Skip to main content
SpringerLink
Log in
Book cover

International Conference on Software Process Improvement

CIMPS 2017: Trends and Applications in Software Engineering pp 137–146Cite as

Systematic Review: Cybersecurity Risk Taxonomy

Part of the Advances in Intelligent Systems and Computing book series (AISC,volume 688)

Abstract

In cybersecurity, the identification of risks is a fundamental part because this activity is not unique to cybersecurity and it is hard to know what the risks in this area are. This study aims to identify if there are some risk taxonomies in cybersecurity. For this, a systematic review of the studies published from 1990 to 2017 was carried out. We found 132 papers and some of them mention some risk taxonomies within the scope of IT (information technologies) cybersecurity, although only five primary elements were selected, identifying the main risk taxonomies. A classification of cybersecurity risk taxonomy types has been adapted, with the inclusion of new categories, categorized according to their perspective and domain. We have analysed the taxonomies form a proposed five level perspective. Finally, it has been observed that risk taxonomies may be shifting the focus from the asset level to service and business level.

Keywords

  • Cybersecurity risk taxonomy
  • Cybersecurity risk
  • Risk taxonomy
  • Cyber risk taxonomy

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ISACA Glosary (2016), https://www.isaca.org/Pages/Glossary.aspx?tid=1784&char=R.

  2. ISACA, http://www.isaca.org/Knowledge-Center/Blog/Lists/Posts/Post.aspx?ID=296.

  3. Kitchenham, B., Dybå, T., Jørgensen, M.: “Evidence-based software engineering,” Proceedings of the International Conference on Software Engineering, pp. 273–281 (2004)

    Google Scholar 

  4. Kitchenham, B.: “Guidelines for performing systematic literature reviews in software engineering,” EBSE Technical Report EBSE-2007-01, Keele University (2007)

    Google Scholar 

  5. Greitzer, F., Strozer, J., Cohen, S., Moore, A., Mundie, D., Cowley, J.: Analysis of Unintentional Insider Threats Deriving from Social Engineering Exploits. IEEE Security and Privacy Workshops, vol 35, 236-250 (2014)

    Google Scholar 

  6. Herzfeldt, A., Hausen, M., Briggs, R. O., Krcmar, H.: European Conference on Information Systems ECIS 2012. Developing a risk management process and risk taxonomy for medium-sized it solution providers. Association for Information Systems, Barcelona Spain (2012)

    Google Scholar 

  7. Alireza, S., Rouzbeh, B., Cheriet, M. (2016) Taxonomy of information security risk assessment (ISRA). Computers & security, vol 57, 14-30 (2016)

    Google Scholar 

  8. Elnagdy, S., Meikang, Q., Keke, G. (2016) Understanding Taxonomy of Cyber Risks for Cybersecurity Insurance of Financial Industry in Cloud Computing. IEEE International Conference on Cyber Security and Cloud Computing, vol 3, 295-300 (2016)

    Google Scholar 

  9. Kanel, J., Cope, E., Deleris, L., Nayak, N., Torok, R.: Three key enablers to successful enterprise risk management. IBM J. RES. & DEV, vol 54, 1-15 (2010)

    Google Scholar 

  10. Cebula, J., Young L.: A Taxonomy of Operational Cyber Security Risks. Software engineering institute. Recovered from: http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=91013 (2010)

  11. Delmee, F.: Graduation research, The structure of a cyber risk a scenario based approach in cyber risk assessment. Utrecht University, Deloitte Nederland (2016)

    Google Scholar 

  12. Li, X., Liang, X., Lu, R., Lu, Shen, X., Lin, X., Zhu, H.: Securing smart grid: cyber attacks, countermeasures, and challenges. IEEE Communications Magazine, 50(8):38–45 (2012)

    Google Scholar 

  13. Bompard, E., Huang, T., Wu, Y., Cremenescu, M.: Classification and trend analysis of threats origins to the security of power systems. International Journal of Electrical Power & Energy Systems, 50:50– 64 (2013)

    Google Scholar 

  14. Laribee, L.: Development of methodical social engineering taxonomy. Master’s Thesis, Monterey, CA: Naval Postgraduate School. Amazon Digital Services (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ETS Ingenieros Informáticos, Universidad Politécnica de Madrid, Madrid, España

    A. M. Rea-Guaman, T. San Feliu & J. A. Calvo-Manzano

  2. Escuela Superior de Ingeniería Mecánica y Eléctrica, Instituto Politécnico Nacional, Ciudad de México, México

    I. D. Sanchez-Garcia

Authors
  1. A. M. Rea-Guaman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. T. San Feliu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. J. A. Calvo-Manzano
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. I. D. Sanchez-Garcia
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Centro de Invest. en Matemáticas A.C.,, Unidad Zacatecas Centro de Invest. en Matemáticas A.C.,, Zacatecas, Mexico

    Jezreel Mejia

  2. Centro de Invest. en Matemáticas A.C.,, Unidad Zacatecas Centro de Invest. en Matemáticas A.C.,, Zacatecas, Mexico

    Mirna Muñoz

  3. Departamento de Engenharia Informática, University of Coimbra , Coimbra, Portugal

    Álvaro Rocha

  4. Facultad de Informática, Universidad Autónoma de Sinaloa , Mazatlán, Mexico

    Yadira Quiñonez

  5. Lenguajes y Sistemas Informáticos e Ingeniería de Software, Universidad Politécnica de Madrid, Madrid, Spain

    Jose Calvo-Manzano

Rights and permissions

Reprints and Permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Cite this paper

Rea-Guaman, A.M., San Feliu, T., Calvo-Manzano, J.A., Sanchez-Garcia, I.D. (2018). Systematic Review: Cybersecurity Risk Taxonomy. In: Mejia, J., Muñoz, M., Rocha, Á., Quiñonez, Y., Calvo-Manzano, J. (eds) Trends and Applications in Software Engineering. CIMPS 2017. Advances in Intelligent Systems and Computing, vol 688. Springer, Cham. https://doi.org/10.1007/978-3-319-69341-5_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69341-5_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69340-8

  • Online ISBN: 978-3-319-69341-5

  • eBook Packages: EngineeringEngineering (R0)

search

Navigation