Article | REF: SE2505 V2

Cyber risk management - Risk identification, detection, analysis, treatment and transfer

Authors: Nicolas DUFOUR, Matthieu BARRIER

Publication date: September 10, 2022

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!

Français

3. Cyber risk analysis

This section uses case studies to address the specific challenges of cyber risk analysis.

Detecting cyber risk and taking into account the severity of an intrusion involves defining several items: the intrinsic severity of an intrusion, the probability of being exposed to the risk and of detecting it.

3.1 Defining a severity level

In terms of risk analysis, information systems security involves defining a scale of severity for each type of incident.

The example in table 5 is a severity scale used by a company in the industrial sector, defining the level of compromise of assets and systems by level of impact in the event of an intrusion....

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!

The Ultimate Scientific and Technical Reference

A Comprehensive Knowledge Base, with over 1,200 authors and 100 scientific advisors

+ More than 10,000 articles and 1,000 how-to sheets, over 800 new or updated articles every year

From design to prototyping, right through to industrialization, the reference for securing the development of your industrial projects

This article is included in

Security of information systems

This offer includes:

Knowledge Base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

Practical Path

Operational and didactic, to guarantee the acquisition of transversal skills

Doc & Quiz

Interactive articles with quizzes, for constructive reading

Subscribe now!

Ongoing reading
Cyber risk analysis

Previous
page Detecting cyber risks

Cybersecurity players

Bibliography

(1) - BARR (A.), RAIMBAULT (C.A.) - Risques émergents, un pilotage stratégique. - Economica (2010).
(2) - DARSA (J.-D.), DUFOUR (N.) - Le coût du risque, un enjeu majeur pour l'entreprise. - Dd. Gereso (2014)....

Websites

Hack this site http://www.hackthissite.org

Newbie Contest http://www.newbiecontest.org

ANSSI (French National Agency for Information Systems Security) https://www.ssi.gouv.fr/

...

Standards and norms

Information Technology – Safety technology – Information security management systems – Requirements - ISO/IEC 27001:2013 - 2013
Information Technology – Safety technology – Code of practice for information security management - ISO/IEC 27002:2013 - 2013

Regulations

Law no. 2013-1168 of December 18, 2013 on military programming for the years 2014 to 2019 and on various provisions concerning defense and national security

Regulation No. 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection...

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!

The Ultimate Scientific and Technical Reference

A Comprehensive Knowledge Base, with over 1,200 authors and 100 scientific advisors

+ More than 10,000 articles and 1,000 how-to sheets, over 800 new or updated articles every year

From design to prototyping, right through to industrialization, the reference for securing the development of your industrial projects

Outline
Full outline