Creating a Comprehensive Assessment of Cyber Risks

Cheryl Ann Alexander^1, and Lidong Wang²

¹Institute for IT Innovation and Smart Health, Mississippi, USA

²Institute for Systems Engineering Research, Mississippi State University, Mississippi, USA

Cite this paper:
Cheryl Ann Alexander and Lidong Wang. Creating a Comprehensive Assessment of Cyber Risks. American Journal of Software Engineering. 2024; 7(1):1-7. doi: 10.12691/ajse-7-1-1

Abstract

New digital technologies have revolutionized the field of cybersecurity. Big data analytics, wearables, cloud computing, blockchain, Internet of Things, Internet of Medical Things, artificial intelligence, and machine learning are just a few of the new technologies. Sharing data and increasing accessibility and collaboration are critical to cybersecurity programs today. In healthcare, a risk assessment is key to guaranteeing the security and integrity of patient data including cyber-physical systems, networked equipment, supply chain management, and personal health information. In this paper, analysis and assessment of threats and cyber risks are presented. Software failures, software vulnerabilities, software updates, and outdated or unpatched software and applications are introduced. A comprehensive risk assessment for healthcare is introduced. A comprehensive risk assessment for a large medical center is presented as a case study. A critical list of cyber risks is presented according to the level of risk and how common the risk is. Software developers should consider cyber risks while designing software and applications.

Keywords:
cybersecurity software risk assessment cyber risks Internet of things (IoT) Internet of medical things (IoMT) blockchain artificial intelligence (AI) machine learning (ML) healthcare

This work is licensed under a Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

References:

[1]	Arafa, A., Sheerah, H. A., & Alsalamah, S. (2023). Emerging Digital Technologies in Healthcare with a Spotlight on Cybersecurity: A Narrative Review. Information, 14(12), 640.
[2]	Kpoze, A., Degila, J., Ahouandjinou, A., Houngue, P., Soude, H., & Wamba, S. F. (2023, August). Cybersecurity Risk Assessment for Beninese Power Grid SCADA system. In 2023 IEEE International Conference on Cryptography, Informatics, and Cybersecurity (ICoCICs) (pp. 320-326). IEEE.
[3]	Coppolino, L., Sgaglione, L., D’Antonio, S., Magliulo, M., Romano, L., & Pacelli, R. (2022). Risk assessment driven use of advanced SIEM technology for cyber protection of critical e-health processes. SN Computer Science, 3, 1-13.
[4]	Alshammari, A. (2023). A Novel Security Framework to Mitigate and Avoid Unexpected Security Threats in Saudi Arabia. Engineering, Technology & Applied Science Research, 13(4), 11445-11450.
[5]	Kure, H. I., Islam, S., Ghazanfar, M., Raza, A., & Pasha, M. (2022). Asset criticality and risk prediction for an effective cybersecurity risk management of cyber-physical system. Neural Computing and Applications, 34(1), 493-514.
[6]	Healthcare Sector Cybersecurity Coordination Center (HC3). (2020). Quantitative Risk Management for Healthcare Cybersecurity, Report # 202005071030.
[7]	Rosado, D. G., Santos-Olmo, A., Sánchez, L. E., Serrano, M. A., Blanco, C., Mouratidis, H., & Fernández-Medina, E. (2022). Managing cybersecurity risks of cyber-physical systems: The MARISMA-CPS pattern. Computers in Industry, 142, 103715.
[8]	Samsamian, S., Hasani, A., Hakak, S., Esmaeilnezhad, T. F., & Khan, M. K. (2023). Comprehensive risk assessment and analysis of blockchain technology implementation using fuzzy cognitive mapping. Computer Science and Information Systems, (00), 39-39.
[9]	Alfaadhel, A., Almomani, I., & Ahmed, M. (2023). Risk-Based Cybersecurity Compliance Assessment System (RC2AS). Applied Sciences, 13(10), 6145.
[10]	Siddiqui, F., Ahlbrecht, A., Khan, R., Tasdemir, S. Y., Hui, H., Sonigara, B., ... & Durak, U. (2023, October). Cybersecurity Engineering: Bridging the Security Gaps in Avionics Architectures and DO-326A/ED-202A. In 2023 IEEE/AIAA 42nd Digital Avionics Systems Conference (DASC) (pp. 1-8). IEEE.
[11]	Ekstedt, M., Afzal, Z., Mukherjee, P., Hacks, S., & Lagerström, R. (2023). Yet another cybersecurity risk assessment framework. International Journal of Information Security, 22(6), 1713-1729.
[12]	Priyadarshini, I., Kumar, R., Tuan, L. M., Son, L. H., Long, H. V., Sharma, R., & Rai, S. (2021). A new enhanced cyber security framework for medical cyber physical systems. SICS Software-Intensive Cyber-Physical Systems, 1-25.
[13]	Kaberuka, J., & Johnson, C. (2020, June). Adapting STPA-sec for Socio-technical Cyber Security Challenges in Emerging Nations: A Case Study in Risk Management for Rwandan Health Care. In 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security) (pp. 1-9). IEEE.
[14]	Czekster, R. M., Grace, P., Marcon, C., Hessel, F., & Cazella, S. C. (2023). Challenges and Opportunities for Conducting Dynamic Risk Assessments in Medical IoT. Applied Sciences, 13(13), 7406.
[15]	Boeckl, K., Boeckl, K., Fagan, M., Fisher, W., Lefkovitz, N., Megas, K. N., ... & Scarfone, K. (2019). Considerations for managing Internet of Things (IoT) cybersecurity and privacy risks. Gaithersburg: US Department of Commerce, National Institute of Standards and Technology.
[16]	Shanmugam, B., & Azam, S. (2023). Risk Assessment of Heterogeneous IoMT Devices: A Review. Technologies, 11(1), 31.
[17]	Kandasamy, K., Srinivas, S., Achuthan, K., & Rangan, V. P. (2020). IoT cyber risk: A holistic analysis of cyber risk assessment frameworks, risk vectors, and risk ranking process. EURASIP Journal on Information Security, 2020(1), 1-18.
[18]	Ksibi, S., Jaidi, F., & Bouhoula, A. (2023). A comprehensive study of security and cyber-security risk management within e-Health systems: Synthesis, analysis and a novel quantified approach. Mobile Networks and Applications, 28(1), 107-127.
[19]	Moshi, M. R., Tooher, R., & Merlin, T. (2020). Development of a health technology assessment module for evaluating mobile medical applications. International Journal of Technology Assessment in Health Care, 36(3), 252-261.
[20]	Alzahrani, F. A. (2021). Estimating Security Risk of Healthcare Web Applications: A Design Perspective. Computers, Materials & Continua, 67(1).
[21]	Kim, D. W., Choi, J. Y., & Han, K. H. (2020). Risk management-based security evaluation model for telemedicine systems. BMC Medical informatics and decision making, 20(1), 1-14.
[22]	Farah, L., Davaze-Schneider, J., Martin, T., Nguyen, P., Borget, I., & Martelli, N. (2023). Are current clinical studies on artificial intelligence-based medical devices comprehensive enough to support a full health technology assessment? A systematic review. Artificial Intelligence in Medicine, 102547.
[23]	Islam, S., Abba, A., Ismail, U., Mouratidis, H., & Papastergiou, S. (2022). Vulnerability prediction for secure healthcare supply chain service delivery. Integrated Computer-Aided Engineering, (Preprint), 1-21.
[24]	Nifakos, S., Chandramouli, K., Nikolaou, C. K., Papachristou, P., Koch, S., Panaousis, E., & Bonacina, S. (2021). Influence of human factors on cyber security within healthcare organisations: A systematic review. Sensors, 21(15), 5119.
[25]	Ahmed, M. A., Sindi, H. F., & Nour, M. (2022). Cybersecurity in Hospitals: An Evaluation Model. Journal of Cybersecurity and Privacy, 2(4), 853-861.