A Logical Model for Multi-Sector Cyber Risk Management
Publication Type:Journal Article
Source:Information & Security: An International Journal, Volume 47, Issue 1, p.13-26 (2020)
Keywords:Critical Infrastructure, cyber risk assessment, Cybersecurity, E-MAF, ECHO project, essential services, interdependencies
The increasing reliance on digital infrastructures makes whole sectors of the economy and public services vulnerable to attacks through cyberspace. Some progress has been made in understanding vulnerabilities and ways of reducing cyber risk at the sub-sectoral level. While the sectoral level remains a significant challenge, this study goes beyond, also addressing cyber risk resulting from the cross- and multi-sectoral interdependencies in a consistent logical model. The paper presents the scope of this logical model, outlines the problem of risk assessment, structured around the triplet “Threats – Vulnerabilities – Impact,” and the structuring of risk mitigation around types of risk reduction measures, the objective of decision-making on risk treatment, and the modalities of application. We provide examples of the implementation of the logical model, underlying the ECHO Multi-sector Assessment Framework, and conclude by emphasising the advantages the logical model and the framework provide.