Review Article


DOI :10.26650/acin.502589   IUP :10.26650/acin.502589    Full Text (PDF)

Siber Risk Yönetimi Üzerine Bir İnceleme

Şükrü OkulOrhan MuratoğluMuhammed Ali AydınHasan Şakir Bilge

Bu çalışmada Siber Risk Yönetimi ile ilgili yapılmış önemli çalışmalar aktarılmaktadır. Bu çalışmaların içeriğinde hangi aşamalara, yöntemlere ve adımlara yer verdikleri örneklerle açıklanmakta ve yapılan çalışmalarla ilgili detaylar sunulmaktadır. Bu detaylar sunulmadan önce giriş kısmında risk analizinden ve siber risk ile ilgili önemli ve detaylı bilgiler verilmektedir. Ayrıca yine giriş bölümünde siber tehdit hazırlık seviyelerinden ve siber tehdit araçlarından bahsedilmektedir. Bahsedilen siber tehdit araçları detaylıca anlatılarak örneklenmektedir. Sonrasında daha öncede belirttiğimiz gibi toplamda konu ile alakalı 9 çalışma incelenmiştir. İncelenen bu 9 çalışmanın literatür taraması yapılmıarak ayrıntılarıyla ele alınmaktadır. Bu çalışmalarda hangi adımların hangi yöntemlerin uygulandığı ifade edilmekte ve bazı örnekler verilmektedir. Bu çalışmalar ışığında bu alanda başka ne tür çalışmalar yapılabileceği veya mevcut çalışmalara başka hangi yöntem ve adımlar eklenebileceği de ileriki çalışmalarda yer verilebilecek bir nokta olarak da belirtilmiştir. Ayrıca yapılacak çalışmalarda literatürdeki bu çalışmaların sınıflandırmasının da daha detaylı olarak yapılabileceğinden bahsedilmektedir. 

DOI :10.26650/acin.502589   IUP :10.26650/acin.502589    Full Text (PDF)

A Review on Cyber Risk Management

Şükrü OkulOrhan MuratoğluMuhammed Ali AydınHasan Şakir Bilge

In this study, important studies on Cyber Risk Management are discussed. The stages of these studies are explained with examples of the steps, methods and steps they take and the details of the studies are presented. Before these details are presented, important and detailed information about risk analysis and cyber risk is provided in the introduction. In addition, cyber threat preparedness levels and cyber threat tools are mentioned in the introduction. The mentioned cyber threat tools are described in detail. As mentioned earlier, 9 studies related to the subject were examined. The literature review of these 9 studies has been examined in detail. In these studies, it is stated which steps are applied and some examples are given. In the light of these studies, it is stated that what kind of studies can be done in this area or what other methods and steps can be added to the current studies as a point that can be included in future studies. It is also mentioned in the studies that the classification of these studies in the literature can be done in more detail. 


PDF View

References

  • Altundal Ömer F., “DDoS nedir, ne değildir?”, http://www.siberguvenlik.org.tr/makaleler/ddos-nedir-ne-degildir/, August 2012 google scholar
  • Bodreu Deborah J., Graubart Richard, Fabius-Greene Jennifer,” Improving Cyber Security and Mission Assurance Via Cyber Preparedness (Cyber Prep) Levels”, 2010 IEEE Second International Conference on Social Computing (SocialCom), August 2010 ,( 1147 – 1152).Byres E, Franz M, Miller D. The use of attack trees in assessing vulnerabilities in SCADA systems. Proceedings of the international infrastructure survivability workshop, 2004 google scholar
  • Choo Kim-Kwang Raymond , “The cyber threat landscape: Challenges and future research directions”, Computers and Security, November 2011, (719-731)Çitil Ferhat, “HTML Injection Tehlikesi”, http://www.cybersecurity.org.tr/Madde/220/HTML-Injection-Tehlikesi- ,2009 google scholar
  • Dwen-Ren Tsai; Chang A.Y., Peichi Liu, Hsuan-Chang Chen, “Optimum Tuning of Defense Settings for Common Attacks on the Web Applications”, Security Technology, 2009. 43rd Annual 2009 International Carnahan Conference on ,January 2009, (89 – 94) google scholar
  • Gertman D, Folkers R, Roberts J. Scenario-based approach to risk analysis in support of cyber security. Proceedings of the 5th international topical meeting on nuclear plant instrumentation controls, and human machine interface technology, 2006 google scholar
  • Haimes YY, Horowitz BM. Adaptive two-player hierarchical holographic modeling game for counterterrorism intelligence analysis. J Homel Secur Emerg Manag 2004;1(3):121 google scholar
  • Henry M, Haimes Y. A comprehensive network security risk model for process control networks. Risk Anal 2009;29(2):223248.Jumratjaroenvanit A. , Teng-amnuay Y., ” Probability of Attack Based on System Vulnerability Life Cycle”, Electronic Commerce and Security, 2008 International Symposium on, August 2008, (531 – 535) google scholar
  • In Hoh Peter, Kim Young-Gab, Lee Taek, Moon Chang-Joo, Jung Yoonjung, Kim Injung, “A Security Risk Analysis Model for Information Systems”, http://www.luisolis.com/seminario2011/papers/A Security Risk Analysis Model for Information Systems.pdf, 2011 google scholar
  • Internet World Stats, www.internetworldstats.com/stats.htm, June 30, 2018 google scholar
  • LeMay E, Unkenholz W, Parks D, Muehrcke C, Keefe K, Sanders WH. Adversary-driven state-based system security evaluation. In: Proceedings of the 6th international workshop on security measurements and metrics. ACM; 2010. p. 5 google scholar
  • LeMay E, Ford M, Keefe K, Sanders W, Muehrcke C. Model-based security metrics using adversary view security evaluation (advise). In: 2011 eighth international conference on quantitative evaluation of systems (QEST). IEEE; 2011. p. 191– 200 google scholar
  • Mass Soldal Lund, Bjørnar Solhaug & Ketil Stølen (2011): Model-Driven Risk Analysis: The CORAS Approach, 1st edition.McQueen M, Boyer W, Flynn M, Beitel G. A quantitative cyber risk reduction estimation methodology for a Small SCADA control system. In: Proceedings of the 39th annual Hawaii international conference on system sciences. ACM; 2006 google scholar
  • Patel S, Graham J, Ralston P. Quantitatively assessing the vulnerability of critical information systems: a new method for evaluating security enhancements. Int J Inf Manage 2008;28(6):483–91 google scholar
  • Permann MR, Rohde K. Cyber assessment methods for SCADA security. 15th annual joint ISA POWID/EPRI controls and instrumentation conference, Nashville, TN, 2005 google scholar
  • Salinas MH. Combining multiple perspectives in the specification of a security assessment methodology [Ph.D. thesis], University of Virginia, 2003 google scholar
  • Song J, Lee J, Lee C, Kwon K, Lee D. A cyber security risk assessment for the design of I&C Systems in nuclear power plants. Nucl Eng Technol 2012;44(8):919–28 google scholar
  • Ten C-W, Manimaran G, Liu C-C. Cybersecurity for critical infrastructures: attack and defense modeling. IEEE Trans Syst Man Cybern A Syst Hum 2010;40(4):853–65 google scholar
  • Wills David Barnard, Ashenden Debi, “Securing Virtual Space: Cyber War, Cyber Terror, and Risk” ,Space and Culture, May 2012, (110-123) google scholar

Citations

Copy and paste a formatted citation or use one of the options to export in your chosen format


EXPORT



APA

Okul, Ş., Muratoğlu, O., Aydın, M.A., & Bilge, H.Ş. (2019). Siber Risk Yönetimi Üzerine Bir İnceleme. Acta Infologica, 3(1), 34-45. https://doi.org/10.26650/acin.502589


AMA

Okul Ş, Muratoğlu O, Aydın M A, Bilge H Ş. Siber Risk Yönetimi Üzerine Bir İnceleme. Acta Infologica. 2019;3(1):34-45. https://doi.org/10.26650/acin.502589


ABNT

Okul, Ş.; Muratoğlu, O.; Aydın, M.A.; Bilge, H.Ş. Siber Risk Yönetimi Üzerine Bir İnceleme. Acta Infologica, [Publisher Location], v. 3, n. 1, p. 34-45, 2019.


Chicago: Author-Date Style

Okul, Şükrü, and Orhan Muratoğlu and Muhammed Ali Aydın and Hasan Şakir Bilge. 2019. “Siber Risk Yönetimi Üzerine Bir İnceleme.” Acta Infologica 3, no. 1: 34-45. https://doi.org/10.26650/acin.502589


Chicago: Humanities Style

Okul, Şükrü, and Orhan Muratoğlu and Muhammed Ali Aydın and Hasan Şakir Bilge. Siber Risk Yönetimi Üzerine Bir İnceleme.” Acta Infologica 3, no. 1 (Nov. 2024): 34-45. https://doi.org/10.26650/acin.502589


Harvard: Australian Style

Okul, Ş & Muratoğlu, O & Aydın, MA & Bilge, HŞ 2019, 'Siber Risk Yönetimi Üzerine Bir İnceleme', Acta Infologica, vol. 3, no. 1, pp. 34-45, viewed 23 Nov. 2024, https://doi.org/10.26650/acin.502589


Harvard: Author-Date Style

Okul, Ş. and Muratoğlu, O. and Aydın, M.A. and Bilge, H.Ş. (2019) ‘Siber Risk Yönetimi Üzerine Bir İnceleme’, Acta Infologica, 3(1), pp. 34-45. https://doi.org/10.26650/acin.502589 (23 Nov. 2024).


MLA

Okul, Şükrü, and Orhan Muratoğlu and Muhammed Ali Aydın and Hasan Şakir Bilge. Siber Risk Yönetimi Üzerine Bir İnceleme.” Acta Infologica, vol. 3, no. 1, 2019, pp. 34-45. [Database Container], https://doi.org/10.26650/acin.502589


Vancouver

Okul Ş, Muratoğlu O, Aydın MA, Bilge HŞ. Siber Risk Yönetimi Üzerine Bir İnceleme. Acta Infologica [Internet]. 23 Nov. 2024 [cited 23 Nov. 2024];3(1):34-45. Available from: https://doi.org/10.26650/acin.502589 doi: 10.26650/acin.502589


ISNAD

Okul, Şükrü - Muratoğlu, Orhan - Aydın, MuhammedAli - Bilge, HasanŞakir. Siber Risk Yönetimi Üzerine Bir İnceleme”. Acta Infologica 3/1 (Nov. 2024): 34-45. https://doi.org/10.26650/acin.502589



TIMELINE


Submitted25.12.2018
Accepted02.04.2019
Published Online28.06.2019

LICENCE


Attribution-NonCommercial (CC BY-NC)

This license lets others remix, tweak, and build upon your work non-commercially, and although their new works must also acknowledge you and be non-commercial, they don’t have to license their derivative works on the same terms.


SHARE




Istanbul University Press aims to contribute to the dissemination of ever growing scientific knowledge through publication of high quality scientific journals and books in accordance with the international publishing standards and ethics. Istanbul University Press follows an open access, non-commercial, scholarly publishing.