1 / 7

Miguel Areias – Portugal – RT S3c – Paper ID: 0625

Cyber Security Challenges and Risk Analysis Miguel Areias EDP Distribuição. Miguel Areias – Portugal – RT S3c – Paper ID: 0625. Threat. Vulnerability. Risk. Risk Analysis. Event , actor, or action with potential to harm. Weakness. Operational or Economic.

daire
Download Presentation

Miguel Areias – Portugal – RT S3c – Paper ID: 0625

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Security Challenges and Risk Analysis Miguel Areias EDP Distribuição Miguel Areias – Portugal – RT S3c – Paper ID: 0625

  2. Threat Vulnerability Risk Risk Analysis Event, actor, oractionwithpotential to harm Weakness Operational or Economic Unauthorized access or attempt to a system or resource A potential security gap in some parts of the infrastructure Assess and quantify the risk There is only a risk when a vulnerability exists and can be exploited. Quantifying the risk represents the magnitude of the damage caused by the materialized threat

  3. Threat Vulnerability Intrusion (Risk of) Threats, Vulnerability and Risk • Virus Attack • Virus not Updated • Tools not Adequate • People Awareness • Loss of Reputation • Loss of Data • Rework • Stress on People Not all vulnerabilities need to be addressed. Risk analysis must be done in order to identify the quantity of threats that each vulnerability is exposed

  4. Likely Almost Certain Possible Unlikely Rare Major Moderate Catastrophic Insignificant Minor LowRisk Moderate Probability Impact LowRisk LowRisk LowRisk LowRisk Moderate Moderate High Risk High Risk High Risk Moderate Moderate High Risk High Risk High Risk Moderate Extreme Extreme Extreme Extreme Extreme Extreme Extreme Extreme Quantitative Risk Measurement The Risk analysis is based on the probability to exploit one vulnerability and its effects (exploitation Impact). The same vulnerability could be different in different contexts.

  5. System Performance Requirements In many situations, Critical Infrastructures are considered isolated and the security is based on obscurity.

  6. Cyber Security Risk Management Framework Supported on standards, this approach allows us to assess and implement security issues on a Critical infrastructure. Taking into account the criticality, vulnerability and risk to which they are exposed.

  7. Mitigation • Vulnerability Assessment • Internal • External Security Life Cycle ThreatandAttackModeling Prioritize what vulnerabilities must be first addressed RankRiskAnalysis (quantifytherisk) Assess and risk analysis in order to identify measures to reduce or eliminate its impact.

More Related