Abstract
In this research article, we explore the use of a design process for adapting existing cyber risk assessment standards to allow the calculation of economic impact from IoT cyber risk. The paper presents a new model that includes a design process with new risk assessment vectors, specific for IoT cyber risk. To design new risk assessment vectors for IoT, the study applied a range of methodologies, including literature review, empirical study and comparative study, followed by theoretical analysis and grounded theory. An epistemological framework emerges from applying the constructivist grounded theory methodology to draw on knowledge from existing cyber risk frameworks, models and methodologies. This framework presents the current gaps in cyber risk standards and policies, and defines the design principles of future cyber risk impact assessment. The core contribution of the article therefore, being the presentation of a new model for impact assessment of IoT cyber risk.
Highlights
There is a strong interest in industry and academia to standardise existing cyber risk assessment standards
The IoT risk vectors are investigated in the context of Social Internet of Things [16], the Industry 4.0 (I4.0) and the Industrial Internet of Things (IIoT)
The analysis in this study examines how the current cyber risk assessment approaches are based on conventional abstractions, for instance, the colour coding in the National Institute of Standards and Technology (NIST) framework traffic light protocol [138], or the mathematical approximation in Common Vulnerability Scoring System (CVSS) [119]
Summary
There is a strong interest in industry and academia to standardise existing cyber risk assessment standards. Standardisation of cyber security frameworks, models and methodologies is an attempt to combine existing standards This has not been done until present. 5 we propose the design principles for impact assessment of IoT cyber risk by conducting empirical study cyber security frameworks, methods and quantitative models. There are multiple attempts in literature where existing models are applied understand the economic impact of cyber risk [36] These calculations largely ignore the cyber risk of sharing infrastructure [37], such as IoT infrastructure [11, 12, 38], [39,40,41,42,43,44,45,46]. Literature review of academic and industry literature from several different countries is undertaken to advance the epistemological framework into a design model
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
