Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.4.873

FAIR-Based BIA for Ransomware Attacks in Financial Industry  

Yoon, Hyun-sik (Korea University)
Song, Kyung-hwan (Korea University)
Lee, Kyung-Ho (Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.4, 2017 , pp. 873-883 More about this Journal
Abstract
As Ransomware spreads, the target of the attack shifted from a single personal to organizations which lead attackers to be more intelligent and systematic. Thus, Ransomware's threats to domestic infrastructure, including the financial industry, have grown to a level that cannot be ignored. As a measure against these security issues, organizations use ISMS, which is an information protection management system. However, it is difficult for management to make decisions on the loss done by the security issues since amount of the damage done can not be calculated with just ISMS. In this paper, through FAIR-based loss measurement model based on scenario's to identify the extent of damage and calculate the reasonable damages which has been considered to be the problem of the ISMS, we identified losses and risks of Ransomeware on the financial industry and method to reduce the loss by applying the current ISMS and ISO 27001 control items rather than modifying the ISMS.
Keywords
Ransomware; ISMS; FAIR; Financial industry; Risk management;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Naver encyclopedia of knowledg, . http://terms.naver.com/entry.nhn?docId=932418&cid=43667&categoryId=43667
2 Kangyu Cho, Sangshik Min, Jaemo Seung, "Measures to promote countermeasures against electronic financial security threats," KIISC, 23(6), pp. 49-53, Dec. 2013
3 Naver encyclopedia of knowledg, . http://terms.naver.com/entry.nhn?docId=3432095&cid=58437&categoryId=58437
4 The Open Group, "Technical Guide FAIR - ISO/IEC 27005 Cookbook," Thames Tower 37-45 Station Road Reading Berkshire, RG1 1LX United Kingdom, pp. 1-52, Oct. 2010
5 Jack Jones, "An Introduction to Factor Analysis of Information Risk (FAIR), Risk Management Insight", pp. 1-59, 2005
6 Jang Ho, Yun, "FAIR-Based Loss Measurement Model for Enterprise Personal Information Breach," Advances in Computer Science and Ubiquitous Computing, Springer Singapore, pp. 825-833, Feb. 2015
7 Jeong-Gyu Kim., Kyung-Ho Lee, "FAIR-Based Loss Measurement Caused by Personal Information Breach of a Company," KIISC, 27(1), pp 129-145, February 2017
8 Le A., Chen Y., Chai K.K., Vasenev A., Montoya L. "Assessing Loss Event Frequencies of Smart Grid Cyber Threats: Encoding Flexibility into FAIR Using Bayesian Network Approach," LNICST vol 175, 2017
9 Kim Mihee, "Major Security Vulnerabilities and Security Accident Trends in 2016," Igloo Security, http://www.igloosec.co.kr/, Jan. 2017
10 J. Freund; J. Jones, "Measuring and Managing Information Risk: A FAIR Approach," book, pp. 17-201, 2015
11 Gilbert Alaberdian, "Hacker Society", Neo Corporation, Aug. 2000
12 "What is Capability Maturity Model (CMM)? What are CMM Levels?",ISTQB EXAM CERTIFICATION
13 kisong Lee, "Recent Trends and Prospects of Information Security in Domestic and Foreign Financial Sectors "", KB Financial Group, Mar. 2015