Cyber Security Risk Mitigation Strategies for Digital Transformation Through Profiling Potential Attack Landscape
摘要
Digital transformation often involves venturing into new areas where cyber security risks such as zero-day attacks may prevail. Organizations must be prepared in advance to protect themselves against such unknown unknowns. Often, organizations employ techniques such as vulnerability scanning, penetration testing and/or source code reviewing to try to protect their information technology assets. Subsequently vulnerabilities with their cyber security frontier are discovered. However, safeguard implementation is often a pain point. Organizations often have limited resources and there are often too many vulnerabilities to be fixed. Through profiling cyber security risk assessment and audit findings, this paper proposes classifying potential vulnerabilities into practical areas where resources should be invested into the protection, and organizations should focus their efforts into the domain areas with higher frequencies of occurrences, or higher potential impacts. With limited resources for organizations, the strategies suggested in this paper often utilize resources readily available in the public domain and is thus suitable for small and large organizations alike. Through profiling potential attack landscape into different domain areas, the holistic approach protects organizations against would-be adversaries with minimal cost.