Kandasamy, K., Srinivas, S., Achuthan, K., & Rangan, V. P. (2020). IoT cyber risk: A holistic analysis of cyber risk assessment frameworks, risk vectors, and risk ranking process. EURASIP Journal on Information Security, 2020(1), 1–18. This paper includes a review of existing popular cyber risk assessment methodologies and their suitability to IoT systems. National Institute of Standards and Technology, Operationally Critical Threat, Asset, and Vulnerability Evaluation, Threat Assessment & Remediation Analysis, and International Standards Organization are the four main frameworks critically analyzed in this research study.
Gourisetti, S. N. G., Mylrea, M., Ashley, T., Kwon, R., Castleberry, J., Wright-Mockler, Q., McKenzie, P., & Brege, G. (2019). Demonstration of the cybersecurity framework through real-world cyber attack. 2019 Resilience Week (RWS), Resilience Week (RWS), 2019, 1, 19–25. This paper shows the capabilities of the Cyber Security Framework web tools by demonstrating a simulated cyber-attack based on a real-world scenario.
Greene, S. (2017). 4.3 Real-world auditing risk management (Lesson 4: Risk Management) [Video]. In CISA (Certified Information Systems Auditor). Pearson IT Certification. The purpose of a risk management program is to align the organizational risk appetite with organizational activities. To do this, we iteratively calculate, treat, monitor, and evaluate inherent and residual risk.
Shannon, M. J. (2018). 4.1 Reviewing control effectiveness (Lesson 4: Risk metric scenarios for enterprise security) [Video]. In CompTIA Advanced Security Practitioner (CASP) CAS-003. Pearson IT Certification. Gap analysis is the basis for the original information security program action plan. It will be conducted in an iterative manner to review and report on effectiveness of your implemented controls. The focus should always be on established key goal indicators and key performance indicators.