”, Electronic Commerce and Security, 2008 International Symposium on, August 2008, (531 – 535)
  • In Hoh Peter, Kim Young-Gab, Lee Taek, Moon Chang-Joo, Jung Yoonjung, Kim Injung, “A Security Risk Analysis Model for Information Systems”, http://www.luisolis.com/seminario2011/papers/A Security Risk Analysis Model for Information Systems.pdf, 2011
  • Internet World Stats, www.internetworldstats.com/stats.htm, June 30, 2018
  • LeMay E, Unkenholz W, Parks D, Muehrcke C, Keefe K, Sanders WH. Adversary-driven state-based system security evaluation. In: Proceedings of the 6th international workshop on security measurements and metrics. ACM; 2010. p. 5
  • LeMay E, Ford M, Keefe K, Sanders W, Muehrcke C. Model-based security metrics using adversary view security evaluation (advise). In: 2011 eighth international conference on quantitative evaluation of systems (QEST). IEEE; 2011. p. 191– 200
  • Mass Soldal Lund, Bjørnar Solhaug & Ketil Stølen (2011): Model-Driven Risk Analysis: The CORAS Approach, 1st edition.McQueen M, Boyer W, Flynn M, Beitel G. A quantitative cyber risk reduction estimation methodology for a Small SCADA control system. In: Proceedings of the 39th annual Hawaii international conference on system sciences. ACM; 2006
  • Patel S, Graham J, Ralston P. Quantitatively assessing the vulnerability of critical information systems: a new method for evaluating security enhancements. Int J Inf Manage 2008;28(6):483–91
  • Permann MR, Rohde K. Cyber assessment methods for SCADA security. 15th annual joint ISA POWID/EPRI controls and instrumentation conference, Nashville, TN, 2005
  • Salinas MH. Combining multiple perspectives in the specification of a security assessment methodology [Ph.D. thesis], University of Virginia, 2003
  • Song J, Lee J, Lee C, Kwon K, Lee D. A cyber security risk assessment for the design of I&C Systems in nuclear power plants. Nucl Eng Technol 2012;44(8):919–28
  • Ten C-W, Manimaran G, Liu C-C. Cybersecurity for critical infrastructures: attack and defense modeling. IEEE Trans Syst Man Cybern A Syst Hum 2010;40(4):853–65
  • Wills David Barnard, Ashenden Debi, “Securing Virtual Space: Cyber War, Cyber Terror, and Risk” ,Space and Culture, May 2012, (110-123)
There are 18 citations in total.

Details

Primary Language English
Subjects Computer Software
Journal Section Makaleler
Authors

Şükrü Okul 0000-0001-6645-7933

Orhan Muratoğlu This is me

M. Ali Aydın This is me

Hasan Şakir Bilge 0000-0002-4945-0884

Publication Date June 28, 2019
Submission Date December 25, 2018
Published in Issue Year 2019

Cite

APA Okul, Ş., Muratoğlu, O., Aydın, M. A., Bilge, H. Ş. (2019). A Review on Cyber Risk Management. Acta Infologica, 3(1), 34-45. https://doi.org/10.26650/acin.502589
AMA Okul Ş, Muratoğlu O, Aydın MA, Bilge HŞ. A Review on Cyber Risk Management. ACIN. June 2019;3(1):34-45. doi:10.26650/acin.502589
Chicago Okul, Şükrü, Orhan Muratoğlu, M. Ali Aydın, and Hasan Şakir Bilge. “A Review on Cyber Risk Management”. Acta Infologica 3, no. 1 (June 2019): 34-45. https://doi.org/10.26650/acin.502589.
EndNote Okul Ş, Muratoğlu O, Aydın MA, Bilge HŞ (June 1, 2019) A Review on Cyber Risk Management. Acta Infologica 3 1 34–45.
IEEE Ş. Okul, O. Muratoğlu, M. A. Aydın, and H. Ş. Bilge, “A Review on Cyber Risk Management”, ACIN, vol. 3, no. 1, pp. 34–45, 2019, doi: 10.26650/acin.502589.
ISNAD Okul, Şükrü et al. “A Review on Cyber Risk Management”. Acta Infologica 3/1 (June 2019), 34-45. https://doi.org/10.26650/acin.502589.
JAMA Okul Ş, Muratoğlu O, Aydın MA, Bilge HŞ. A Review on Cyber Risk Management. ACIN. 2019;3:34–45.
MLA Okul, Şükrü et al. “A Review on Cyber Risk Management”. Acta Infologica, vol. 3, no. 1, 2019, pp. 34-45, doi:10.26650/acin.502589.
Vancouver Okul Ş, Muratoğlu O, Aydın MA, Bilge HŞ. A Review on Cyber Risk Management. ACIN. 2019;3(1):34-45.