Skip to main content
SpringerLink
Log in
SpringerLink
Log in

Multi-sector Risk Management Framework for Analysis Cybersecurity Challenges and Opportunities

  • Conference paper
  • First Online:
Multimedia Communications, Services and Security (MCSS 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1689))

Abstract

This paper describes an approach to analyse transversal and inter-sectoral cybersecurity challenges and opportunities: dedicated risk assessment and management framework, which can be used to develop cybersecurity technology roadmaps. This multi-sector assessment framework is able to prioritise and evaluate cybersecurity risks in trans-sectoral and inter-sectoral contexts as well as supports proper resource allocations and mitigation actions. To achieve this goal, the analysis of known risk management and risk assessment frameworks was performed, and results are presented in this paper. Also, an overview on transversal, inter-sectoral and multi-sectoral technological challenges and opportunities is provided. The result of this analysis is an architecture of the ECHO Multi-sector Assessment Framework, which was described in detail, including identified and analysed transversal aspects, multi-sector dependencies, and technological challenges and opportunities determine the input data for the framework. This solution is applicable in many sectors, such as energy, healthcare, maritime transportation, or defence, however it can also be extended to others. The architecture of the framework proposed supports the design of cybersecurity technology roadmap and the definition of governance models.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. ECHO Project website. https://echonetwork.eu. Accessed 22 Aug 2022

  2. Pappalardo, S.M., Niemiec, M., Bozhilova, M., Stoianov, N., Dziech, A., Stiller, B.: Multi-sector assessment framework – a new approach to analyse cybersecurity challenges and opportunities. In: Dziech, A., Mees, W., Czyżewski, A. (eds.) MCSS 2020. CCIS, vol. 1284, pp. 1–15. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-59000-0_1

    Chapter  Google Scholar 

  3. Niemiec, M., Jaglarz, P., Jękot, M., Chołda, P., Boryło, P.: Risk assessment approach o secure northbound interface of SDN networks. In: Proceedings of the International Conference on Computing, Networking and Communications (ICNC 2019), Honolulu, HI, USA (2019)

    Google Scholar 

  4. D2.2 ECHO Multi-Sector Assessment Framework, ECHO project consortium (2019)

    Google Scholar 

  5. ISO 31000:2018 Risk management—Guidelines. https://www.iso.org/standard/65694.html. Accessed 22 Aug 2022

  6. The TOGAF Standard. https://publications.opengroup.org/c182. Accessed 22 Aug 2022

  7. NIST Special Publication 800-30 Guide for Conducting Risk Assessments. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf. Accessed 22 Aug 2022

  8. MEHARI Overview. http://meharipedia.x10host.com/wp/wp-content/uploads/2019/05/MEHARI-Overview-2019.pdf. Accessed 22 Aug 2022

  9. MAGERIT v.3: Metodología de Análisis y Gestión de Riesgos de los Sistemas de Información. https://administracionelectronica.gob.es/pae_Home/pae_Documentacion/pae_Metodolog/pae_Magerit.html?idioma=en#.Xl1XC0pCdPY. Accessed 22 Aug 2022

  10. Alberts, C.J., Behrens, S.G., Pethia, R.D., Wilson, W.R.: Operationally critical threat, asset, and vulnerability EvaluationSM (OCTAVESM) framework. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=13473. Accessed 22 Aug 2022

  11. Caralli, R.A., Stevens, J.F., Young, L.R., Wilson, W.R.: Introducing OCTAVE allegro: improving the information security risk assessment process (2007)

    Google Scholar 

  12. Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection, pp. 75–82. http://data.europa.eu/eli/dir/2008/114/oj. Accessed 22 Aug 2022

  13. HIMSS Cybersecurity Survey. https://www.himss.org/2018-himss-cybersecurity-survey. Accessed 22 Aug 2022

  14. NIST Cyber Security Framework, Framework for Improving Critical Infrastructure Cybersecurity. https://www.nist.gov/cyberframework/framework. Accessed 22 Aug 2022

  15. ISO27001:2013. https://www.iso.org/isoiec-27001-information-security.html. Accessed 22 Aug 2022

  16. HITRUST Cyber Security Framework. https://hitrustalliance.net/csf-license-agreement. Accessed 22 Aug 2022

  17. CIS 20 Controls. https://learn.cisecurity.org/cis-controls-download. Accessed 22 Aug 2022

  18. COBIT framework. http://www.isaca.org/cobit/pages/default.aspx. Accessed 22 Aug 2022

  19. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (2016)

    Google Scholar 

  20. Guidelines on high-level recommendations on maritime cyber risk management. https://www.imo.org/en/OurWork/Security/Pages/Cyber-security.aspx. Accessed 22 Aug 2022

  21. D2.3 Transversal Cybersecurity Challenges and Opportunities, ECHO project consortium (2019)

    Google Scholar 

  22. D2.5 Multi-sector Requirements Definition and Demonstration Cases, ECHO project consortium (2020)

    Google Scholar 

  23. D2.1 Sector Scenarios and Use Case Analysis, ECHO project consortium (2019)

    Google Scholar 

  24. D2.4 Inter-Sector Technology Challenges and Opportunities, ECHO project consortium (2020)

    Google Scholar 

  25. Nai-Fovino, I., et al.: A proposal for a European cybersecurity taxonomy. Publications Office of the European Union (2019)

    Google Scholar 

  26. Tagarev, T., Pappalardo, S.M., Stoianov, N.: A logical model for multi-sector cyber risk management. In: Proceedings of the Digital Transformation, Cyber Security and Resilience (DIGILIENCE 2020), Varna, Bulgaria (2020)

    Google Scholar 

  27. ISO/IEC 27005:2018. https://www.iso.org/standard/75281.html. Accessed 22 Aug 2022

Download references

Acknowledgements

This work has been partially funded by the European Union’s Horizon 2020 Research and Innovation Programme, under Grant Agreement no. 830943, the ECHO project and partially by the European Union’s Horizon 2020 Research and Innovation Program under Grant Agreement no. 830927, the CONCORDIA project.

The authors would like to thank all our colleagues involved in WP2 of ECHO project who contributed to deliverables D2.1, D2.2, D2.3, D2.4, and D2.5.

Author information

Authors and Affiliations

  1. AGH University of Science and Technology, Mickiewicza 30, 30-059, Krakow, Poland

    Marcin Niemiec & Andrzej Dziech

  2. CIRM, Viale Ortles 22, Milan, Italy

    Salvatore Marco Pappalardo

  3. Software Engineering Italia S.r.l., Piazza Abramo Lincoln 7, Catania, Italy

    Salvatore Marco Pappalardo

  4. Bulgarian Defence Institute, Sofia, Bulgaria

    Maya Bozhilova & Nikolai Stoianov

  5. Communication Systems Group CSG, Department of Informatics IfI, University of Zurich UZH, Binzmühlestrasse 14, 8050, Zürich, Switzerland

    Burkhard Stiller

Authors
  1. Marcin Niemiec
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Salvatore Marco Pappalardo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Maya Bozhilova
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nikolai Stoianov
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Andrzej Dziech
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Burkhard Stiller
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marcin Niemiec .

Editor information

Editors and Affiliations

  1. AGH University of Science and Technology, Kraków, Poland

    Andrzej Dziech

  2. Royal Military Academy, Brussels, Belgium

    Wim Mees

  3. AGH University of Science and Technology, Kraków, Poland

    Marcin Niemiec

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Niemiec, M., Pappalardo, S.M., Bozhilova, M., Stoianov, N., Dziech, A., Stiller, B. (2022). Multi-sector Risk Management Framework for Analysis Cybersecurity Challenges and Opportunities. In: Dziech, A., Mees, W., Niemiec, M. (eds) Multimedia Communications, Services and Security. MCSS 2022. Communications in Computer and Information Science, vol 1689. Springer, Cham. https://doi.org/10.1007/978-3-031-20215-5_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-20215-5_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-20214-8

  • Online ISBN: 978-3-031-20215-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation