Open AccessMILITARY-BASED CYBER RISK ASSESSMENT FRAMEWORK FOR SUPPORTING CYBER WARFARE IN THAILAND
Author(s) -
Aniwat Hemanidhi,
Sa Chimmanee
Publication year - 2017
Publication title -
journal of ict
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.217
H-Index - 10
eISSN - 2180-3862
pISSN - 1675-414X
DOI - 10.32890/jict2017.16.2.8229
Subject(s) - risk assessment , vulnerability assessment , vulnerability (computing) , risk management , computer security , it risk management , risk analysis (engineering) , cyberwarfare , nist , work (physics) , cyberspace , computer science , engineering , business , the internet , mechanical engineering , psychology , finance , psychological resilience , natural language processing , world wide web , psychotherapist
Information Technology (IT) Risk Management is designed to confirm the sufficiency of information security. There are many risk management/assessment standards, e.g. IS0 27005:2011 and NIST SP 800-30rev1, which are mainly designed for general organizations such as governments or businesses. Cyber risk assessment focused on military strategy has been rarely studied. Hence, this paper presents an innovative cyber risk assessment conceptual framework named “Cyber Risk Assessment (CRA)” which is extended from previous work with Military Risk Evaluation (MRE). This proposed CRA is the collection and integration of both quantitative and qualitative data. The Vulnerability Detection (VD) tools in Network Risk Evaluation (the previous studies) were used for the quantitative data collection and the focus group in the MRE (the proposed method) was used to collect qualitative data, which enhance the general risk assessment standard to achieve the objective of the research. The complexity of cyberspace domains with a military perspective is thoughtfully contemplated into the cyber risk assessment for national cyber security. Results of the proposed framework enable the possibility of cyber risk evaluation into score for national cyber security planning.