A Proposed: Integration of the Monte Carlo model and the Bayes network to Propose Cyber Security Risk Assessment Tool for Small and Medium Enterprises in South Africa (original) (raw)
Related papers
Proceedings of the 18th International Conference on Cyber Warfare and Security , 2023
Human factors such as planned and unplanned cyber-attacks are a serious threat to any institution. The presence of planned and unplanned actions exposes the state of cybersecurity within the small business sector-leaving them vulnerable to a range of cyber-risks. This study used AgenaRisk package with Bayesian Network (BN) tools to illustrate the likelihood of risk in planned and unplanned attacks. Adopting the package demonstrates the dependent and independent variables of the human factors, which are planned and unplanned, with their relationships resulting in the ultimate data breach. The work also combined qualitative research with quantitative risk analysis techniques to determine the risk likelihood of the planned activities and unplanned employee actions and their behaviors influencing data breaches. The work used the judgemental sampling method to select twenty-five (25) research participants who are business owners, and Information Technology (IT) managers. An online survey was used to collect data from the selected research participants. Results were analysed using content analysis, and interpreted using the package with BN tools, and risk analysis techniques. The results were further discussed, and the study concluded with the remarks and future developments.
Oriental Journal of Computer Science and Technology, 2019
The purpose of this research was to develop a structure for a network intrusion detection and prevention system based on the Bayesian Network for use in Cybersecurity. The phenomenal growth in the use of internet-based technologies has resulted in complexities in cybersecurity subjecting organizations to cyberattacks. What is required is a network intrusion detection and prevention system based on the Bayesian Network structure for use in Cybersecurity. Bayesian Networks (BNs) are defined as graphical probabilistic models for multivariate analysis and are directed acyclic graphs that have an associated probability distribution function. The research determined the cybersecurity framework appropriate for a developing nation; evaluated network detection and prevention systems that use Artificial Intelligence paradigms such as finite automata, neural networks, genetic algorithms, fuzzy logic, support-vector machines or diverse data-mining-based approaches; analysed Bayesian Networks that can be represented as graphical models and are directional to represent cause-effect relationships; and developed a Bayesian Network model that can handle complexity in cybersecurity. The theoretical framework on Bayesian Networks was largely informed by the NIST Cybersecurity Framework, General deterrence theory, Game theory, Complexity theory and data mining techniques. The Pragmatism paradigm used in this research, as a philosophy is intricately related to the Mixed Method Research (MMR). A mixed method approach was used in this research, which is largely quantitative with the research design being a survey and an experiment, but supported by qualitative approaches where Focus Group discussions were held. The performance of Support Vector Machines, Artificial Neural Network, K-Nearest Neighbour, Naive-Bayes and Decision Tree Algorithms was discussed. Alternative improved solutions discussed include the use of machine learning algorithms specifically Artificial Neural Networks (ANN), Decision Tree C4.5, Random Forests and Support Vector Machines (SVM).
Predicting Cybersecurity Risk - A Methodology for Assessments
ARIS2 - Advanced Research on Information Systems Security
Defining an appropriate cybersecurity incident response model is a critical challenge that all companies face on a daily basis.However, there is not always an adequate answer. This is due to the lack of predictive models based on data (evidence). There is a significant investment in research to identify the main factors that can cause such incidents, always trying to have the most appropriate response and, consequently, enhancing response capacity and success. At the same time, several different methodologies assess the risk management and maturity level of organizations.There is, however, a gap in determining an organization's degree of proactive responsiveness to successfully adopt cybersecurity and an even more significant gap in assessing it from a risk management perspective. This paper proposes a model to evaluate this capacity, a model that intends to evaluate the methodological aspects of an organization and indicates the apparent gaps that can negatively impact the futu...
Bayesian Network Model for a Zimbabwean Cybersecurity System
Oriental journal of computer science and technology, 2020
The purpose of this research was to develop a structure for a network intrusion detection and prevention system based on the Bayesian Network for use in Cybersecurity. The phenomenal growth in the use of internet-based technologies has resulted in complexities in cybersecurity subjecting organizations to cyberattacks. What is required is a network intrusion detection and prevention system based on the Bayesian Network structure for use in Cybersecurity. Bayesian Networks (BNs) are defined as graphical probabilistic models for multivariate analysis and are directed acyclic graphs that have an associated probability distribution function. The research determined the cybersecurity framework appropriate for a developing nation; evaluated network detection and prevention systems that use Artificial Intelligence paradigms such as finite automata, neural networks, genetic algorithms, fuzzy logic, support-vector machines or diverse data-mining-based approaches; analysed Bayesian Networks th...
Risk Analysis, 2023
The role played by information and communication technologies in today's businesses cannot be underestimated. While such technological advancements provide numerous advantages and opportunities, they are known to thread organizations with new challenges such as cyberattacks. This is particularly important for small and medium-sized enterprises (SMEs) that are deemed to be the least mature and highly vulnerable to cybersecurity risks. Thus, this research is set to assess the cyber risks in online retailing SMEs (e-tailing SMEs). Therefore, this article employs a sample of 124 small etailers in the United Kingdom and takes advantage of a multi-criteria decision analysis (MCDA) method. Indeed, we identified a total number of 28 identified cyber-oriented risks in five exhaustive themes of "security," "dependency," "employee," "strategic," and "legal" risks. Subsequently, an integrated approach using step-wise weight assessment ratio analysis (SWARA) and best-worst method (BWM) has been employed to develop a pathway of risk assessment. As such, the current study outlines a novel approach toward cybersecurity risk management for e-tailing SMEs and discusses its effectiveness and contributions to the cyber risk management literature.
A Review : Cyber Security and Risk Assessment
International Journal of Scientific Research in Computer Science, Engineering and Information Technology, 2023
The current state of cloud computing security risk assessment is reviewed in this study. The quantitative security risk assessment models created for or used specifically in the context of a cloud computing system are selected, and a detailed analysis is done of them. Engineers and management need to be aware of these issues and have access to the data they need. This broad introduction of cyber security and risk assessment, which also includes a thorough examination of the literature to date, covers the important commercial and governmental bodies active in this subject. References are given to provide further details on the key issues related to the approaches for risk assessment. In terms of goal, the stages of risk management handled, important risk management concepts covered, and sources of probabilistic data, we assess and then analyse existing models. Based on the study, this work also suggest comparing these models to identify the weaknesses and strengths of each one.
This paper sought to create a cybersecurity risk management framework tailored to the needs and limitations of SMEs in Kabankalan City, Philippines, with the goal of enhancing their overall security resilience. The study delved into prominent cybersecurity standards and academic literature to identify best practices that are particularly relevant for resource-constrained SMEs. These were then synthesized into a modular framework specifically customized for Kabankalan City. The paper found that widely recognized standards like NIST CSF and ISO 27001 are overly complex and resource-intensive for smaller businesses to adopt effectively. However, research has validated the effectiveness of various elements that can strengthen SME Cyber protections in a streamlined and affordable manner. The formulated five-module risk management framework encompasses identification, analysis, control, monitoring, and incident response activities. This model blends globally validated practices with localization considerations for regional infrastructure and skill application. To maximize awareness and sustainable adoption across Kabankalan City, collaborative oversight and continuous upgrades are strongly advised. The framework serves as a template for subsequent province-wide validation and national policy development.
In recent decades, information has become a critical asset to various organizations, hence identifying and preventing the loss of information are becoming competitive advantages for firms. Many international standards have been developed to help organizations to maintain their competitiveness by applying risk assessment and information security management system and keep risk level as low as possible. This study aims to propose a new quantitative risk analysis and assessment methodology which is based on AHP and Monte Carlo simulation. In this method, AHP is used to create favorable weights for Confidentiality, Integrity and Availability (CIA) as security characteristic of any information asset. To deal with the uncertain nature of vulnerabilities and threats, Monte Carlo simulation is utilized to handle the stochastic nature of risk assessment by taking into account multiple judges' opinions. The proposed methodology is suitable for organizations that require risk analysis to implement ISO/IEC 27001 standard.