Salient Issues in Cybersecurity Risk Management

Cybersecurity risk spans a spectrum of vulnerabilities across people, processes and technologies. Organisations focusing on technology alone can miss more important issues in cybersecurity, and as such leave themselves open to unattended or unknown risks associated with poor processes, assumptions on security, and indeed a failure to understand how people play critical roles in securing organisations. In recent years, more attention is being paid to human cybersecurity, focusing on the proclivities, behaviours and unexpectedness of people. With technologies continuing to evolve, human action and intent can intertwine with escalating risk, with organisations needing to continually improve, reinvent and recalibrate their cybersecurity posture: knowing how to approach emerging cybersecurity problems or risks can be a starting point.

The 6 chapters that follow present a set of frameworks as such starting points, each focused on a different aspect of mitigating cybersecurity risk. Chapter 1 outlines a framework for ubiquitous IoT devices in an increasingly smart future. Taking the perspective of the individual, the person, chapter 2 presents solutions to email risks, a critical aspect of human cybersecurity in the context of risks associated with phishing and other social engineering techniques. Chapter 3 takes a different approach, assessing risk in very large organisations, distributed physically, and focusing on public healthcare, a sector that finds itself continually cyberattacked globally.  Returning to the context of smart technologies, chapter 4 details ways to protect smart homes. And of course, not all use of technology is utilitarian, many people gain pleasure from hedonic systems like gaming: chapter 5 outlines risk mitigation in online gaming. Chapter 6, focusing on ransomware, deals with one of the most significant escalating cyberthreats in recent years, and in focusing on supply chains provides guidance for risk mitigation for organisations.

What follows are exemplars, stories, each with its own context, each with its own recommendations for mitigating cybersecurity risks. Each is standalone, each the work of postgraduate students on the University of Galway’s MSc Cybersecurity Risk Programme, working in teams to tackle specific issues in risk management. Each chapter follows a similar ontology, delineating the scope and setting for the study, the relevant risks, how these risks are assessed in the context of the study and importantly, the mitigations to offset, reduce or remove cybersecurity risks. Further, each chapter presents a set of specific recommendations for cybersecurity risk management, and outlines possible next steps for future studies.

The chapters are:

1. Securing the Smart Future: An IoT Risk Management Framework
2. Defending your Inbox, One Layer at a Time
3. Assessing Cybersecurity Preparedness in Distributed Public Healthcare Systems: a Focus on the Irish Health Service
4. The Need for Intrusion Detection Systems in Securing Smart Homes
5. Gaming in the Age of Cyber Threats: A User-Centric Approach
6. A Cybersecurity Framework for Ransomware Mitigation in Supply Chains

You can read the chapters by following the links above, or by using the book navigation (on the left of your screen if using a computer, or near the top of the screen on mobile devices): open the ‘Contents’ drop-down list and expand the ‘Main Body’ section to see each chapter.

Editors:

Mona Isazad Mashinchi, University of Galway

Rebecca Lindley, Centripetal

Tom Acton, University of Galway