Holistic Physical Risk and Crises Prioritization Approaches to Solve Cyber Defense Conundrums

摘要

During the last decade the techniques and tools of cyber attacks have become more sophisticated, the distinctions between actors and threats have become blurred and attack prospects more worrying. The informational threat can hit any type of civilian or military controls, fixed or mobile infrastructures, putting them down or greatly reducing their service capabilities with direct and indirect physical / economic impacts from tactical or local scale to strategic / national and international level. It has been shown that broad spectrum protection investments and particularly poorly prioritized ones are not efficient as oftentimes they are limited in scope by other operational requirements. So it is simply not possible to protect each property from each threat. The cyberdefense must be rooted on intelligence based on prioritized Risk Management and not on standardized audits and practice of indolent regulations, written a priori, or the biased advice of fear monger solutions sellers. RM offers ultimately support for operational decisions and protection (mitigation), provided that we want to define the level of acceptable risk reduction /mitigation and that we formulate measurable performance targets to achieve .