Cyber defense



Download 2.54 Mb.
View original pdf
Page13/85
Date09.12.2022
Size2.54 Mb.
#60094
1   ...   9   10   11   12   13   14   15   16   ...   85
Cyber Defense Handbook
CIBERDEFENSA
ORIENTACIONES PARA EL DISEÑO, PLANEAMIENTO, IMPLANTACIÓN Y DESARROLLO DE UNA CIBERDEFENSA MILITAR
24
Cyber risk
075.
Risk management is basic in cyber defense and is apart, intentionally or involuntarily, of all the phases of a decision-making process. A decision, inmost cases, is the result of the comparison of risks associated with the different feasible options.
076.
Cyber risk is the probability that a cyber threat will indeed exploit a vulnerability to cause an impact damage) to an asset that has a specific value and criticality. In short, it is an indicator obtained from two factors probability and impact.
077.
The probability of sustaining a cyber attack is higher as the threat capability and its interest in the potential victim’s assets increase.
078.
The probability of sustaining a cyber attack is higher as the number of the targets vulnerabilities increases, since the threat’s activity becomes easier and more profitable.
079.
The impact is higher as the value of the attacked assets–for the organization–increases.
080.
The impact is higher as the criticality of the attacked assets increases. That is, when other important assets for the organization depend on the attacked assets.
FIGURE 9.
CYBER RISK
FIGURE 8.
SUBMARINE CABLE MAP BY TELEGEOGRAPHY


GUÍA DE
CIBERDEFENSA
ORIENTACIONES PARA EL DISEÑO, PLANEAMIENTO, IMPLANTACIÓN Y DESARROLLO DE UNA CIBERDEFENSA MILITAR
25 In the context of cyber defense, the risk to consider, above all, is the risk to the mission due to cyber threats. In other words, how a successful cyber threat materialization can jeopardize the mission.
082.
It is necessary to minimize the risks of the cyberspace components when their operation is essential for mission accomplishment. These are the components of the cyber key terrain list.
083.
Cyber risk is managed through a seven-phase systematic process. Identify and prioritize the CKT components according to their potential impact on the mission in case their operation is impaired. Identify and evaluate the vulnerabilities of the
CKT components. Identify the potential cyber threats that can jeopardize the mission and assess their capability. Identify the assets of highest interest to the threat, either because they are valuable or useful to the threat or because they are those with the highest impact on the organization, which is the threat’s goal. Identify the risks by carrying out a methodological analysis using a specialized tool and methodology (MAGERIT

Download 2.54 Mb.

Share with your friends:
1   ...   9   10   11   12   13   14   15   16   ...   85




The database is protected by copyright ©ininet.org 2024
send message

    Main page