Digital transformation often involves venturing into new areas where cyber security risks such as zero-day attacks may prevail. Organizations must be prepared in advance to protect themselves against such unknown unknowns. Often, organizations employ techniques such as vulnerability scanning, penetration testing and/or source code reviewing to try to protect their information technology assets. Subsequently vulnerabilities with their cyber security frontier are discovered. However, safeguard implementation is often a pain point. Organizations often have limited resources and there are often too many vulnerabilities to be fixed. Through profiling cyber security risk assessment and audit findings, this paper proposes classifying potential vulnerabilities into practical areas where resources should be invested into the protection, and organizations should focus their efforts into the domain areas with higher frequencies of occurrences, or higher potential impacts. With limited resources for organizations, the strategies suggested in this paper often utilize resources readily available in the public domain and is thus suitable for small and large organizations alike. Through profiling potential attack landscape into different domain areas, the holistic approach protects organizations against would-be adversaries with minimal cost.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Cyber Security Risk Mitigation Strategies for Digital Transformation Through Profiling Potential Attack Landscape

  • Candies Lam

摘要

Digital transformation often involves venturing into new areas where cyber security risks such as zero-day attacks may prevail. Organizations must be prepared in advance to protect themselves against such unknown unknowns. Often, organizations employ techniques such as vulnerability scanning, penetration testing and/or source code reviewing to try to protect their information technology assets. Subsequently vulnerabilities with their cyber security frontier are discovered. However, safeguard implementation is often a pain point. Organizations often have limited resources and there are often too many vulnerabilities to be fixed. Through profiling cyber security risk assessment and audit findings, this paper proposes classifying potential vulnerabilities into practical areas where resources should be invested into the protection, and organizations should focus their efforts into the domain areas with higher frequencies of occurrences, or higher potential impacts. With limited resources for organizations, the strategies suggested in this paper often utilize resources readily available in the public domain and is thus suitable for small and large organizations alike. Through profiling potential attack landscape into different domain areas, the holistic approach protects organizations against would-be adversaries with minimal cost.