DICYME: Dynamic Industrial Cyber Risk Modelling Based on Evidence.

Saved in:
Bibliographic Details
Title: DICYME: Dynamic Industrial Cyber Risk Modelling Based on Evidence.
Authors: García-Ochoa, Javier1 javier.garciaochoa@urjc.es, Rueda, Jaime1 jaime.rueda@urjc.es, Fernández, Rubén R.1 ruben.rodriguez@urjc.es, Fernández-Isabel, Alberto1 alberto.fernandez.isabel@urjc.es, de Diego, Isaac Martín1 isaac.martin@urjc.es, Cano, Emilio L.1 emilio.lopez@urjc.es, Ravines, Romy R.2 rr@denexus.io, Espinosa, Ovidio López2 ol@denexus.io, Sanvisens, Jaume Puigbó2 jp@denexus.io
Source: Computer Science & Information Systems. Jun2026, Vol. 23 Issue 3, p1001-1026. 26p.
Subjects: Internet security, Computer security vulnerabilities, Cyberterrorism, Intrusion detection systems (Computer security), Digital transformation
Abstract: The accelerated pace of digital transformation has significantly reshaped the cybersecurity domain, fostering an interconnected ecosystem in which cyber threats have expanded in both their complexity and scope. Traditional cybersecurity methods are increasingly inadequate for addressing the rapidly evolving threat landscape, emphasizing the critical need for intelligent, adaptive, and proactive defensive strategies. This study introduces Dynamic Industrial Cyber Risk Modelling Based on Evidence (DICYME), a comprehensive system that integrates diverse analytical techniques to identify patterns and characteristics that reveal emerging threat trends, enabling organizations to proactively defend against potential future attacks. Beyond threat detection, DICYME operates as a pipeline that retrieves data from diverse cyber incident reports, specialized databases, and other relevant sources of cyber-related information, applies specialized techniques for victim identification, indicator computation, threat actor profiling, Common Vulnerability and Exposure (CVE) relationship mapping, and ultimately performs the Cyber Risk Quantification (CRQ). This final stage represents the system’s most distinctive contribution, as it translates complex analytical outputs into actionable risk insights, empowering organizations to make informed strategic decisions in the face of evolving cyber threats. Alternatively, the system implements an automatic workflow that constructs new datasets of compromised entities, enabling these datasets to be used by all components of the system. Experiments on real cyber incident datasets demonstrate the system’s ability to automatically construct high-quality victim profiles and estimate annualized financial risk, offering a scalable and data-driven approach for proactive cybersecurity management. [ABSTRACT FROM AUTHOR]
Copyright of Computer Science & Information Systems is the property of ComSIS Consortium and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
FullText Links:
  – Type: pdflink
Text:
  Availability: 0
Header DbId: egs
DbLabel: Engineering Source
An: 195162953
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: DICYME: Dynamic Industrial Cyber Risk Modelling Based on Evidence.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22García-Ochoa%2C+Javier%22">García-Ochoa, Javier</searchLink><relatesTo>1</relatesTo><i> javier.garciaochoa@urjc.es</i><br /><searchLink fieldCode="AR" term="%22Rueda%2C+Jaime%22">Rueda, Jaime</searchLink><relatesTo>1</relatesTo><i> jaime.rueda@urjc.es</i><br /><searchLink fieldCode="AR" term="%22Fernández%2C+Rubén+R%2E%22">Fernández, Rubén R.</searchLink><relatesTo>1</relatesTo><i> ruben.rodriguez@urjc.es</i><br /><searchLink fieldCode="AR" term="%22Fernández-Isabel%2C+Alberto%22">Fernández-Isabel, Alberto</searchLink><relatesTo>1</relatesTo><i> alberto.fernandez.isabel@urjc.es</i><br /><searchLink fieldCode="AR" term="%22de+Diego%2C+Isaac+Martín%22">de Diego, Isaac Martín</searchLink><relatesTo>1</relatesTo><i> isaac.martin@urjc.es</i><br /><searchLink fieldCode="AR" term="%22Cano%2C+Emilio+L%2E%22">Cano, Emilio L.</searchLink><relatesTo>1</relatesTo><i> emilio.lopez@urjc.es</i><br /><searchLink fieldCode="AR" term="%22Ravines%2C+Romy+R%2E%22">Ravines, Romy R.</searchLink><relatesTo>2</relatesTo><i> rr@denexus.io</i><br /><searchLink fieldCode="AR" term="%22Espinosa%2C+Ovidio+López%22">Espinosa, Ovidio López</searchLink><relatesTo>2</relatesTo><i> ol@denexus.io</i><br /><searchLink fieldCode="AR" term="%22Sanvisens%2C+Jaume+Puigbó%22">Sanvisens, Jaume Puigbó</searchLink><relatesTo>2</relatesTo><i> jp@denexus.io</i>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22Computer+Science+%26+Information+Systems%22">Computer Science & Information Systems</searchLink>. Jun2026, Vol. 23 Issue 3, p1001-1026. 26p.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Internet+security%22">Internet security</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+security+vulnerabilities%22">Computer security vulnerabilities</searchLink><br /><searchLink fieldCode="DE" term="%22Cyberterrorism%22">Cyberterrorism</searchLink><br /><searchLink fieldCode="DE" term="%22Intrusion+detection+systems+%28Computer+security%29%22">Intrusion detection systems (Computer security)</searchLink><br /><searchLink fieldCode="DE" term="%22Digital+transformation%22">Digital transformation</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: The accelerated pace of digital transformation has significantly reshaped the cybersecurity domain, fostering an interconnected ecosystem in which cyber threats have expanded in both their complexity and scope. Traditional cybersecurity methods are increasingly inadequate for addressing the rapidly evolving threat landscape, emphasizing the critical need for intelligent, adaptive, and proactive defensive strategies. This study introduces Dynamic Industrial Cyber Risk Modelling Based on Evidence (DICYME), a comprehensive system that integrates diverse analytical techniques to identify patterns and characteristics that reveal emerging threat trends, enabling organizations to proactively defend against potential future attacks. Beyond threat detection, DICYME operates as a pipeline that retrieves data from diverse cyber incident reports, specialized databases, and other relevant sources of cyber-related information, applies specialized techniques for victim identification, indicator computation, threat actor profiling, Common Vulnerability and Exposure (CVE) relationship mapping, and ultimately performs the Cyber Risk Quantification (CRQ). This final stage represents the system’s most distinctive contribution, as it translates complex analytical outputs into actionable risk insights, empowering organizations to make informed strategic decisions in the face of evolving cyber threats. Alternatively, the system implements an automatic workflow that constructs new datasets of compromised entities, enabling these datasets to be used by all components of the system. Experiments on real cyber incident datasets demonstrate the system’s ability to automatically construct high-quality victim profiles and estimate annualized financial risk, offering a scalable and data-driven approach for proactive cybersecurity management. [ABSTRACT FROM AUTHOR]
– Name: AbstractSuppliedCopyright
  Label:
  Group: Ab
  Data: <i>Copyright of Computer Science & Information Systems is the property of ComSIS Consortium and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=195162953
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.2298/CSIS251030027G
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 26
        StartPage: 1001
    Subjects:
      – SubjectFull: Internet security
        Type: general
      – SubjectFull: Computer security vulnerabilities
        Type: general
      – SubjectFull: Cyberterrorism
        Type: general
      – SubjectFull: Intrusion detection systems (Computer security)
        Type: general
      – SubjectFull: Digital transformation
        Type: general
    Titles:
      – TitleFull: DICYME: Dynamic Industrial Cyber Risk Modelling Based on Evidence.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: García-Ochoa, Javier
      – PersonEntity:
          Name:
            NameFull: Rueda, Jaime
      – PersonEntity:
          Name:
            NameFull: Fernández, Rubén R.
      – PersonEntity:
          Name:
            NameFull: Fernández-Isabel, Alberto
      – PersonEntity:
          Name:
            NameFull: de Diego, Isaac Martín
      – PersonEntity:
          Name:
            NameFull: Cano, Emilio L.
      – PersonEntity:
          Name:
            NameFull: Ravines, Romy R.
      – PersonEntity:
          Name:
            NameFull: Espinosa, Ovidio López
      – PersonEntity:
          Name:
            NameFull: Sanvisens, Jaume Puigbó
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 06
              Text: Jun2026
              Type: published
              Y: 2026
          Identifiers:
            – Type: issn-print
              Value: 18200214
          Numbering:
            – Type: volume
              Value: 23
            – Type: issue
              Value: 3
          Titles:
            – TitleFull: Computer Science & Information Systems
              Type: main
ResultId 1