Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems: cyber risk at the edge

Radanliev, Petar, De Roure, David, Van Kleek, Max, Ani, Uchenna, Burnap, Pete ORCID:, Anthi, Eirini, Nurse, Jason R. C., Santos, Omar, Mantilla Montalvo, Rafael and Maddox, La’Treall 2021. Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems: cyber risk at the edge. Environment Systems and Decisions 41 , pp. 236-247. 10.1007/s10669-020-09792-x

[thumbnail of Radanliev2020_Article_DynamicReal-timeRiskAnalyticsO.pdf]
PDF - Published Version
Available under License Creative Commons Attribution.

Download (1MB) | Preview


The Internet of Things (IoT) triggers new types of cyber risks. Therefore, the integration of new IoT devices and services requires a self-assessment of IoT cyber security posture. By security posture this article refers to the cybersecurity strength of an organisation to predict, prevent and respond to cyberthreats. At present, there is a gap in the state of the art, because there are no self-assessment methods for quantifying IoT cyber risk posture. To address this gap, an empirical analysis is performed of 12 cyber risk assessment approaches. The results and the main findings from the analysis is presented as the current and a target risk state for IoT systems, followed by conclusions and recommendations on a transformation roadmap, describing how IoT systems can achieve the target state with a new goal-oriented dependency model. By target state, we refer to the cyber security target that matches the generic security requirements of an organisation. The research paper studies and adapts four alternatives for IoT risk assessment and identifies the goal-oriented dependency modelling as a dominant approach among the risk assessment models studied. The new goal-oriented dependency model in this article enables the assessment of uncontrollable risk states in complex IoT systems and can be used for a quantitative self-assessment of IoT cyber risk posture.

Item Type: Article
Date Type: Publication
Status: Published
Schools: Computer Science & Informatics
Additional Information: This article is licensed under a Creative Commons Attribution 4.0 International License
Publisher: Springer Verlag (Germany)
ISSN: 2194-5403
Date of First Compliant Deposit: 26 January 2022
Date of Acceptance: 10 November 2020
Last Modified: 04 May 2023 07:26

Citation Data

Cited 3 times in Scopus. View in Scopus. Powered By Scopus® Data

Actions (repository staff only)

Edit Item Edit Item


Downloads per month over past year

View more statistics