Abordagens de pesquisas de avaliação de riscos cibernéticos: um estudo bibliométrico
DOI:
https://doi.org/10.5585/2023.21072Palavras-chave:
Avaliação de Riscos Cibernéticos, Gerenciamento de Riscos, Segurança da InformaçãoResumo
Diversas abordagens podem ser utilizadas em pesquisas sobre a avaliação de riscos cibernéticos e a falta de padronização e de definição dificulta a aplicação e a organização de conceitos sobre o tema. É com esse argumento que surge a motivação deste estudo: quais são os termos, métodos e tipos de pesquisa utilizados por trabalhos relacionados à avaliação de riscos cibernéticos na literatura científica internacional? Este artigo, a partir de uma metodologia de caráter bibliométrico, busca explorar as abordagens empregadas quanto aos métodos, tipos de pesquisa e termos adotados. O objetivo proposto foi alcançado por meio de análises de conteúdo com o intuito de identificar e quantificar características nas publicações. Foi possível observar um aumento do volume de publicações que utilizam métodos qualitativos/quantitativos a partir de 2013. Para os trabalhos que buscam a melhoria de métodos de avaliação de riscos cibernéticos, 79% destes trabalhos visam aprimorar métodos quantitativos.
Downloads
Referências
Alohali, M., Clarke, N. & Furnell, S. (2018). The design and evaluation of a user-centric information security risk assessment and response framework. International Journal of Advanced Computer Science and Applications, 9 (10), pp. 148-163.
Andronache, A.& Althonayan, A. (2018). Shifting From Information Security Towards A Cybersecurity Paradigm. Disponível em: . Acesso em: 17 jul. 2021.
Beebe, N.L. & Rao, S.V. (2010). Improving organizational information security strategy via meso-level application of situational crime prevention to the risk management process. Communications of the Association for Information Systems, 26 (1), pp. 329-358.
Bhuiyan, T.H., Medal, H.R., Nandi, A.K. & Halappanavar, M. (2021). Risk-averse bi-level stochastic network interdiction model for cyber-security risk management. International Journal of Critical Infrastructure Protection, 32, art. no. 100408.
Bojanc, R. & Jerman-Blažič, B. (2013). A quantitative model for information-security risk management. EMJ - Engineering Management Journal, 25 (2), pp. 25-37.
Bolle, S.R., Hasvold, P., Henriksen, E. (2011). Video calls from lay bystanders to dispatch centers - Risk assessment of information security. BMC Health Services Research, 11, art. no. 244.
Brunner, M., Sauerwein, C., Felderer, M. & Breu, R. (2020). Risk management practices in information security: Exploring the status quo in the DACH region. 2020. Computers and Security, 92, art. no. 101776.
Coronado, A.J. & Wong, T.L. (2014). Healthcare cybersecurity risk management: Keys to an effective plan. Biomedical Instrumentation and Technology, 48, pp. 26-30.
Chaitanya Krishna, B., Subrahmanyam, K. & Kim, T.-H. (2015). A dependency analysis for information security and risk management. International Journal of Security and its Applications, 9 (8), pp. 205-210.
Chen, Y.-T. & Huang, C.-C. (2019). Determining information security threats for an iot-based energy internet by adopting software engineering and risk management approaches. Inventions, 4 (3), art. no. 53.
Fenz, S., Ekelhart, A. & Neubauer, T. (2011). Information security risk management: In which security solutions is it worth investing? Communications of the Association for Information Systems, 28 (1), pp. 329-356.
Fernandes, A. A.& Abreu, V. F. (2012). Implantando a governança de TI: da estratégia à gestão de processos e serviços. 3. ed. Rio de Janeiro: Brasport.
Fielder, A., König, S., Panaousis, E., Schauer, S. & Rass, (2018). S. Risk assessment uncertainties in cybersecurity investments. Games, 9 (2), art. no. 34.
Fontes, E. (2006). Segurança da informação: o usuário faz a diferença. São Paulo: Saraiva.
Fraporti, S. & Barreto, J. (2018). Gerenciamento de riscos. Sagah Educação S.A.
Haji, S., Tan, Q. & Costa, R.S. (2019). A hybrid model for information security risk assessment. International Journal of Advanced Trends in Computer Science and Engineering, 8 (1).
Hashim, N.A., Abidin, Z.Z., Zakaria, N.A.& Ahmad, R., Puvanasvaran, A.P. (2018). Risk assessment method for insider threats in cyber security: A review. International Journal of Advanced Computer Science and Applications, 9 (11), pp. 126-130.
HSC Brasil. Ameaças persistentes avançadas: Como se proteger. 2019.
Disponível em: https://www.hscbrasil.com.br/ameacas-persistentes-avancadas/. Acesso em 24 jul. 2021.
Herland, K., Hmminen, H. & Kekolahti, P. (2015). Information security risk assessment of smartphones using bayesian networks. Journal Cyber Security and Mobility,4, p.65-86.
Henshel, D., Cains, M.G., Hoffman, B. & Kelley, T. (2015). Trust as a Human Factor in Holistic Cyber Security Risk Assessment. Procedia Manufacturing, 3, pp. 1117-1124.
Kalinin, M., Krundyshev, V. & Zegzhda, P. (2021). Cybersecurity risk assessment in smart city infrastructures. Machines, 9 (4), art. no. 78.
Kovácsné Mozsár, A.L. & Michelberger, P. (2018). It risk management and application portfolio management [Zarządzanie ryzykiem it i zarządzanie portfelem aplikacji]. Polish Journal of Management Studies, 17 (2), pp. 112-122.
Kure, H.I. & Islam, S. (2019). Assets focus risk management framework for critical infrastructure cybersecurity risk management. IET Cyber-Physical Systems. 4 (4), pp. 332-340.
Kure, H.I., Islam, S. & Razzaque, M.A. (2018). An integrated cyber security risk management approach for a cyber-physical system. Applied Sciences, 8 (6), art. no. 898.
Lai, L.K.H. & Chin, K.S. (2014). Development of a failure mode and effects analysis based risk assessment tool for information security. Industrial Engineering and Management Systems, 13 (1), pp. 87-100.
Lenstra, A. & Voss, T. (2004). Information security risk assessment, aggregation, and mitigation. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3108, pp. 391-401.
Li, S., Bi, F., Chen, W., Miao, X., Liu, J. &Tang, C. (2018). An improved information security risk assessments method for cyber-physical-social computing and networking. IEEE Access, 6, pp. 10311-10319.
Liu, L., Bao, T., Yuan, J. & Li, C. (2013). Risk assessment of information security based on grey incidence and D-s theory of evidence. Journal of Applied Sciences, p. 1740-1745.
Liu, H.B., Liu, Y. & Xu, L. (2020). Dombi Interval-Valued Hesitant Fuzzy Aggregation Operators for Information Security Risk Assessment. Mathematical Problems in Engineering.
Macek, D., Magdalenic, I. & Redep, N.B. (2020). A systematic literature review on the application of multicriteria decision making methods for information security risk assessment. International Journal of Safety and Security Engineering, 10 (2), pp. 161-174.
Machado, F. (2014). Segurança da Informação: princípios e controle de ameaças. 1. Ed. São Paulo: Érica.
Markovic-Petrovic, J.D. & Stojanovic, M.D. (2014). An improved risk assessment method for SCADA information security. Elektronika ir Elektrotechnika, 20 (7), pp. 69-72.
Mokhor, V., Gonchar, S. & Dybach, O. (2019). Methods for the total risk assessment of cybersecurity of critical infrastructure facilities. Nuclear Radiation Safety, p. 4-8.
Molinaro, L.& Ramos, K. (2011). Gestão de tecnologia da informação: governança de TI: arquitetura e alinhamento entre sistemas de informação e o negócio. Rio de Janeiro: LTC.
Monteiro, M. S. (2017). A importância da gestão de riscos. Belém: CONACI.
Musman, S. & Turner, A. (2018). A game theoretic approach to cyber security risk management. Journal of Defense Modeling and Simulation, 15 (2), pp. 127-146.
Öbrand, L., Holmström, J. & Newman, M. (2018). Navigating Rumsfeld's quadrants: A performative perspective on IT risk management. Technology in Society, 53, pp. 1-8.
Pan, L. & Tomlinson, A. (2018). A systematic review of information security risk assessment. International Journal of Safety and Security Engineering, 6 (2), pp. 270-281.
Rodrigues, A. R., Tavar, C., Nogueira, G. M. & Librelotto, R. F. (2016). A bibliometria como ferramenta de análise da produção intelectual: uma análise dos hot topics sobre sustentabilidade. Biblionline, v. 12, n. 3, p. 34-47.
Rahman, M. & Donahue, E. (2010). Convergence of Corporate and Information Security. International Journal of Computer Science and Information Security, Vol. 7, No. 1.
Romanov, A., Tsubaki, H. & Okamoto, E. (2010). Caan approach to perform quantitative information security risk assessment in IT landscapes. Journal of Information Processing, 18, pp. 213-226.
Saleh, M.S. & Alfantookh, A. (2011). A new comprehensive framework for enterprise information security risk management. Applied Computing and Informatics, 9 (2).
Shamala, P., Ahmad, R., Zolait, A.H. & Sahib, S.B. (2015). Collective information structure model for information security risk assessment (ISRA). Journal of Systems and Information Technology, 17 (2), pp. 193-219.
Shameli-Sendi, A., Shajari, M., Hassanabadi, M., Jabbarifar, M. & Dagenais, M. (2012). Fuzzy multi-criteria decision-making for information security risk assessment. Open Cybernetics and Systemics Journal, 6 (1), pp. 26-37.
Shang, W., Gong, T., Chen, C., Hou, J. & Zeng, P. (2019). Information Security Risk Assessment Method for Ship Control System Based on Fuzzy Sets and Attack Trees. Security and Communication Networks, 2019, art. no. 3574675.
Shedden, P., Ahmad, A., Smith, W., Tscherning, H.& Scheepers, R. (2016). Asset identification in information security risk assessment: A business practice approach. Communications of the Association for Information Systems, 39 (1), art. no. 15, pp. 297-320.
Slay, J., & A. Koronios. (2006). Information technology security & risk management. Milton, QLD: Wiley.
Sotolani, R. S., Menezes, I. D. A. C., Galegale, N. V., & Feitosa, M. D. (2022). Vulnerabilidades de Segurança da Informação na Indústria 4.0: Proposição de Critérios para o uso de Análise Multicritério. Exacta.
Song, J.-G., Lee, J.-W., Lee, C.-K., Kwon, K.-C. & Lee, D.-Y. (2012). A cyber security risk assessment for the design of Lamp; C systems in nuclear power plants. Nuclear Engineering and Technology, 44 (8), pp. 919-928.
Steinberg, J. (2020). Cibersegurança Para Leigos. 1 ed. Rio de Janeiro: Alta Books.
Talabeigi, E. & Jalali Naeeini, S.G. (2016). Information security risk management and incompatible parts of organization. Journal of Industrial Engineering and Management.
Turskis, Z., Goranin, N., Nurusheva & A., Boranbayev, S. (2019). security risk assessment in critical infrastructure: A hybrid MCDM approach. Informatica (Netherlands), 30 (1), pp. 187-211.
Valis, D. & Koucky, M. (2009). Selected overview of risk assessment techniques. Probl. Eksploat, 75, pp. 19–32.
Walker-Roberts, S., Hammoudeh, M., Aldabbas, O., Aydin, M., & Dehghantanha, A. (2020). Threats on the horizon: understanding security threats in the era of cyberphysical systems. Journal of Supercomputing, 76(4), 2643–2664.
Wang, Z., Chen, L., Song, S., Cong, P.X. & Ruan, Q. (2020). Automatic cyber security risk assessment based on fuzzy fractional ordinary differential equations. Alexandria Engineering Journal, 59 (4), pp. 2725-2731.
Wang, J., Neil, M. & Fenton, N. (2020). A Bayesian network approach for cybersecurity risk assessment implementing and extending the FAIR model. Computers and Security, 89.
Wang, Y., Wang, Y., Qin, H., Ji, H., Zhang, Y. & Wang, J. (2021). A Systematic Risk Assessment Framework of Automotive Cybersecurity. Automotive Innovation.
Wangen, G. (2017). Information Security Risk Assessment: A Method Comparison. Computer, 50 (4), art. no. 7912273, pp. 52-61.
Wangen, G., Hallstensen, C. & Snekkenes, E. (2018). A framework for estimating information security risk assessment method completeness: Core Unified Risk Framework, CURF. International Journal of Information Security, 17 (6), pp. 681-699.
Webb, J., Maynard, S., Ahmad, A. & Shanks, G. (2014). Information security risk management: An intelligence-driven approach. Australasian Journal of Information Systems, 18 (3), pp. 391-404.
Woo, P.S., Kim, B.H. & Hur, D. (2015). Towards cyber security risks assessment in electric utility SCADA systems. Journal of Electrical Engineering and Technology, 10 (3), pp. 888-894.
Xiangmo, Z., Ming, D., Shuai, R., Luyao, L. & Zongtao, D. (2014). Risk assesment model of information security for transportation industry system based on risk matrix. Applied Mathematics and Information Sciences, 8 (3), pp. 1301-1306.
Xuepeng, H. & Wei, X. (2018). Method of information security risk assessment based on improved fuzzy theory of evidence. International Journal of Online Engineering, 14 (3), p. 188-196.
Yoo, Y. & Park, H.-S. (2021). Qualitative risk assessment of cybersecurity and development of vulnerability enhancement plans in consideration of digitalized ship. Journal of Marine Science and Engineering, 9 (6), art. no. 565.
Zarei, J. & Sadoughi, F. (2016). Information security risk management for computerized health information systems in hospitals: A case study of Iran. Risk Management and Healthcare Policy, 9, pp. 75-85.
Zawiła-Niedźwiecki, J. & Byczkowski, M. (2009). Information Security Aspect of Operational Risk Management. Foundations of Management, 1 (2), pp. 45-60.
Zhang, Q., Zhou, C., Tian, Y.-C., Xiong, N., Qin, Y. & Hu, B. (2018). A Fuzzy Probability Bayesian Network Approach for Dynamic Cybersecurity Risk Assessment in Industrial Control Systems. IEEE Transactions on Industrial Informatics, 14 (6), pp. 2497-2506.
Zhu, Q., Qin, Y., Zhou, C. & Gao, W. (2018). Extended multilevel flow model-based dynamic risk assessment for cybersecurity protection in industrial production systems. International Journal of Distributed Sensor Networks, 14 (6).
Downloads
Publicado
Como Citar
Edição
Seção
Licença
Copyright (c) 2023 Dos autores
Este trabalho está licenciado sob uma licença Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.