JCP 2010 Vol.5(3): 352-359 ISSN: 1796-203X
doi: 10.4304/jcp.5.3.352-359
doi: 10.4304/jcp.5.3.352-359
A Risk-Assessment Model for Cyber Attacks on Information Systems
Sandip Patel and Jigish Zaveri
Department of Information Science & Systems, Morgan State University, Baltimore, MD 21251
Abstract—Industrial process-plants are an integral part of a nation’s economy and critical infrastructure. The information systems used by automated industrial plants are enticing targets of cyber attacks. However, the financial damages resulting from these cyber attacks are difficult to estimate since the resultant losses are not as tangible as physical losses. In this paper, we propose a mathematical model for determining the financial losses resulting from cyber attacks on a computer-based information system used in industrial plants. Limited work has been published to systematically explore the types of possible cyber attacks and their financial impact on the process. The primary objective of this research is to propose a risk-assessment model to assess the impact of cyber attacks on a plant that runs fully or partially by control systems such as supervisory control and data acquisition (SCADA). Managers could use the model for cost/benefit analysis of security software and hardware acquisition. We also illustrate this model’s use on a SCADA system using a case. The proposed model could be applied to different industries and organizations with minor modifications to reflect the specifics of that industry or organization.
Index Terms—Industrial process-plants are an integral part of a nation’s economy and critical infrastructure. The information systems used by automated industrial plants are enticing targets of cyber attacks. However, the financial damages resulting from these cyber attacks are difficult to estimate since the resultant losses are not as tangible as physical losses. In this paper, we propose a mathematical model for determining the financial losses resulting from cyber attacks on a computer-based information system used in industrial plants. Limited work has been published to systematically explore the types of possible cyber attacks and their financial impact on the process. The primary objective of this research is to propose a risk-assessment model to assess the impact of cyber attacks on a plant that runs fully or partially by control systems such as supervisory control and data acquisition (SCADA). Managers could use the model for cost/benefit analysis of security software and hardware acquisition. We also illustrate this model’s use on a SCADA system using a case. The proposed model could be applied to different industries and organizations with minor modifications to reflect the specifics of that industry or organization.
Abstract—Industrial process-plants are an integral part of a nation’s economy and critical infrastructure. The information systems used by automated industrial plants are enticing targets of cyber attacks. However, the financial damages resulting from these cyber attacks are difficult to estimate since the resultant losses are not as tangible as physical losses. In this paper, we propose a mathematical model for determining the financial losses resulting from cyber attacks on a computer-based information system used in industrial plants. Limited work has been published to systematically explore the types of possible cyber attacks and their financial impact on the process. The primary objective of this research is to propose a risk-assessment model to assess the impact of cyber attacks on a plant that runs fully or partially by control systems such as supervisory control and data acquisition (SCADA). Managers could use the model for cost/benefit analysis of security software and hardware acquisition. We also illustrate this model’s use on a SCADA system using a case. The proposed model could be applied to different industries and organizations with minor modifications to reflect the specifics of that industry or organization.
Index Terms—Industrial process-plants are an integral part of a nation’s economy and critical infrastructure. The information systems used by automated industrial plants are enticing targets of cyber attacks. However, the financial damages resulting from these cyber attacks are difficult to estimate since the resultant losses are not as tangible as physical losses. In this paper, we propose a mathematical model for determining the financial losses resulting from cyber attacks on a computer-based information system used in industrial plants. Limited work has been published to systematically explore the types of possible cyber attacks and their financial impact on the process. The primary objective of this research is to propose a risk-assessment model to assess the impact of cyber attacks on a plant that runs fully or partially by control systems such as supervisory control and data acquisition (SCADA). Managers could use the model for cost/benefit analysis of security software and hardware acquisition. We also illustrate this model’s use on a SCADA system using a case. The proposed model could be applied to different industries and organizations with minor modifications to reflect the specifics of that industry or organization.
Cite: Sandip Patel and Jigish Zaveri, " A Risk-Assessment Model for Cyber Attacks on Information Systems," Journal of Computers vol. 5, no. 3, pp. 352-359, 2010.
General Information
ISSN: 1796-203X
Abbreviated Title: J.Comput.
Frequency: Bimonthly
Abbreviated Title: J.Comput.
Frequency: Bimonthly
Editor-in-Chief: Prof. Liansheng Tan
Executive Editor: Ms. Nina Lee
Abstracting/ Indexing: DBLP, EBSCO, ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat,etc
E-mail: jcp@iap.org
-
Nov 14, 2019 News!
Vol 14, No 11 has been published with online version [Click]
-
Mar 20, 2020 News!
Vol 15, No 2 has been published with online version [Click]
-
Dec 16, 2019 News!
Vol 14, No 12 has been published with online version [Click]
-
Sep 16, 2019 News!
Vol 14, No 9 has been published with online version [Click]
-
Aug 16, 2019 News!
Vol 14, No 8 has been published with online version [Click]
- Read more>>