Fall 2020, No. 2, vol. 2 / Romanian Cyber Security Journal
Factors for a Decision Support System in Critical Infrastructure Cyber Risk Management
Aurelian BUZDUGAN, Gheorghe CĂPĂȚÂNĂ
Cyber risk management is heavily reliant on the processing of a large volume of risk data and a complex process of analyzing, prioritizing and decision-making. The interconnection, interdependence and digitalization of critical infrastructure considerably increase the amount of data that needs to be assessed when managing risks. Specialized knowledge in cyber security is required in order to efficiently assess the risks posed by an IT system on an entity. The amount of data required to be processed in the decision-making process goes beyond the human limits and computer systems should be used to support this process. In this paper we evaluate how cyber security fits into risk management approaches for critical infrastructure. We explore particular factors of cyber risk management in this area, as well as the challenges these create for operators and decision makers. One of the key areas we evaluate is whether the existing risk management process adequately tackles the cyber risks. We identify the areas where further developments are required as well as propose criteria for a decision support system that we believe will improve the cyber risk management in critical infrastructure protection.
cyber security, risk management, critical infrastructure, decision support systems