%0 Journal Article
	%A Kitty Kioskli and  Nineta Polemi
	%D 2020
	%J International Journal of Electrical and Computer Engineering
	%B World Academy of Science, Engineering and Technology
	%I Open Science Index 166, 2020
	%T A Socio-Technical Approach to Cyber-Risk Assessment
	%U https://publications.waset.org/pdf/10011507
	%V 166
	%X Evaluating the levels of cyber-security risks within an enterprise is most important in protecting its information system, services and all its digital assets against security incidents (e.g. accidents, malicious acts, massive cyber-attacks). The existing risk assessment methodologies (e.g. eBIOS, OCTAVE, CRAMM, NIST-800) adopt a technical approach considering as attack factors only the capability, intention and target of the attacker, and not paying attention to the attacker’s psychological profile and personality traits. In this paper, a socio-technical approach is proposed in cyber risk assessment, in order to achieve more realistic risk estimates by considering the personality traits of the attackers. In particular, based upon principles from investigative psychology and behavioural science, a multi-dimensional, extended, quantifiable model for an attacker’s profile is developed, which becomes an additional factor in the cyber risk level calculation.

	%P 305 - 309