DICYME: Dynamic Industrial Cyber Risk Modelling Based on Evidence.
Saved in:
| Title: | DICYME: Dynamic Industrial Cyber Risk Modelling Based on Evidence. |
|---|---|
| Authors: | García-Ochoa, Javier1 javier.garciaochoa@urjc.es, Rueda, Jaime1 jaime.rueda@urjc.es, Fernández, Rubén R.1 ruben.rodriguez@urjc.es, Fernández-Isabel, Alberto1 alberto.fernandez.isabel@urjc.es, de Diego, Isaac Martín1 isaac.martin@urjc.es, Cano, Emilio L.1 emilio.lopez@urjc.es, Ravines, Romy R.2 rr@denexus.io, Espinosa, Ovidio López2 ol@denexus.io, Sanvisens, Jaume Puigbó2 jp@denexus.io |
| Source: | Computer Science & Information Systems. Jun2026, Vol. 23 Issue 3, p1001-1026. 26p. |
| Subjects: | Internet security, Computer security vulnerabilities, Cyberterrorism, Intrusion detection systems (Computer security), Digital transformation |
| Abstract: | The accelerated pace of digital transformation has significantly reshaped the cybersecurity domain, fostering an interconnected ecosystem in which cyber threats have expanded in both their complexity and scope. Traditional cybersecurity methods are increasingly inadequate for addressing the rapidly evolving threat landscape, emphasizing the critical need for intelligent, adaptive, and proactive defensive strategies. This study introduces Dynamic Industrial Cyber Risk Modelling Based on Evidence (DICYME), a comprehensive system that integrates diverse analytical techniques to identify patterns and characteristics that reveal emerging threat trends, enabling organizations to proactively defend against potential future attacks. Beyond threat detection, DICYME operates as a pipeline that retrieves data from diverse cyber incident reports, specialized databases, and other relevant sources of cyber-related information, applies specialized techniques for victim identification, indicator computation, threat actor profiling, Common Vulnerability and Exposure (CVE) relationship mapping, and ultimately performs the Cyber Risk Quantification (CRQ). This final stage represents the system’s most distinctive contribution, as it translates complex analytical outputs into actionable risk insights, empowering organizations to make informed strategic decisions in the face of evolving cyber threats. Alternatively, the system implements an automatic workflow that constructs new datasets of compromised entities, enabling these datasets to be used by all components of the system. Experiments on real cyber incident datasets demonstrate the system’s ability to automatically construct high-quality victim profiles and estimate annualized financial risk, offering a scalable and data-driven approach for proactive cybersecurity management. [ABSTRACT FROM AUTHOR] |
| Copyright of Computer Science & Information Systems is the property of ComSIS Consortium and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Database: | Engineering Source |
| FullText | Links: – Type: pdflink Text: Availability: 0 |
|---|---|
| Header | DbId: egs DbLabel: Engineering Source An: 195162953 AccessLevel: 6 PubType: Academic Journal PubTypeId: academicJournal PreciseRelevancyScore: 0 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: DICYME: Dynamic Industrial Cyber Risk Modelling Based on Evidence. – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22García-Ochoa%2C+Javier%22">García-Ochoa, Javier</searchLink><relatesTo>1</relatesTo><i> javier.garciaochoa@urjc.es</i><br /><searchLink fieldCode="AR" term="%22Rueda%2C+Jaime%22">Rueda, Jaime</searchLink><relatesTo>1</relatesTo><i> jaime.rueda@urjc.es</i><br /><searchLink fieldCode="AR" term="%22Fernández%2C+Rubén+R%2E%22">Fernández, Rubén R.</searchLink><relatesTo>1</relatesTo><i> ruben.rodriguez@urjc.es</i><br /><searchLink fieldCode="AR" term="%22Fernández-Isabel%2C+Alberto%22">Fernández-Isabel, Alberto</searchLink><relatesTo>1</relatesTo><i> alberto.fernandez.isabel@urjc.es</i><br /><searchLink fieldCode="AR" term="%22de+Diego%2C+Isaac+Martín%22">de Diego, Isaac Martín</searchLink><relatesTo>1</relatesTo><i> isaac.martin@urjc.es</i><br /><searchLink fieldCode="AR" term="%22Cano%2C+Emilio+L%2E%22">Cano, Emilio L.</searchLink><relatesTo>1</relatesTo><i> emilio.lopez@urjc.es</i><br /><searchLink fieldCode="AR" term="%22Ravines%2C+Romy+R%2E%22">Ravines, Romy R.</searchLink><relatesTo>2</relatesTo><i> rr@denexus.io</i><br /><searchLink fieldCode="AR" term="%22Espinosa%2C+Ovidio+López%22">Espinosa, Ovidio López</searchLink><relatesTo>2</relatesTo><i> ol@denexus.io</i><br /><searchLink fieldCode="AR" term="%22Sanvisens%2C+Jaume+Puigbó%22">Sanvisens, Jaume Puigbó</searchLink><relatesTo>2</relatesTo><i> jp@denexus.io</i> – Name: TitleSource Label: Source Group: Src Data: <searchLink fieldCode="JN" term="%22Computer+Science+%26+Information+Systems%22">Computer Science & Information Systems</searchLink>. Jun2026, Vol. 23 Issue 3, p1001-1026. 26p. – Name: Subject Label: Subjects Group: Su Data: <searchLink fieldCode="DE" term="%22Internet+security%22">Internet security</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+security+vulnerabilities%22">Computer security vulnerabilities</searchLink><br /><searchLink fieldCode="DE" term="%22Cyberterrorism%22">Cyberterrorism</searchLink><br /><searchLink fieldCode="DE" term="%22Intrusion+detection+systems+%28Computer+security%29%22">Intrusion detection systems (Computer security)</searchLink><br /><searchLink fieldCode="DE" term="%22Digital+transformation%22">Digital transformation</searchLink> – Name: Abstract Label: Abstract Group: Ab Data: The accelerated pace of digital transformation has significantly reshaped the cybersecurity domain, fostering an interconnected ecosystem in which cyber threats have expanded in both their complexity and scope. Traditional cybersecurity methods are increasingly inadequate for addressing the rapidly evolving threat landscape, emphasizing the critical need for intelligent, adaptive, and proactive defensive strategies. This study introduces Dynamic Industrial Cyber Risk Modelling Based on Evidence (DICYME), a comprehensive system that integrates diverse analytical techniques to identify patterns and characteristics that reveal emerging threat trends, enabling organizations to proactively defend against potential future attacks. Beyond threat detection, DICYME operates as a pipeline that retrieves data from diverse cyber incident reports, specialized databases, and other relevant sources of cyber-related information, applies specialized techniques for victim identification, indicator computation, threat actor profiling, Common Vulnerability and Exposure (CVE) relationship mapping, and ultimately performs the Cyber Risk Quantification (CRQ). This final stage represents the system’s most distinctive contribution, as it translates complex analytical outputs into actionable risk insights, empowering organizations to make informed strategic decisions in the face of evolving cyber threats. Alternatively, the system implements an automatic workflow that constructs new datasets of compromised entities, enabling these datasets to be used by all components of the system. Experiments on real cyber incident datasets demonstrate the system’s ability to automatically construct high-quality victim profiles and estimate annualized financial risk, offering a scalable and data-driven approach for proactive cybersecurity management. [ABSTRACT FROM AUTHOR] – Name: AbstractSuppliedCopyright Label: Group: Ab Data: <i>Copyright of Computer Science & Information Systems is the property of ComSIS Consortium and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.) |
| PLink | https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=195162953 |
| RecordInfo | BibRecord: BibEntity: Identifiers: – Type: doi Value: 10.2298/CSIS251030027G Languages: – Code: eng Text: English PhysicalDescription: Pagination: PageCount: 26 StartPage: 1001 Subjects: – SubjectFull: Internet security Type: general – SubjectFull: Computer security vulnerabilities Type: general – SubjectFull: Cyberterrorism Type: general – SubjectFull: Intrusion detection systems (Computer security) Type: general – SubjectFull: Digital transformation Type: general Titles: – TitleFull: DICYME: Dynamic Industrial Cyber Risk Modelling Based on Evidence. Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: García-Ochoa, Javier – PersonEntity: Name: NameFull: Rueda, Jaime – PersonEntity: Name: NameFull: Fernández, Rubén R. – PersonEntity: Name: NameFull: Fernández-Isabel, Alberto – PersonEntity: Name: NameFull: de Diego, Isaac Martín – PersonEntity: Name: NameFull: Cano, Emilio L. – PersonEntity: Name: NameFull: Ravines, Romy R. – PersonEntity: Name: NameFull: Espinosa, Ovidio López – PersonEntity: Name: NameFull: Sanvisens, Jaume Puigbó IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 06 Text: Jun2026 Type: published Y: 2026 Identifiers: – Type: issn-print Value: 18200214 Numbering: – Type: volume Value: 23 – Type: issue Value: 3 Titles: – TitleFull: Computer Science & Information Systems Type: main |
| ResultId | 1 |