Semi-quantitative cybersecurity risk assessment by blockade and defense level analysis

Abstract

Basically, the existing information security risk assessments use mathematics, statistics and computer science to analyze the information assets. Current academic risk assessment methodologies do not completely solve the risk from invisible cyber threats. More research and efforts are needed to fully complement the current risk assessment methodology. The most important things to be supplemented is to review the level of cyber threat blockade and level of appropriate security equipment. Unfortunately, existing methodologies are not concerned with the blockade of cyber threats and the operation of appropriate security equipment. In this paper, the new intrinsic risk assessment method by performing risk assessment is proposed in two directions. First, the risk level of the cyber threats’ influx path is evaluated. Second, the level of defense systems required to treat or quarantine cyber threats that have entered inside is evaluated.