Covid Best Practices for Cyber Risk Management

2021 ◽  
Author(s):  
Syed M. Belal ◽  
MD Abdur Rahman
Keyword(s):  
Risk Management ◽  
Critical Infrastructure ◽  
Industrial Sector ◽  
Remote Access ◽  
Acceptable Level ◽  
Direct Access ◽  
Remote Work ◽  
The Face ◽  
Iec 62443 ◽  
Cyber Risk

Abstract If we learned anything from the year 2020, it is that we need to be more prepared for the unexpected. We need to be working to enable our business to be more resilient in the face of unexpected challenges. We strongly believe that for the industrial sector, the most effective way to enable resiliency is to ensure you have integrity in your operational technology (OT). The objective of this paper is to identify and manage the risk that arose from managing plants remotely. As a result of COVID-19, people started working and managing from home. While this needed to be done to keep businesses running, many risks were introduced as well. How to manage them effectively to reduce cyber risk to an acceptable level will be discussed. Industrial frameworks to identify security gaps, and thus risk, were considered, such as ISA-99/IEC-62443, NIST, ISO-27001, and Top CIS controls. New practices critical infrastructure followed to reduce infection rates were identified from interviews and surveys conducted by PAS, part of Hexagon, of our customers who work with critical infrastructure. These new practices were then compared to the industrial risk management framework to identify the severity of the threats. Once these were identified, mitigation plans were recommended to reduce the risk to an acceptable level. Because of this rapid shift to run the plant remotely, there was an over-provisioning of access in the early stages of the pandemic – i.e., giving more direct access to the industrial control system environment. This was not wise from a security standpoint, but the priority was to keep businesses up and running, so they were ready to take that risk. Now that some organizations have decided to continue with remote work, it is imperative to verify all remote access considers the least privileged access concept. Remote access is like a bridge that bypasses all the controls implemented. Having a remote access vulnerability will help bad actors break into the network and cause catastrophic damage. Though this paper focuses on remote access risk introduced by the COVID-19 pandemic, you can apply the findings to all remote access into critical infrastructure.

scholarly journals Implementing Cybersecurity Measures in Transport Organisation

2020 ◽  
Vol 3 (1) ◽  
Author(s):  
Silvana Tomić Rotim
Keyword(s):  
Risk Assessment ◽  
Risk Management ◽  
Critical Infrastructure ◽  
Acceptable Level ◽  
Transport Infrastructure ◽  
Business Continuity ◽  
Transport Organization ◽  
Risk Treatment ◽  
Risk Management Methodology

The Article describes the phases of implementing the necessary measures according to Cybersecurity Regulation for critical infrastructure and ISO 27032 standard. As a base for identification of the necessary measures in transport organization the risk assessment has been done. The Risk Management Methodology has been described as well as the results of the risk assessment. The main aspects of risk treatment with the most suitable measures for Cyber risks are identified. Also as very important aspect of protecting critical transport infrastructure we have identified the critical services and prepared business continuity plans. The main steps and results in providing the acceptable level of availability and opportunities for continuity are presented and explained.

scholarly journals Cyber Risk Management for Critical Infrastructure: A Risk Analysis Model and Three Case Studies

Risk Analysis ◽  
2017 ◽  
Vol 38 (2) ◽  
pp. 226-241 ◽  
Author(s):  
M.-Elisabeth Paté-Cornell ◽  
Marshall Kuypers ◽  
Matthew Smith ◽  
Philip Keller
Keyword(s):  
Risk Management ◽  
Risk Analysis ◽  
Case Studies ◽  
Critical Infrastructure ◽  
Analysis Model ◽  
Cyber Risk

scholarly journals Cyber-risk management: identification, prevention, and mitigation techniques

2021 ◽  
Author(s):  
Naveen Kunnathuvalappil Hariharan
Keyword(s):  
Risk Management ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Identity Theft ◽  
Cyber Attacks ◽  
Cyber Terrorism ◽  
Mitigation Techniques ◽  
Cyber Risk ◽  
Careful Management

Cyber-attacks on critical infrastructure, as well as the possibility of cyber-terrorism and even cyberwarfare, pose a threat to societies on a larger scale. Stakeholders are vulnerable to information theft,service disruptions, privacy and identity theft, fraud, espionage and sabotage. This article provides abrief overview of risk management, with a particular emphasis on cyber security and cyber-riskassessment. This article provides an overview of risk management, with a particular emphasis oncyber security detection, prevention, and mitigation techniques. We showed how organizations couldmitigate their cyber risk with careful management.

Cyber Risk. The New Enemy for Risk Management in the Age of Globalisation

2018 ◽  
pp. 135-155 ◽  
Author(s):  
Chiara Crovini ◽  
Giovanni Ossola ◽  
Pier Luigi Marchini
Keyword(s):  
Risk Management ◽  
Cyber Risk

scholarly journals Securing Remote Access to Information Systems of Critical Infrastructure Using Two-Factor Authentication

Electronics ◽  
2021 ◽  
Vol 10 (15) ◽  
pp. 1819
Author(s):  
Rasa Bruzgiene ◽  
Konstantinas Jurgilas
Keyword(s):  
Information Systems ◽  
Identity Management ◽  
Critical Infrastructure ◽  
User Authentication ◽  
Remote Access ◽  
Access To Information ◽  
Digital Space ◽  
Cyber Threats ◽  
The Core ◽  
Common Target

Information systems of critical infrastructure provide services on which the core functions of a state and its economy depend as well as welfare of society. Such systems are becoming an increasingly common target for crimes and attacks in cyberspace, as their vulnerabilities can be exploited for malicious activities seeking financial or political gain. One of the main reasons that threatens the security of these systems is the weak control of remote access, otherwise defined as management of a system’s user identity. Management of user identity depends on user authentication, authorization and the assignment of certain rights in the digital space. This paper provides the proposed two-factor (2FA) digital authentication method for remote access to an information system of a critical infrastructure. Results of testing the method’s usability and resilience to cyber threats have shown that the system, in which the method was implemented, is protected from dangerous HTTP requests and publicly available system’s endpoints are protected from threatening inputs that could cause malicious activities on the critical infrastructure. Additionally, the implementation of the authentication API application ensures the rapidity of the method for less than 500 ms for 100 users working in parallel with the system at the same time.

Disaster Risk Management Plans in Colombia: General Guidelines for Their Development

2021 ◽  
pp. 1-6
Author(s):  
Alejandra María Díaz-Tamayo
Keyword(s):  
Risk Management ◽  
Human Life ◽  
Disaster Risk ◽  
Disaster Risk Management ◽  
Risk Awareness ◽  
Normal Functioning ◽  
Management Plans ◽  
The Face ◽  
Changes In Risk ◽  
Evidence Based Guidelines

Abstract Over the years, Colombia has faced disaster situations that have generated changes in risk management models. These situations have brought suffering, destruction, and loss of human life, but have also served as lessons to develop procedures aimed at minimizing the risks caused by the presence of hazards. The objective of this article is to provide general evidence-based guidelines for formulating disaster risk management plans for each of the 3 action processes: risk awareness, risk reduction, and disaster management in Colombia. These plans can be achieved by preparing responses to different emergencies, which arise from threats in each of the possible scenarios, and are adverse events that alter the normal functioning of entities and communities. The implementation of these prevention strategies will allow communities to respond effectively to emergencies and recover rapidly in the face of adversity.

Cyber-Risk Management

2000 ◽  
Author(s):  
Ty Sagalow ◽  
Carol Siegel ◽  
Paul Serritella
Keyword(s):  
Risk Management ◽  
Cyber Risk

Cyber-Risk Management

2007 ◽  
pp. 339-354
Author(s):  
Carol Siegel ◽  
Ty Sagalow ◽  
Paul Serritella
Keyword(s):  
Risk Management ◽  
Cyber Risk
Sign in / Sign up

Export Citation Format

Share Document