TY - GEN
T1 - Method of Quantitative Analysis of Cybersecurity Risks Focused on Data Security in Financial Institutions
AU - Alegria, Alberto Vidal
AU - Morales Loayza, Jorge Luis
AU - Montoya, Arnaldo Neyra
AU - Armas-Aguirre, Jimmy
N1 - Publisher Copyright:
© 2022 IEEE Computer Society. All rights reserved.
PY - 2022
Y1 - 2022
N2 - In this paper, a quantitative analysis method is proposed to calculate the risks from cyber-attacks focused on the domain of data security in the financial sector. Cybersecurity risks have increased in organizations due to the process of digital transformation they are going through, reflecting in a notorious way in the financial sector, where a considerable percentage of the attacks carried out on the various industries are concentrated. In this sense, risk assessment becomes a critical point for their proper management and, in particular, for organizations to have a risk analysis method that allows them to make cost-effective decisions. The proposed method integrates a layered architecture, a list of attacks to be prioritized, and a loss taxonomy to streamline risk analysis over the data security domain including: encryption, masking, deletion, and resiliency. The layered architecture considers: presentation layer, business logic layer, and data management layer. The method was validated and tested by 6 financial companies in Lima, Peru. The preliminary results identified the applicability of the proposed method collected through surveys of experts from the 6 entities surveyed, obtaining 85.7% who consider that the proposed three-layer architecture contains the assets considered critical.
AB - In this paper, a quantitative analysis method is proposed to calculate the risks from cyber-attacks focused on the domain of data security in the financial sector. Cybersecurity risks have increased in organizations due to the process of digital transformation they are going through, reflecting in a notorious way in the financial sector, where a considerable percentage of the attacks carried out on the various industries are concentrated. In this sense, risk assessment becomes a critical point for their proper management and, in particular, for organizations to have a risk analysis method that allows them to make cost-effective decisions. The proposed method integrates a layered architecture, a list of attacks to be prioritized, and a loss taxonomy to streamline risk analysis over the data security domain including: encryption, masking, deletion, and resiliency. The layered architecture considers: presentation layer, business logic layer, and data management layer. The method was validated and tested by 6 financial companies in Lima, Peru. The preliminary results identified the applicability of the proposed method collected through surveys of experts from the 6 entities surveyed, obtaining 85.7% who consider that the proposed three-layer architecture contains the assets considered critical.
KW - Cybersecurity
KW - data security
KW - financial sector
KW - risk analysis
KW - risk calculation
UR - https://www.scopus.com/pages/publications/85134842723
U2 - 10.23919/CISTI54924.2022.9820198
DO - 10.23919/CISTI54924.2022.9820198
M3 - Contribución a la conferencia
AN - SCOPUS:85134842723
T3 - Iberian Conference on Information Systems and Technologies, CISTI
BT - Proceedings of 2022 17th Iberian Conference on Information Systems and Technologies, CISTI 2022
A2 - Rocha, Alvaro
A2 - Bordel, Borja
A2 - Penalvo, Francisco Garcia
A2 - Goncalves, Ramiro
PB - IEEE Computer Society
T2 - 17th Iberian Conference on Information Systems and Technologies, CISTI 2022
Y2 - 22 June 2022 through 25 June 2022
ER -