Siber Risk Yönetimi Üzerine Bir İnceleme

Yıl 2019, Cilt: 3 Sayı: 1, 34 - 45, 28.06.2019

Şükrü Okul , Orhan Muratoğlu M. Ali Aydın Hasan Şakir Bilge

https://doi.org/10.26650/acin.502589

Öz

      Bu
çalışmada Siber Risk Yönetimi ile ilgili yapılmış önemli çalışmalar
aktarılmaktadır. Bu çalışmaların içeriğinde hangi aşamalara, yöntemlere ve
adımlara yer verdikleri örneklerle açıklanmakta ve yapılan çalışmalarla ilgili
detaylar sunulmaktadır. Bu detaylar sunulmadan önce giriş kısmında risk
analizinden ve siber risk ile ilgili önemli ve detaylı bilgiler verilmektedir.
Ayrıca yine giriş bölümünde siber tehdit hazırlık seviyelerinden ve siber
tehdit araçlarından bahsedilmektedir. Bahsedilen siber tehdit araçları
detaylıca anlatılarak örneklenmektedir. 
Sonrasında daha öncede belirttiğimiz gibi toplamda konu ile alakalı 9
çalışma incelenmiştir. Bu çalışmalar ışığında bu alanda başka ne tür çalışmalar
yapılabileceği veya mevcut çalışmalara başka hangi yöntem ve adımlar
eklenebileceği de ileriki çalışmalarda yer verilebilecek bir nokta olarak da
belirtilmiştir.

Anahtar Kelimeler

Siber Güvenlik, Siber Risk, Siber Risk Yönetimi

A Review on Cyber Risk Management

Öz

    In this study, important studies on Cyber Risk
Management are discussed. The stages of these studies are explained with
examples of the steps, methods and steps they take and the details of the
studies are presented. Before these details are presented, important and
detailed information about risk analysis and cyber risk is provided in the
introduction. In addition, cyber threat preparednessation levels and cyber threat tools
are mentioned in the introduction. The mentioned cyber threat tools are
described in detail. As mentioned earlier, 9 studies related to the subject
were examined. In the light of these studies, it is stated that what kind of
studies can be done in this area or what other methods and steps can be added
to the current studies as a point that can be included in future studies.

Anahtar Kelimeler

Cyber Security, Cyber Risk, Cyber Risk Management

Kaynakça

• Altundal Ömer F., “DDoS nedir, ne değildir?”, http://www.siberguvenlik.org.tr/makaleler/ddos-nedir-ne-degildir/, August 2012
• Bodreu Deborah J., Graubart Richard, Fabius-Greene Jennifer,” Improving Cyber Security and Mission Assurance Via Cyber Preparedness (Cyber Prep) Levels”, 2010 IEEE Second International Conference on Social Computing (SocialCom), August 2010 ,( 1147 – 1152).Byres E, Franz M, Miller D. The use of attack trees in assessing vulnerabilities in SCADA systems. Proceedings of the international infrastructure survivability workshop, 2004
• Choo Kim-Kwang Raymond , “The cyber threat landscape: Challenges and future research directions”, Computers and Security, November 2011, (719-731)Çitil Ferhat, “HTML Injection Tehlikesi”, http://www.cybersecurity.org.tr/Madde/220/HTML-Injection-Tehlikesi- ,2009
• Dwen-Ren Tsai; Chang A.Y., Peichi Liu, Hsuan-Chang Chen, “Optimum Tuning of Defense Settings for Common Attacks on the Web Applications”, Security Technology, 2009. 43rd Annual 2009 International Carnahan Conference on ,January 2009, (89 – 94)
• Gertman D, Folkers R, Roberts J. Scenario-based approach to risk analysis in support of cyber security. Proceedings of the 5th international topical meeting on nuclear plant instrumentation controls, and human machine interface technology, 2006
• Haimes YY, Horowitz BM. Adaptive two-player hierarchical holographic modeling game for counterterrorism intelligence analysis. J Homel Secur Emerg Manag 2004;1(3):121
• Henry M, Haimes Y. A comprehensive network security risk model for process control networks. Risk Anal 2009;29(2):223248.Jumratjaroenvanit A. , Teng-amnuay Y., ” Probability of Attack Based on System Vulnerability Life Cycle”, Electronic Commerce and Security, 2008 International Symposium on, August 2008, (531 – 535)
• In Hoh Peter, Kim Young-Gab, Lee Taek, Moon Chang-Joo, Jung Yoonjung, Kim Injung, “A Security Risk Analysis Model for Information Systems”, http://www.luisolis.com/seminario2011/papers/A Security Risk Analysis Model for Information Systems.pdf, 2011
• Internet World Stats, www.internetworldstats.com/stats.htm, June 30, 2018
• LeMay E, Unkenholz W, Parks D, Muehrcke C, Keefe K, Sanders WH. Adversary-driven state-based system security evaluation. In: Proceedings of the 6th international workshop on security measurements and metrics. ACM; 2010. p. 5
• LeMay E, Ford M, Keefe K, Sanders W, Muehrcke C. Model-based security metrics using adversary view security evaluation (advise). In: 2011 eighth international conference on quantitative evaluation of systems (QEST). IEEE; 2011. p. 191– 200
• Mass Soldal Lund, Bjørnar Solhaug & Ketil Stølen (2011): Model-Driven Risk Analysis: The CORAS Approach, 1st edition.McQueen M, Boyer W, Flynn M, Beitel G. A quantitative cyber risk reduction estimation methodology for a Small SCADA control system. In: Proceedings of the 39th annual Hawaii international conference on system sciences. ACM; 2006
• Patel S, Graham J, Ralston P. Quantitatively assessing the vulnerability of critical information systems: a new method for evaluating security enhancements. Int J Inf Manage 2008;28(6):483–91
• Permann MR, Rohde K. Cyber assessment methods for SCADA security. 15th annual joint ISA POWID/EPRI controls and instrumentation conference, Nashville, TN, 2005
• Salinas MH. Combining multiple perspectives in the specification of a security assessment methodology [Ph.D. thesis], University of Virginia, 2003
• Song J, Lee J, Lee C, Kwon K, Lee D. A cyber security risk assessment for the design of I&C Systems in nuclear power plants. Nucl Eng Technol 2012;44(8):919–28
• Ten C-W, Manimaran G, Liu C-C. Cybersecurity for critical infrastructures: attack and defense modeling. IEEE Trans Syst Man Cybern A Syst Hum 2010;40(4):853–65
• Wills David Barnard, Ashenden Debi, “Securing Virtual Space: Cyber War, Cyber Terror, and Risk” ,Space and Culture, May 2012, (110-123)