Siber Risk Yönetimi Üzerine Bir İnceleme

Öz

      Bu çalışmada Siber Risk Yönetimi ile ilgili yapılmış önemli çalışmalar aktarılmaktadır. Bu çalışmaların içeriğinde hangi aşamalara, yöntemlere ve adımlara yer verdikleri örneklerle açıklanmakta ve yapılan çalışmalarla ilgili detaylar sunulmaktadır. Bu detaylar sunulmadan önce giriş kısmında risk analizinden ve siber risk ile ilgili önemli ve detaylı bilgiler verilmektedir. Ayrıca yine giriş bölümünde siber tehdit hazırlık seviyelerinden ve siber tehdit araçlarından bahsedilmektedir. Bahsedilen siber tehdit araçları detaylıca anlatılarak örneklenmektedir.  Sonrasında daha öncede belirttiğimiz gibi toplamda konu ile alakalı 9 çalışma incelenmiştir. Bu çalışmalar ışığında bu alanda başka ne tür çalışmalar yapılabileceği veya mevcut çalışmalara başka hangi yöntem ve adımlar eklenebileceği de ileriki çalışmalarda yer verilebilecek bir nokta olarak da belirtilmiştir.

Anahtar Kelimeler

• Siber Güvenlik,Siber Risk,Siber Risk Yönetimi

A Review on Cyber Risk Management

Öz

    In this study, important studies on Cyber Risk Management are discussed. The stages of these studies are explained with examples of the steps, methods and steps they take and the details of the studies are presented. Before these details are presented, important and detailed information about risk analysis and cyber risk is provided in the introduction. In addition, cyber threat preparednessation levels and cyber threat tools are mentioned in the introduction. The mentioned cyber threat tools are described in detail. As mentioned earlier, 9 studies related to the subject were examined. In the light of these studies, it is stated that what kind of studies can be done in this area or what other methods and steps can be added to the current studies as a point that can be included in future studies.

Anahtar Kelimeler

• Cyber Security,Cyber Risk,Cyber Risk Management

Kaynakça

1. Altundal Ömer F., “DDoS nedir, ne değildir?”, http://www.siberguvenlik.org.tr/makaleler/ddos-nedir-ne-degildir/, August 2012
2. Bodreu Deborah J., Graubart Richard, Fabius-Greene Jennifer,” Improving Cyber Security and Mission Assurance Via Cyber Preparedness (Cyber Prep) Levels”, 2010 IEEE Second International Conference on Social Computing (SocialCom), August 2010 ,( 1147 – 1152).Byres E, Franz M, Miller D. The use of attack trees in assessing vulnerabilities in SCADA systems. Proceedings of the international infrastructure survivability workshop, 2004
3. Choo Kim-Kwang Raymond , “The cyber threat landscape: Challenges and future research directions”, Computers and Security, November 2011, (719-731)Çitil Ferhat, “HTML Injection Tehlikesi”, http://www.cybersecurity.org.tr/Madde/220/HTML-Injection-Tehlikesi- ,2009
4. Dwen-Ren Tsai; Chang A.Y., Peichi Liu, Hsuan-Chang Chen, “Optimum Tuning of Defense Settings for Common Attacks on the Web Applications”, Security Technology, 2009. 43rd Annual 2009 International Carnahan Conference on ,January 2009, (89 – 94)
5. Gertman D, Folkers R, Roberts J. Scenario-based approach to risk analysis in support of cyber security. Proceedings of the 5th international topical meeting on nuclear plant instrumentation controls, and human machine interface technology, 2006
6. Haimes YY, Horowitz BM. Adaptive two-player hierarchical holographic modeling game for counterterrorism intelligence analysis. J Homel Secur Emerg Manag 2004;1(3):121
7. Henry M, Haimes Y. A comprehensive network security risk model for process control networks. Risk Anal 2009;29(2):223248.Jumratjaroenvanit A. , Teng-amnuay Y., ” Probability of Attack Based on System Vulnerability Life Cycle”, Electronic Commerce and Security, 2008 International Symposium on, August 2008, (531 – 535)
8. In Hoh Peter, Kim Young-Gab, Lee Taek, Moon Chang-Joo, Jung Yoonjung, Kim Injung, “A Security Risk Analysis Model for Information Systems”, http://www.luisolis.com/seminario2011/papers/A Security Risk Analysis Model for Information Systems.pdf, 2011

9. Internet World Stats, www.internetworldstats.com/stats.htm, June 30, 2018
10. LeMay E, Unkenholz W, Parks D, Muehrcke C, Keefe K, Sanders WH. Adversary-driven state-based system security evaluation. In: Proceedings of the 6th international workshop on security measurements and metrics. ACM; 2010. p. 5
11. LeMay E, Ford M, Keefe K, Sanders W, Muehrcke C. Model-based security metrics using adversary view security evaluation (advise). In: 2011 eighth international conference on quantitative evaluation of systems (QEST). IEEE; 2011. p. 191– 200
12. Mass Soldal Lund, Bjørnar Solhaug & Ketil Stølen (2011): Model-Driven Risk Analysis: The CORAS Approach, 1st edition.McQueen M, Boyer W, Flynn M, Beitel G. A quantitative cyber risk reduction estimation methodology for a Small SCADA control system. In: Proceedings of the 39th annual Hawaii international conference on system sciences. ACM; 2006
13. Patel S, Graham J, Ralston P. Quantitatively assessing the vulnerability of critical information systems: a new method for evaluating security enhancements. Int J Inf Manage 2008;28(6):483–91
14. Permann MR, Rohde K. Cyber assessment methods for SCADA security. 15th annual joint ISA POWID/EPRI controls and instrumentation conference, Nashville, TN, 2005
15. Salinas MH. Combining multiple perspectives in the specification of a security assessment methodology [Ph.D. thesis], University of Virginia, 2003
16. Song J, Lee J, Lee C, Kwon K, Lee D. A cyber security risk assessment for the design of I&C Systems in nuclear power plants. Nucl Eng Technol 2012;44(8):919–28
17. Ten C-W, Manimaran G, Liu C-C. Cybersecurity for critical infrastructures: attack and defense modeling. IEEE Trans Syst Man Cybern A Syst Hum 2010;40(4):853–65
18. Wills David Barnard, Ashenden Debi, “Securing Virtual Space: Cyber War, Cyber Terror, and Risk” ,Space and Culture, May 2012, (110-123)