From: Software Engineering Institute/Carnegie Mellon University
By James Cebula
Senior Member of the Technical Staff, SEI CERT Division
This blog post was also co-authored by Lisa Young.
Organizations are continually fending off cyberattacks in one form or another. The 2014 Verizon Data Breach Investigations Report, which included contributions from SEI researchers, tagged 2013 as “the year of the retailer breach.” According to the report, 2013 also witnessed “a transition from geopolitical attacks to large-scale attacks on payment card systems.” To illustrate the trend, the report outlines a 12-month chronology of attacks, including a January “watering hole” attack on the Council on Foreign Relations website followed in February by targeted cyber-espionage attacks against The New York Times and The Wall Street Journal. The well-documented Target breach brought 2013 to a close with the theft of more than 40 million debit and credit card numbers. This blog post highlights a recent research effort to create a taxonomy that provides organizations a common language and set of terminology they can use to discuss, document, and mitigate operational cyber security risks.
Foundations of Our Work
Organizations of all sizes in the public and private sectors increasingly rely on information and technology assets that are supported by people and facilities. An attack that disrupts these assets can be devastating. In March, The Economist reported that the Target breach “cost the company US $61m in response costs in the fourth quarter alone and helped fuel a 5.5 percent drop in transactions during the crucial holiday shopping season.”
For the purpose of drafting our taxonomy, we defined operational risks as
those arising due to the actions of people, systems and technology failures, failed internal processes, and external events
We defined operational cybersecurity risk as follows:
***
Additional Resources
To read the SEI technical report, A Taxonomy of Operational Cyber Security Risks, Version 2, please visit http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=9395.
Leave a Reply