Litcius/Paper detail

Countermeasures and their taxonomies for risk treatment in cybersecurity: A systematic mapping review

Isaac D. Sánchez-García, Tomás San Feliú, Jose A. Calvo‐Manzano

2023Computers & Security16 citationsDOIOpen Access PDF

Abstract

Cybersecurity continues to be one of the principal issues in the computing environment. Organizations and researchers have made various efforts to mitigate the risks of cyberspace. The treatment of cyber risk is a fundamental stage in risk management. In the risk treatment stage, countermeasures are carried out to reduce the probability of risk materialization. This article presents a systematic mapping review of the principal catalogues/taxonomies of countermeasures applied in cybersecurity, involving studies between 2010 and 2021. Seventy-four (74) studies were assessed, and 25 studies were selected for further analysis. We identified 26 catalogues/taxonomies used to address cybersecurity-related risks. After analyzing these 26 catalogues/taxonomies, we identified: (1) the related trends, (2) the type of risks and sectors that these catalogues/taxonomies focus on, (3) the complexity of these taxonomies, and (4) what mentions they make about residual risk. We have identified that institutional taxonomies, which were not created for cybersecurity risks, are fitted for this purpose. The predominant risks in these taxonomies are those related to awareness and cyber-attacks. We note that the complexity of the catalogues/taxonomies is defined by the number of taxa and the number of countermeasures. Another relevant result is the lack of complexity in non-institutional catalogues/taxonomies. Finally, we have identified a lack of relevant information on residual risk in the studies.

Topics & Concepts

Computer scienceComputer securityInformation and Cyber SecurityAdvanced Malware Detection TechniquesNetwork Security and Intrusion Detection
Countermeasures and their taxonomies for risk treatment in cybersecurity: A systematic mapping review | Litcius