Cargando…
Cloud Enterprise Dynamic Risk Assessment (CEDRA): a dynamic risk assessment using dynamic Bayesian networks for cloud environment
Cloud computing adoption has been increasing rapidly amid COVID-19 as organisations accelerate the implementation of their digital strategies. Most models adopt traditional dynamic risk assessment, which does not adequately quantify or monetise risks to enable business-appropriate decision-making. I...
| Autores principales: | , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Springer Berlin Heidelberg
2023
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10188321/ https://www.ncbi.nlm.nih.gov/pubmed/37220560 http://dx.doi.org/10.1186/s13677-023-00454-2 |
| _version_ | 1785042887507968000 |
|---|---|
| author | Behbehani, Dawood Komninos, Nikos Al-Begain, Khalid Rajarajan, Muttukrishnan |
| author_facet | Behbehani, Dawood Komninos, Nikos Al-Begain, Khalid Rajarajan, Muttukrishnan |
| author_sort | Behbehani, Dawood |
| collection | PubMed |
| description | Cloud computing adoption has been increasing rapidly amid COVID-19 as organisations accelerate the implementation of their digital strategies. Most models adopt traditional dynamic risk assessment, which does not adequately quantify or monetise risks to enable business-appropriate decision-making. In view of this challenge, a new model is proposed in this paper for assignment of monetary losses terms to the consequences nodes, thereby enabling experts to understand better the financial risks of any consequence. The proposed model is named Cloud Enterprise Dynamic Risk Assessment (CEDRA) model that uses CVSS, threat intelligence feeds and information about exploitation availability in the wild using dynamic Bayesian networks to predict vulnerability exploitations and financial losses. A case study of a scenario based on the Capital One breach attack was conducted to demonstrate experimentally the applicability of the model proposed in this paper. The methods presented in this study has improved vulnerability and financial losses prediction. |
| format | Online Article Text |
| id | pubmed-10188321 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2023 |
| publisher | Springer Berlin Heidelberg |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-101883212023-05-19 Cloud Enterprise Dynamic Risk Assessment (CEDRA): a dynamic risk assessment using dynamic Bayesian networks for cloud environment Behbehani, Dawood Komninos, Nikos Al-Begain, Khalid Rajarajan, Muttukrishnan J Cloud Comput (Heidelb) Research Cloud computing adoption has been increasing rapidly amid COVID-19 as organisations accelerate the implementation of their digital strategies. Most models adopt traditional dynamic risk assessment, which does not adequately quantify or monetise risks to enable business-appropriate decision-making. In view of this challenge, a new model is proposed in this paper for assignment of monetary losses terms to the consequences nodes, thereby enabling experts to understand better the financial risks of any consequence. The proposed model is named Cloud Enterprise Dynamic Risk Assessment (CEDRA) model that uses CVSS, threat intelligence feeds and information about exploitation availability in the wild using dynamic Bayesian networks to predict vulnerability exploitations and financial losses. A case study of a scenario based on the Capital One breach attack was conducted to demonstrate experimentally the applicability of the model proposed in this paper. The methods presented in this study has improved vulnerability and financial losses prediction. Springer Berlin Heidelberg 2023-05-17 2023 /pmc/articles/PMC10188321/ /pubmed/37220560 http://dx.doi.org/10.1186/s13677-023-00454-2 Text en © The Author(s) 2023 https://creativecommons.org/licenses/by/4.0/Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ (https://creativecommons.org/licenses/by/4.0/) . |
| spellingShingle | Research Behbehani, Dawood Komninos, Nikos Al-Begain, Khalid Rajarajan, Muttukrishnan Cloud Enterprise Dynamic Risk Assessment (CEDRA): a dynamic risk assessment using dynamic Bayesian networks for cloud environment |
| title | Cloud Enterprise Dynamic Risk Assessment (CEDRA): a dynamic risk assessment using dynamic Bayesian networks for cloud environment |
| title_full | Cloud Enterprise Dynamic Risk Assessment (CEDRA): a dynamic risk assessment using dynamic Bayesian networks for cloud environment |
| title_fullStr | Cloud Enterprise Dynamic Risk Assessment (CEDRA): a dynamic risk assessment using dynamic Bayesian networks for cloud environment |
| title_full_unstemmed | Cloud Enterprise Dynamic Risk Assessment (CEDRA): a dynamic risk assessment using dynamic Bayesian networks for cloud environment |
| title_short | Cloud Enterprise Dynamic Risk Assessment (CEDRA): a dynamic risk assessment using dynamic Bayesian networks for cloud environment |
| title_sort | cloud enterprise dynamic risk assessment (cedra): a dynamic risk assessment using dynamic bayesian networks for cloud environment |
| topic | Research |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10188321/ https://www.ncbi.nlm.nih.gov/pubmed/37220560 http://dx.doi.org/10.1186/s13677-023-00454-2 |
| work_keys_str_mv | AT behbehanidawood cloudenterprisedynamicriskassessmentcedraadynamicriskassessmentusingdynamicbayesiannetworksforcloudenvironment AT komninosnikos cloudenterprisedynamicriskassessmentcedraadynamicriskassessmentusingdynamicbayesiannetworksforcloudenvironment AT albegainkhalid cloudenterprisedynamicriskassessmentcedraadynamicriskassessmentusingdynamicbayesiannetworksforcloudenvironment AT rajarajanmuttukrishnan cloudenterprisedynamicriskassessmentcedraadynamicriskassessmentusingdynamicbayesiannetworksforcloudenvironment |