TY - JOUR T1 - A Review on Cyber Risk Management TT - Siber Risk Yönetimi Üzerine Bir İnceleme AU - Okul, Şükrü AU - Muratoğlu, Orhan AU - Aydın, M. Ali AU - Bilge, Hasan Şakir PY - 2019 DA - June DO - 10.26650/acin.502589 JF - Acta Infologica JO - ACIN PB - İstanbul Üniversitesi WT - DergiPark SN - 2602-3563 SP - 34 EP - 45 VL - 3 IS - 1 LA - en AB - In this study, important studies on Cyber RiskManagement are discussed. The stages of these studies are explained withexamples of the steps, methods and steps they take and the details of thestudies are presented. Before these details are presented, important anddetailed information about risk analysis and cyber risk is provided in theintroduction. In addition, cyber threat preparednessation levels and cyber threat toolsare mentioned in the introduction. The mentioned cyber threat tools aredescribed in detail. As mentioned earlier, 9 studies related to the subjectwere examined. In the light of these studies, it is stated that what kind ofstudies can be done in this area or what other methods and steps can be addedto the current studies as a point that can be included in future studies. KW - Cyber Security KW - Cyber Risk KW - Cyber Risk Management N2 - Buçalışmada Siber Risk Yönetimi ile ilgili yapılmış önemli çalışmalaraktarılmaktadır. Bu çalışmaların içeriğinde hangi aşamalara, yöntemlere veadımlara yer verdikleri örneklerle açıklanmakta ve yapılan çalışmalarla ilgilidetaylar sunulmaktadır. Bu detaylar sunulmadan önce giriş kısmında riskanalizinden ve siber risk ile ilgili önemli ve detaylı bilgiler verilmektedir.Ayrıca yine giriş bölümünde siber tehdit hazırlık seviyelerinden ve sibertehdit araçlarından bahsedilmektedir. Bahsedilen siber tehdit araçlarıdetaylıca anlatılarak örneklenmektedir.Sonrasında daha öncede belirttiğimiz gibi toplamda konu ile alakalı 9çalışma incelenmiştir. Bu çalışmalar ışığında bu alanda başka ne tür çalışmalaryapılabileceği veya mevcut çalışmalara başka hangi yöntem ve adımlareklenebileceği de ileriki çalışmalarda yer verilebilecek bir nokta olarak dabelirtilmiştir. CR - Altundal Ömer F., “DDoS nedir, ne değildir?”, http://www.siberguvenlik.org.tr/makaleler/ddos-nedir-ne-degildir/, August 2012 CR - Bodreu Deborah J., Graubart Richard, Fabius-Greene Jennifer,” Improving Cyber Security and Mission Assurance Via Cyber Preparedness (Cyber Prep) Levels”, 2010 IEEE Second International Conference on Social Computing (SocialCom), August 2010 ,( 1147 – 1152).Byres E, Franz M, Miller D. The use of attack trees in assessing vulnerabilities in SCADA systems. Proceedings of the international infrastructure survivability workshop, 2004 CR - Choo Kim-Kwang Raymond , “The cyber threat landscape: Challenges and future research directions”, Computers and Security, November 2011, (719-731)Çitil Ferhat, “HTML Injection Tehlikesi”, http://www.cybersecurity.org.tr/Madde/220/HTML-Injection-Tehlikesi- ,2009 CR - Dwen-Ren Tsai; Chang A.Y., Peichi Liu, Hsuan-Chang Chen, “Optimum Tuning of Defense Settings for Common Attacks on the Web Applications”, Security Technology, 2009. 43rd Annual 2009 International Carnahan Conference on ,January 2009, (89 – 94) CR - Gertman D, Folkers R, Roberts J. Scenario-based approach to risk analysis in support of cyber security. Proceedings of the 5th international topical meeting on nuclear plant instrumentation controls, and human machine interface technology, 2006 CR - Haimes YY, Horowitz BM. Adaptive two-player hierarchical holographic modeling game for counterterrorism intelligence analysis. J Homel Secur Emerg Manag 2004;1(3):121 CR - Henry M, Haimes Y. A comprehensive network security risk model for process control networks. Risk Anal 2009;29(2):223248.Jumratjaroenvanit A. , Teng-amnuay Y., ” Probability of Attack Based on System Vulnerability Life Cycle”, Electronic Commerce and Security, 2008 International Symposium on, August 2008, (531 – 535) CR - In Hoh Peter, Kim Young-Gab, Lee Taek, Moon Chang-Joo, Jung Yoonjung, Kim Injung, “A Security Risk Analysis Model for Information Systems”, http://www.luisolis.com/seminario2011/papers/A Security Risk Analysis Model for Information Systems.pdf, 2011 CR - Internet World Stats, www.internetworldstats.com/stats.htm, June 30, 2018 CR - LeMay E, Unkenholz W, Parks D, Muehrcke C, Keefe K, Sanders WH. Adversary-driven state-based system security evaluation. In: Proceedings of the 6th international workshop on security measurements and metrics. ACM; 2010. p. 5 CR - LeMay E, Ford M, Keefe K, Sanders W, Muehrcke C. Model-based security metrics using adversary view security evaluation (advise). In: 2011 eighth international conference on quantitative evaluation of systems (QEST). IEEE; 2011. p. 191– 200 CR - Mass Soldal Lund, Bjørnar Solhaug & Ketil Stølen (2011): Model-Driven Risk Analysis: The CORAS Approach, 1st edition.McQueen M, Boyer W, Flynn M, Beitel G. A quantitative cyber risk reduction estimation methodology for a Small SCADA control system. In: Proceedings of the 39th annual Hawaii international conference on system sciences. ACM; 2006 CR - Patel S, Graham J, Ralston P. Quantitatively assessing the vulnerability of critical information systems: a new method for evaluating security enhancements. Int J Inf Manage 2008;28(6):483–91 CR - Permann MR, Rohde K. Cyber assessment methods for SCADA security. 15th annual joint ISA POWID/EPRI controls and instrumentation conference, Nashville, TN, 2005 CR - Salinas MH. Combining multiple perspectives in the specification of a security assessment methodology [Ph.D. thesis], University of Virginia, 2003 CR - Song J, Lee J, Lee C, Kwon K, Lee D. A cyber security risk assessment for the design of I&C Systems in nuclear power plants. Nucl Eng Technol 2012;44(8):919–28 CR - Ten C-W, Manimaran G, Liu C-C. Cybersecurity for critical infrastructures: attack and defense modeling. IEEE Trans Syst Man Cybern A Syst Hum 2010;40(4):853–65 CR - Wills David Barnard, Ashenden Debi, “Securing Virtual Space: Cyber War, Cyber Terror, and Risk” ,Space and Culture, May 2012, (110-123) UR - https://doi.org/10.26650/acin.502589 L1 - http://dergipark.org.tr/tr/download/article-file/745836 ER -