Πλοήγηση ανά Συγγραφέας "Papacharoucha, Dimitra"
Τώρα δείχνει 1 - 1 of 1
Αποτελέσματα ανά σελίδα
Επιλογές ταξινόμησης
Τεκμήριο Towards a cybersecurity risk assessment procedure incorporating human vulnerabilities(ΕΛΜΕΠΑ, Σχολή Μηχανικών (ΣΜΗΧ), ΠΜΣ Μηχανικών Πληροφορικής, 2025-02-26) Papacharoucha, Dimitra; Παπατσαρούχα, Δήμητρα; Markakis, Evangelos; Μαρκάκης, ΕυάγγελοςIn cybersecurity, risk assessment models investigate the possibility of a system experiencing various cyberattack scenarios, as well as the impact these scenarios may have if they are realized. As a result of the evaluation, a risk level or score is determined, and the insight gained aids in the development of effective mitigation strategies. Risk assessment in cybersecurity often refers to the assessment of digital assets and their technical vulnerabilities. Recently, the need for shifting the attention towards human factor vulnerabilities and including them in holistic risk assessment processes has become a demand in the realm of cybersecurity, since they are more often than not the focus of cyber criminals, as opposed to exploiting the flaws of machines. Human vulnerabilities include not only factors affecting susceptibility to cyber threats, rather any aspect of human factors that may – intentionally or unintentionally – pose a serious threat to the security and integrity of computer systems and data. Currently, there are several approaches towards human vulnerability assessment; nonetheless, some major factors are yet to be included in the assessment process, such as the likelihood of a legitimate user behaving deliberately as an insider threat (e.g., level of maliciousness). The level of a user’s maliciousness may not be a vulnerability for the user per se; however, it is considered a vulnerability for the environment in which the malicious user operates. Furthermore, human vulnerability assessment is still neglected from many frameworks aiming to assess the cybersecurity capacity or risk level of an environment. Through an extensive review of related literature and drawing inspiration from current vulnerability and risk assessment methodologies, this thesis aims to design and propose two frameworks: a Human Vulnerability Assessment (HVA) Framework that will offer a continuous and multi-factor end-user vulnerability assessment, in which maliciousness assessment will also be included; a Holistic Cybersecurity Risk Assessment (HCRA) Framework that will consider both technical and human vulnerabilities in the risk assessment and calculation process. The two proposed frameworks are evaluated against a realistic use-case that reflects the holistic cybersecurity risk assessment of an organization comprising two departments and several digital assets and their human operators.