Aitor Couce-Vieira

Aitor Couce-Vieira
University of Vigo | UVIGO · Knowledge Organization Research Group

PhD

About

15
Publications
6,048
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
147
Citations

Publications

Publications (15)
Article
Full-text available
Critical infrastructures are increasingly reliant on information and communications technology (ICT) for more efficient operations, which, at the same time, exposes them to cyber threats. As the frequency and severity of cyberattacks are increasing, so are the costs of critical infrastructure security. Efficient allocation of resources is thus a cr...
Article
Full-text available
Cyberattacks constitute a major threat to most organizations. Beyond financial consequences, they may entail multiple impacts that need to be taken into account when making risk management decisions to allocate the required cybersecurity resources. Experts have traditionally focused on a technical perspective of the problem by considering impacts i...
Chapter
Full-text available
Book chapter on our H2020 cybersecurity project, CYBECO. Published in this book on European Research around cybersecurity: Cybersecurity and Privacy issues are becoming an important barrier for a trusted and dependable global digital society development. Cyber-criminals are continuously shifting their cyber-attacks specially against cyber-physical...
Article
Full-text available
Risk analysis is an essential methodology for cybersecurity as it allows organizations to deal with cyber threats potentially affecting them, prioritize the defense of their assets, and decide what security controls should be implemented. Many risk analysis methods are present in cybersecurity models, compliance frameworks, and international standa...
Article
Las ciber amenazas afectan a todo tipo de organizaciones, causando frecuentes y costosos impactos globalmente. Recientemente, han surgido productos de ciberseguro con el potencial de reducir el impacto de los riesgos en el ciberespacio. Sin embargo, aún tienen que madurar. En este artículo presentamos varios modelos de análisis de riesgos que podrí...
Preprint
Full-text available
Cyber threats affect all kinds of organisations. Risk analysis is an essential methodology for cybersecurity as it allows organisations to deal with the cyber threats potentially affecting them, prioritise the defence of their assets and decide what security controls should be implemented. Many risk analysis methods are present in cybersecurity mod...
Thesis
Full-text available
Digitalisation is pervasive in our society. In some realms, this has been ubiquitous for a long time, e.g. the information systems at companies and public administration. In other domains, digitalisation is emerging. A paradigmatic case during the last decade has been the digitalisation of industry. This increased automation and connectivity has e...
Article
Most existing risk analysis methods focus on analysing risks that a system might face throughout its life. However, there is no explicit method for risk analysis during incidents. Approaches such as bow-ties and attack trees provide reliable information about triggers and escalation of incidents, but do not cover risk evaluation. Risk matrices incl...
Conference Paper
This paper presents a characterisation of the oil and gas drilling supply chain in the context of cybersecurity incident handling. Coordination and collaboration between stakeholders are critical factors in incident handling. However, the number of organisations and stakeholders involved in drilling is high and, thus, it is relevant to understand b...
Article
Full-text available
Cyber attacks have evolved from being mostly harmless to sophisticated and devastating Advanced Persistent Threats (APT), such as the Stuxnet or Aurora attacks. APTs have the capabilities to stop business operations and cause physical damage to plants and equipment. This is a serious threat to Industrial Control Systems common in critical infrastru...
Article
Full-text available
Oil and gas drilling is based, increasingly, on operational technology, whose cybersecurity is complicated by several challenges. We propose a graphical model for cybersecurity risk assessment based on Adversarial Risk Analysis to face those challenges. We also provide an example of the model in the context of an offshore drilling rig. The proposed...

Network

Cited By