A Web Platform for Integrated Vulnerability Assessment and Cyber Risk Management

Cyber risk management is a very important problem for every company connected to the internet. Usually, risk management is done considering only Risk Analysis without connecting it with Vulnerability Assessment, using external and expensive tools. In this paper we present CYber Risk Vulnerability Management (CYRVM)—a custom-made software platform devised to simplify and improve automation and continuity in cyber security assessment. CYRVM’s main novelties are the combination, in a single and easy-to-use Web-based software platform, of an online Vulnerability Assessment tool within a Risk Analysis framework following the NIST 800-30 Risk Management guidelines and the integration of predictive solutions able to suggest to the user the risk rating and classification.

[1]  Ina Schieferdecker,et al.  A taxonomy of risk-based testing , 2014, International Journal on Software Tools for Technology Transfer.

[2]  Sandra König,et al.  An adaptive supply chain cyber risk management methodology , 2017 .

[3]  Florian Skopik,et al.  A collaborative cyber incident management system for European interconnected critical infrastructures , 2017, J. Inf. Secur. Appl..

[4]  Stratis Ioannidis,et al.  Privacy-preserving matrix factorization , 2013, CCS.

[5]  Debajyoti Mukhopadhyay,et al.  Role of Matrix Factorization Model in Collaborative Filtering Algorithm: A Survey , 2015, ArXiv.

[6]  Martin Ester,et al.  A matrix factorization technique with trust propagation for recommendation in social networks , 2010, RecSys '10.

[7]  Ali Taylan Cemgil,et al.  Comparison of collaborative deep learning and nonnegative matrix factorization for recommender systems , 2017, 2017 25th Signal Processing and Communications Applications Conference (SIU).

[8]  Inderjit S. Dhillon,et al.  Scalable Coordinate Descent Approaches to Parallel Matrix Factorization for Recommender Systems , 2012, 2012 IEEE 12th International Conference on Data Mining.

[9]  Christian Damsgaard Jensen,et al.  The Importance of Trust in Computer Security , 2014, IFIPTM.

[10]  Martin Eling,et al.  Insurability of Cyber Risk: An Empirical Analysis , 2014, The Geneva Papers on Risk and Insurance - Issues and Practice.

[11]  Domonkos Tikk,et al.  Matrix factorization and neighbor based algorithms for the netflix prize problem , 2008, RecSys '08.

[12]  Jiajie Xu,et al.  Privacy-Preserving Collaborative Web Services QoS Prediction via Differential Privacy , 2017, APWeb/WAIM.

[13]  Shalini Batra,et al.  An efficient multi-party scheme for privacy preserving collaborative filtering for healthcare recommender system , 2018, Future Gener. Comput. Syst..

[14]  Enrico Biffis,et al.  Satellite Data and Machine Learning for Weather Risk Management and Food Security , 2017, Risk analysis : an official publication of the Society for Risk Analysis.

[15]  Pier Luigi Marchini,et al.  Cyber Risk. The New Enemy for Risk Management in the Age of Globalisation , 2018 .

[16]  Jürgen Großmann,et al.  Combining Security Risk Assessment and Security Testing Based on Standards , 2015, RISK.

[17]  Ruben D. Cohen,et al.  Understanding Cyber-Risk and Cyber-Insurance , 2018 .

[18]  Erik Hofmann,et al.  Industry 4.0 and the current status as well as future prospects on logistics , 2017, Comput. Ind..

[19]  Jan Hendrik Wirfs,et al.  Insurability of Cyber Risk: An Empirical Analysis , 2014, The Geneva Papers on Risk and Insurance - Issues and Practice.

[20]  Yehuda Koren,et al.  Matrix Factorization Techniques for Recommender Systems , 2009, Computer.

[21]  Ao Li,et al.  An efficient nonnegative matrix factorization model for finding cancer associated genes by integrating data from genome, transcriptome and interactome , 2018, 2018 52nd Annual Conference on Information Sciences and Systems (CISS).

[22]  Haralambos Mouratidis,et al.  Privacy-preserving collaborative recommendations based on random perturbations , 2017, Expert Syst. Appl..

[23]  Tsan-sheng Hsu,et al.  Privacy-Preserving Collaborative Recommender Systems , 2010, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[24]  B. Geluvaraj,et al.  The Future of Cybersecurity: Major Role of Artificial Intelligence, Machine Learning, and Deep Learning in Cyberspace , 2018, International Conference on Computer Networks and Communication Technologies.

[25]  Can Saygin,et al.  Risk Assessment for Cyber Security of Manufacturing Systems: A Game Theory Approach , 2019 .

[26]  F. Frank Chen,et al.  Cloud Kanban Framework for Service Operations Management , 2018 .

[27]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[28]  Yan Li,et al.  Approaches for the combined use of risk analysis and testing: a systematic literature review , 2014, International Journal on Software Tools for Technology Transfer.

[29]  Edward W. Frees,et al.  Predictive Modeling for Usage-Based Auto Insurance , 2016 .

[30]  Hamed Bouzary,et al.  Service optimal selection and composition in cloud manufacturing: a comprehensive survey , 2018 .

[31]  Gareth W. Peters Statistical Machine Learning and Data Analytic Methods for Risk and Insurance , 2017 .

[32]  Florian Skopik,et al.  The Importance of Information Sharing and Its Numerous Dimensions to Circumvent Incidents and Mitigate Cyber Threats 1 , 2017 .

[33]  Christos Douligeris,et al.  S-Port: Collaborative security management of Port Information systems , 2013, IISA 2013.

[34]  Sachin Shetty,et al.  Risk Management Using Cyber-Threat Information Sharing and Cyber-Insurance , 2017, GAMENETS.