Cyber defense
Download 2.54 Mb. View original pdf
|
- Navigate this page:
- FIGURE 9. CYBER RISK FIGURE 8. SUBMARINE CABLE MAP BY TELEGEOGRAPHY
| CIBERDEFENSA ORIENTACIONES PARA EL DISEÑO, PLANEAMIENTO, IMPLANTACIÓN Y DESARROLLO DE UNA CIBERDEFENSA MILITAR 24 Cyber risk 075. Risk management is basic in cyber defense and is apart, intentionally or involuntarily, of all the phases of a decision-making process. A decision, inmost cases, is the result of the comparison of risks associated with the different feasible options. 076. Cyber risk is the probability that a cyber threat will indeed exploit a vulnerability to cause an impact damage) to an asset that has a specific value and criticality. In short, it is an indicator obtained from two factors probability and impact. 077. The probability of sustaining a cyber attack is higher as the threat capability and its interest in the potential victim’s assets increase. 078. The probability of sustaining a cyber attack is higher as the number of the targets vulnerabilities increases, since the threat’s activity becomes easier and more profitable. 079. The impact is higher as the value of the attacked assets–for the organization–increases. 080. The impact is higher as the criticality of the attacked assets increases. That is, when other important assets for the organization depend on the attacked assets. FIGURE 9. CYBER RISK FIGURE 8. SUBMARINE CABLE MAP BY TELEGEOGRAPHY GUÍA DE CIBERDEFENSA ORIENTACIONES PARA EL DISEÑO, PLANEAMIENTO, IMPLANTACIÓN Y DESARROLLO DE UNA CIBERDEFENSA MILITAR 25 In the context of cyber defense, the risk to consider, above all, is the risk to the mission due to cyber threats. In other words, how a successful cyber threat materialization can jeopardize the mission. 082. It is necessary to minimize the risks of the cyberspace components when their operation is essential for mission accomplishment. These are the components of the cyber key terrain list. 083. Cyber risk is managed through a seven-phase systematic process. Identify and prioritize the CKT components according to their potential impact on the mission in case their operation is impaired. Identify and evaluate the vulnerabilities of the CKT components. Identify the potential cyber threats that can jeopardize the mission and assess their capability. Identify the assets of highest interest to the threat, either because they are valuable or useful to the threat or because they are those with the highest impact on the organization, which is the threat’s goal. Identify the risks by carrying out a methodological analysis using a specialized tool and methodology (MAGERIT Download 2.54 Mb. Share with your friends:
|