From: Factors influencing network risk judgments: a conceptual inquiry and exploratory analysis
SD | Vignette | Median risk | Mean risk | Factor |
---|---|---|---|---|
Low SDs (High Agreement) | Â | |||
10.2 | 2 | 95.0 | 92.6 | The primary adversary has excellent offensive cyber skills equal to or better than 90 existing nation states. |
10.2 | 3 | 68.5 | 66.5 | The organization has 20 offices worldwide. |
10.3 | 1 | 50.0 | 50.7 | These adversarial organizations are not financially well funded. |
10.9 | 1 | 50.0 | 45.2 | Database is Linux based for large-scale processing and storage. |
11.6 | 1 | 56.0 | 58.0 | The recent legislation on the reformation of the national health care system. |
12.1 | 2 | 90.0 | 87.5 | The primary adversary is well funded. |
12.1 | 2 | 100.0 | 92.2 | Malicious activity has been noted on the network in the past six months since wartime operations intensified in this region. |
12.6 | 3 | 77.5 | 82.5 | Competitors have sophisticated well-funded espionage teams to steal competitive information. |
13.4 | 3 | 25.0 | 27.1 | The networks are fully manned with very little employee turnover. |
13.9 | 2 | 95.0 | 88.8 | The adversary was likely trained by the U.S. government in the past two years. |
13.9 | 3 | 56.0 | 61.3 | The software development firm has 13,000 employees. |
14.0 | 1 | 58.5 | 62.6 | Various adversarial organizations have growing concerns over the lack of medical record privacy because of the legislation. |
14.1 | 3 | 70.0 | 71.5 | Competition is fierce in the business intelligence domain. |
14.2 | 3 | 60.0 | 63.8 | The offices are located in North America, South America, Asia, Europe, and Australia. |
14.4 | 1 | 50.0 | 48.2 | Neither department has reported adversarial activity in the past that demonstrate a knowledge of the IT infrastructure. |
High SDs (Low Agreement) | Â | |||
20.9 | 2 | 30.0 | 34.6 | The IT staff man the network 24/7. |
20.9 | 3 | 36.5 | 38.1 | These employees are divided into small, highly specialized teams working on one aspect of the network e.g., LDAP server teams, router teams. |
21.4 | 1 | 50.0 | 45.4 | Records are transferred from one hospital to another manually. |
21.4 | 2 | 58.0 | 59.6 | The network has various UNIX systems. |
21.9 | 3 | 50.0 | 50.6 | No targeted attacks in the past few years. Only non-targeted email scams |
22.0 | 1 | 45.0 | 40.3 | Recordkeeping could convert back to paper. |
22.1 | 2 | 65.0 | 67.1 | The network is heterogeneous with Windows, UNIX, and proprietary military operating systems. |
22.3 | 2 | 42.0 | 41.6 | Full recovery is expected to occur quickly. |
22.5 | 1 | 77.5 | 75.9 | Release of patient care information damages the hospital’s reputation. |
22.7 | 3 | 43.0 | 45.2 | The company uses proprietary languages and tools that are very difficult to exploit. |
22.9 | 2 | 47.0 | 48.1 | The IT staff are supported by various stable vendor contractors. |
24.0 | 1 | 75.0 | 70.6 | Release of patient care information violates HIPAA regulations. |
24.1 | 2 | 77.0 | 69.9 | This involves a classified military network. |
24.2 | 1 | 66.0 | 64.9 | The back-end servers are unique and housed in a single data center on the hospital premises. |
24.4 | 2 | 35.0 | 41.9 | The systems running on the network use proprietary military operating systems. |