The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

A methodology for cybersecurity risk assessment in supply chains

A methodology for cybersecurity risk assessment in supply chains
A methodology for cybersecurity risk assessment in supply chains
Supply chain cyberattacks are on the rise as attackers increasingly exploit the intricate network of supplier connections between companies. Critical infrastructures too have been successfully targeted using this strategy, which
calls for cybersecurity risk assessment strategies to be revised to stress the focus
on threats originating from suppliers. This work proposes a novel supply chain
cybersecurity risk assessment tailored for companies with limited cybersecurity
expertise and constrained resources to execute risk assessment. Through a set of simple questions, this methodology first captures the perceived likelihood and impact of vulnerabilities and threats that derive from suppliers and target specific organisational assets, and then generates cybersecurity risk scores for each relevant threat. A preliminary validation of the methodology is carried out, where generated risk scores are compared to evaluations provided by cybersecurity experts.

The results show that the methodology produces risk scores that on average differ by 8% from those deriving from the experts’ assessment, which corroborates the hypothesis that the methodology is reliable even though it does not require detailed information about the suppliers’ cyber posture.
Gokkaya, Betul
7c7964ae-106f-4f4f-8ea4-01fb4c65caac
Aniello, Leonardo
9846e2e4-1303-4b8b-9092-5d8e9bb514c3
Karafili, Erisa
f5efa31c-22b8-443e-8107-e488bd28918e
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33
Gokkaya, Betul
7c7964ae-106f-4f4f-8ea4-01fb4c65caac
Aniello, Leonardo
9846e2e4-1303-4b8b-9092-5d8e9bb514c3
Karafili, Erisa
f5efa31c-22b8-443e-8107-e488bd28918e
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33

Gokkaya, Betul, Aniello, Leonardo, Karafili, Erisa and Halak, Basel (2023) A methodology for cybersecurity risk assessment in supply chains. The 4th International Workshop on Cyber-Physical Security for Critical Infrastructures Protecstion, , The Hague, Netherlands. 28 Sep - 29 Oct 2023.

Record type: Conference or Workshop Item (Paper)

Abstract

Supply chain cyberattacks are on the rise as attackers increasingly exploit the intricate network of supplier connections between companies. Critical infrastructures too have been successfully targeted using this strategy, which
calls for cybersecurity risk assessment strategies to be revised to stress the focus
on threats originating from suppliers. This work proposes a novel supply chain
cybersecurity risk assessment tailored for companies with limited cybersecurity
expertise and constrained resources to execute risk assessment. Through a set of simple questions, this methodology first captures the perceived likelihood and impact of vulnerabilities and threats that derive from suppliers and target specific organisational assets, and then generates cybersecurity risk scores for each relevant threat. A preliminary validation of the methodology is carried out, where generated risk scores are compared to evaluations provided by cybersecurity experts.

The results show that the methodology produces risk scores that on average differ by 8% from those deriving from the experts’ assessment, which corroborates the hypothesis that the methodology is reliable even though it does not require detailed information about the suppliers’ cyber posture.

This record has no associated files available for download.

More information

Accepted/In Press date: August 2023
Published date: 28 September 2023
Venue - Dates: The 4th International Workshop on Cyber-Physical Security for Critical Infrastructures Protecstion, , The Hague, Netherlands, 2023-09-28 - 2023-10-29
Related URLs:
Learn more about School of Electronics and Computer Science research Learn more about Cyber Security research

Identifiers

Local EPrints ID: 483927
URI: http://eprints.soton.ac.uk/id/eprint/483927
PURE UUID: fdddd5bf-2cbc-4bd8-bf84-8938ad7c2b9f
ORCID for Betul Gokkaya: ORCID iD orcid.org/0009-0009-3632-9768
ORCID for Leonardo Aniello: ORCID iD orcid.org/0000-0003-2886-8445
ORCID for Erisa Karafili: ORCID iD orcid.org/0000-0002-8250-4389
ORCID for Basel Halak: ORCID iD orcid.org/0000-0003-3470-7226

Catalogue record

Date deposited: 07 Nov 2023 18:30
Last modified: 08 Nov 2023 02:59

Export record

Contributors

Author: Betul Gokkaya ORCID iD
Author: Leonardo Aniello ORCID iD
Author: Erisa Karafili ORCID iD
Author: Basel Halak ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×