{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T16:22:53Z","timestamp":1775838173836,"version":"3.50.1"},"reference-count":55,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2024,6,9]],"date-time":"2024-06-09T00:00:00Z","timestamp":1717891200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JCP"],"abstract":"<jats:p>Emerging cyber threats\u2019 sophistication, impact, and complexity rapidly evolve, confronting organizations with demanding challenges. This severe escalation requires a deeper understanding of adversary dynamics to develop enhanced defensive strategies and capabilities. Cyber threat actors\u2019 advanced techniques necessitate a proactive approach to managing organizations\u2019 risks and safeguarding cyberspace. Cyber risk management is one of the most efficient measures to anticipate cyber threats. However, it often relies on organizations\u2019 contexts and overlooks adversaries, their motives, capabilities, and tactics. A new cyber risk management framework incorporating emergent information about the dynamic threat landscape is needed to overcome these limitations and bridge the knowledge gap between adversaries and security practitioners. Such information is the product of a cyber threat intelligence process that proactively delivers knowledge about cyber threats to inform decision-making and strengthen defenses. In this paper, we overview risk management and threat intelligence frameworks. Then, we highlight the necessity of integrating cyber threat intelligence and assessment in cyber risk management. After that, we propose a novel risk management framework with integrated threat intelligence on top of EBIOS Risk Manager. Finally, we apply the proposed framework in the scope of a national telecommunications organization.<\/jats:p>","DOI":"10.3390\/jcp4020018","type":"journal-article","created":{"date-parts":[[2024,6,10]],"date-time":"2024-06-10T10:45:56Z","timestamp":1718016356000},"page":"357-381","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["An Integrated Approach to Cyber Risk Management with Cyber Threat Intelligence Framework to Secure Critical Infrastructure"],"prefix":"10.3390","volume":"4","author":[{"given":"Habib","family":"El Amin","sequence":"first","affiliation":[{"name":"CIMTI, Faculty of Engineering, University of Saint Joseph, Beirut 1104, Lebanon"},{"name":"Centre de Recherche Scientifique en Ing\u00e9nierie (CRSI), Faculty of Engineering, Lebanese University, Hadath 1533, Lebanon"},{"name":"Potech Labs, P.O.TECH, Beirut 1107, Lebanon"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1137-621X","authenticated-orcid":false,"given":"Abed Ellatif","family":"Samhat","sequence":"additional","affiliation":[{"name":"Centre de Recherche Scientifique en Ing\u00e9nierie (CRSI), Faculty of Engineering, Lebanese University, Hadath 1533, Lebanon"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Maroun","family":"Chamoun","sequence":"additional","affiliation":[{"name":"CIMTI, Faculty of Engineering, University of Saint Joseph, Beirut 1104, Lebanon"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lina","family":"Oueidat","sequence":"additional","affiliation":[{"name":"Centre de Recherche Scientifique en Ing\u00e9nierie (CRSI), Faculty of Engineering, Lebanese University, Hadath 1533, Lebanon"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Antoine","family":"Feghali","sequence":"additional","affiliation":[{"name":"Potech Labs, P.O.TECH, Beirut 1107, Lebanon"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2024,6,9]]},"reference":[{"key":"ref_1","unstructured":"IBM (2024, May 31). Cost of a Data Breach Report 2023. Available online: https:\/\/www.ibm.com\/security\/digital-assets\/cost-data-breach-report\/."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"tyac016","DOI":"10.1093\/cybsec\/tyac016","article-title":"The nature of losses from cyber-related events: Risk categories and business sectors","volume":"9","author":"Shevchenko","year":"2023","journal-title":"J. Cybersecur."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"102122","DOI":"10.1016\/j.cose.2020.102122","article-title":"How can organizations develop situation awareness for incident response: A case study of management practice","volume":"101","author":"Ahmad","year":"2021","journal-title":"Comput. Secur."},{"key":"ref_4","unstructured":"Verizon (2024, May 31). 2024 Data Breach Investigations Report. Available online: https:\/\/enterprise.verizon.com\/resources\/reports\/dbir\/."},{"key":"ref_5","unstructured":"Gartner (2024, May 31). Forecast: Information Security and Risk Management, Worldwide, 2021\u20132027, 2Q23 Update. Available online: https:\/\/www.gartner.com\/en\/documents\/4488199."},{"key":"ref_6","first-page":"15","article-title":"Managing the financial impact of cybersecurity incidents","volume":"41","author":"Bederna","year":"2023","journal-title":"Secur. Def. Q."},{"key":"ref_7","first-page":"1","article-title":"Bridging the gap between cyber risk management and cyber threat intelligence","volume":"66","author":"Freeman","year":"2017","journal-title":"Comput. Secur."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Samtani, S., Abate, M., Benjamin, V., and Li, W. (2020). Cybersecurity as an industry: A cyber threat intelligence perspective. The Palgrave Handbook of International Cybercrime and Cyberdeviance, Spinger.","DOI":"10.1007\/978-3-319-78440-3_8"},{"key":"ref_9","first-page":"98","article-title":"Integrating Cybersecurity Risk Management into Strategic Management: A Comprehensive Literature Review","volume":"10","author":"Mizrak","year":"2023","journal-title":"Res. J. Bus. Manag."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1080\/0960085X.2022.2088414","article-title":"Adopting and integrating cyber-threat intelligence in a commercial organisation","volume":"32","author":"Kotsias","year":"2023","journal-title":"Eur. J. Inf. Syst."},{"key":"ref_11","first-page":"368","article-title":"Cybersecurity and Cyberwar: What Everyone Needs to Know","volume":"1","year":"2016","journal-title":"Cyberpolitik J."},{"key":"ref_12","unstructured":"Oltsik, J., and Poller, J. Automation and Analytics versus the Chaos of Cybersecurity Operations. ESG MCAFEE, 2017."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"1555","DOI":"10.1016\/j.procs.2023.01.447","article-title":"Methodology for Predictive Cyber Security Risk Assessment (PCSRA)","volume":"219","author":"Ferreira","year":"2023","journal-title":"Procedia Comput. Sci."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Cheimonidis, P., and Rantos, K. (2023). Dynamic Risk Assessment in Cybersecurity: A Systematic Literature Review. Future Internet, 15.","DOI":"10.3390\/fi15100324"},{"key":"ref_15","unstructured":"Giuca, O., Popescu, T.M., Popescu, A.M., Prostean, G., and Popescu, D.E. (2018). A Survey of Cybersecurity Risk Management Frameworks. Proceedings of the International Workshop Soft Computing Applications, Springer."},{"key":"ref_16","unstructured":"Ionita, D. (2013). Current Established Risk Assessment Methodologies and Tools. [Master\u2019s Thesis, University of Twente]."},{"key":"ref_17","unstructured":"Lambrinoudakis, C., Gritzalis, S., Xenakis, C., Katsikas, S., Karyda, M., Tsochou, A., Papadatos, K., Rantos, K., Pavlosoglou, Y., and Gasparinatos, S. (2022). Compendium of Risk Management Frameworks with Potential Interoperability: Supplement to the Interoperable EU Risk Management Framework Report."},{"key":"ref_18","unstructured":"(2018). Information Technology. Security Techniques. Information Security Risk Management (Standard No. ISO\/IEC 27005: 2018)."},{"key":"ref_19","unstructured":"Initiative, J.T.F.T. (2012). Guide for Conducting Risk Assessments, Technical Report NIST SP 800-30r1."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Caralli, R., Stevens, J., Young, L., and Wilson, W. (2007). Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process, Software Engineering Institute, Carnegie Mellon University. Technical Report CMU\/SEI-2007-TR-012.","DOI":"10.21236\/ADA470450"},{"key":"ref_21","unstructured":"Agence Nationale de la S\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Information (2019). La M\u00e9thode EBIOS Risk Manager\u2014Le Guide, Agence Nationale de la S\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Information. Technical Report ANSSI-PA-048-EN."},{"key":"ref_22","unstructured":"Mathey, F., Bonhomme, C., Rocha, J., Lombardi, J., and Joly, B. (2024, May 31). Risk Assessment Optimisation with MONARC. Available online: https:\/\/www.monarc.lu\/assets\/files\/publications\/2018-HACK.LU-CASES.pdf."},{"key":"ref_23","unstructured":"(2023, February 04). BSI-Standard 200-2: IT-Grundschutz-Methodology. Available online: https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/EN\/BSI\/Grundschutz\/International\/bsi-standard-2002_en_pdf.html."},{"key":"ref_24","unstructured":"(2024, May 31). European Commission Directorate-General for Communication. Security Standards Applying to All European Commission Information Systems: EU ITSRM, IT Security Risk Management Methodology V1.2. Available online: https:\/\/ec.europa.eu\/info\/publications\/security-standards-applying-all-european-commission-information-systems_en."},{"key":"ref_25","unstructured":"Information Security Forum (2024, May 31). Security Standards Applying to All European Commission, ISF, Information RISK Assessment Methodology 2 (IRAM2). Available online: https:\/\/www.securityforum.org\/solutions-and-insights\/information-risk-assessment-methodology-2-iram2\/."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Brunner, M., Sillaber, C., and Breu, R. (2017, January 25\u201329). Towards automation in information security management systems. Proceedings of the 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS), Prague, Czech Republic.","DOI":"10.1109\/QRS.2017.26"},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"101656","DOI":"10.1016\/j.cose.2019.101656","article-title":"LiSRA: Lightweight security risk assessment for decision support in information security","volume":"90","author":"Schmitz","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Akinrolabu, O., New, S., and Martin, A. (2019). CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers. Computers, 8.","DOI":"10.3390\/computers8030066"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Poletykin, A. (2018, January 9\u201316). Cyber security risk assessment method for SCADA of industrial control systems. Proceedings of the 2018 International Russian Automation Conference (RusAutoCon), Sochi, Russia.","DOI":"10.1109\/RUSAUTOCON.2018.8501811"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Lee, I. (2020). Internet of Things (IoT) cybersecurity: Literature review and IoT cyber risk management. Future Internet, 12.","DOI":"10.3390\/fi12090157"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Ma, S., Hao, W., Dai, H.N., Cheng, S., Yi, R., and Wang, T. (2018, January 12\u201315). A Blockchain-Based Risk and Information System Control Framework. Proceedings of the 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC\/PiCom\/DataCom\/CyberSciTech), Athens, Greece.","DOI":"10.1109\/DASC\/PiCom\/DataCom\/CyberSciTec.2018.00031"},{"key":"ref_32","first-page":"1231","article-title":"Blockchain-based multi-organizational cyber risk management framework for collaborative environments","volume":"23","author":"Oueidat","year":"2023","journal-title":"Int. J. Inf. Secur."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"101761","DOI":"10.1016\/j.cose.2020.101761","article-title":"A review and theoretical explanation of the \u2018Cyberthreat-Intelligence (CTI) capability\u2019 that needs to be fostered in information security practitioners and how this can be accomplished","volume":"92","author":"Shin","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_34","first-page":"80","article-title":"Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains","volume":"1","author":"Hutchins","year":"2011","journal-title":"Lead. Issues Inf. Warf. Secur. Res."},{"key":"ref_35","first-page":"1","article-title":"The diamond model of intrusion analysis","volume":"298","author":"Caltagirone","year":"2013","journal-title":"Threat Connect"},{"key":"ref_36","unstructured":"Bianco, D. (2024, May 31). The Pyramid of Pain. Available online: https:\/\/detect-respond.blogspot.com\/2013\/03\/the-pyramid-of-pain.html."},{"key":"ref_37","unstructured":"Strom, B.E., Applebaum, A., Miller, D.P., Nickels, K.C., Pennington, A.G., and Thomas, C.B. (2018). Mitre Att&ck: Design and Philosophy, The MITRE Corporation. Technical report."},{"key":"ref_38","unstructured":"Barnum, S. (2012). Standardizing Cyber Threat Intelligence Information with the Structured Threat Information Expression (Stix), MITRE Corporation."},{"key":"ref_39","unstructured":"Connolly, J., Davidson, M., and Schmidt, C. (2014). The Trusted Automated Exchange of Indicator Information (Taxii), The MITRE Corporation."},{"key":"ref_40","unstructured":"(2023, February 04). Filigran\u2014OpenCT\u2014Open Platform for Cyber Threat Intelligence. Available online: https:\/\/www.filigran.io\/en\/products\/opencti\/."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Wagner, C., Dulaunoy, A., Wagener, G., and Iklody, A. (2016, January 24). Misp: The design and implementation of a collaborative threat intelligence sharing platform. Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, Vienna, Austria.","DOI":"10.1145\/2994539.2994542"},{"key":"ref_42","unstructured":"Army, A. (2014). Land Warfare Doctrine LWD 2-0 intelligence."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"100","DOI":"10.30534\/ijatcse\/2019\/1981.12019","article-title":"A Hybrid Model for Information Security Risk Assessment","volume":"8","author":"Haji","year":"2019","journal-title":"Int. J. Adv. Trends Comput. Sci. Eng."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Ahmed, M., Panda, S., Xenakis, C., and Panaousis, E. (2022, January 23\u201326). MITRE ATT&CK-driven cyber risk assessment. Proceedings of the 17th International Conference on Availability, Reliability and Security, Vienna, Austria.","DOI":"10.1145\/3538969.3544420"},{"key":"ref_45","unstructured":"Lyvas, C., Maliatsos, K., Menegatos, A., Giannakopoulos, T., Lambrinoudakis, C., Kalloniatis, C., and Kanatas, A. (2022). A hybrid dynamic risk analysis methodology for cyber-physical systems. Proceedings of the European Symposium on Research in Computer Security, Springer."},{"key":"ref_46","unstructured":"Belfadel, A., Boyer, M., Letailleur, J., Petiot, Y., and Yaich, R. (2022). Towards a Security Impact Analysis Framework: A Risk-Based and MITRE Attack Approach. Proceedings of the European Symposium on Research in Computer Security, Springer."},{"key":"ref_47","first-page":"1478","article-title":"Cyber threat intelligence for improving cybersecurity and risk management in critical infrastructure","volume":"25","author":"Kure","year":"2019","journal-title":"J. Univers. Comput. Sci."},{"key":"ref_48","first-page":"5","article-title":"A novel approach to national-level cyber risk assessment based on vulnerability management and threat intelligence","volume":"2","author":"Janiszewski","year":"2019","journal-title":"J. Telecommun. Inf. Technol."},{"key":"ref_49","doi-asserted-by":"crossref","unstructured":"Dekker, M., and Alevizos, L. (2023). A Threat-Intelligence Driven Methodology to Incorporate Uncertainty in Cyber Risk Analysis and Enhance Decision Making. arXiv.","DOI":"10.1002\/spy2.333"},{"key":"ref_50","doi-asserted-by":"crossref","first-page":"75","DOI":"10.2307\/25148625","article-title":"Design science in information systems research","volume":"28","author":"Hevner","year":"2004","journal-title":"MIS Q."},{"key":"ref_51","first-page":"785","article-title":"Towards a conceptual cyber risk assessment framework for healthcare systems","volume":"121","author":"Alnajim","year":"2017","journal-title":"Procedia Comput. Sci."},{"key":"ref_52","doi-asserted-by":"crossref","first-page":"1153","DOI":"10.1109\/COMST.2015.2494502","article-title":"A survey of data mining and machine learning methods for cyber security intrusion detection","volume":"18","author":"Buczak","year":"2016","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_53","unstructured":"ANSSI (2019). EBIOS Risk Manager: Going Further, Version 1.0."},{"key":"ref_54","doi-asserted-by":"crossref","unstructured":"Abbass, W., Baina, A., and Bellafkih, M. (2015, January 14\u201316). Using EBIOS for risk management in critical information infrastructure. Proceedings of the 2015 5th World Congress on Information and Communication Technologies (WICT), Marrakech, Morocco.","DOI":"10.1109\/WICT.2015.7489654"},{"key":"ref_55","doi-asserted-by":"crossref","unstructured":"Zahra, B.F., and Abdelhamid, B. (2017, January 9\u201311). Risk analysis in Internet of Things using EBIOS. Proceedings of the 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA.","DOI":"10.1109\/CCWC.2017.7868444"}],"container-title":["Journal of Cybersecurity and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2624-800X\/4\/2\/18\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T14:56:15Z","timestamp":1760108175000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2624-800X\/4\/2\/18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,9]]},"references-count":55,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2024,6]]}},"alternative-id":["jcp4020018"],"URL":"https:\/\/doi.org\/10.3390\/jcp4020018","relation":{},"ISSN":["2624-800X"],"issn-type":[{"value":"2624-800X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,6,9]]}}}