Cybersecurity exposure management

Authors

DOI:

https://doi.org/10.24215/15146774e071

Keywords:

exposure management, security risk management

Abstract

Exposure management in cybersecurity is a new area of study considered within Active Cyber Defense, focused on the application of the concept of exposure from organizational risk management. It extends the ideas and practices of vulnerability and threat management to give it a generalized and comprehensive approach, which allows interpreting the whole through the lens of risks. This paper analyzes the state of the art of the concepts and applications of exposure management in cybersecurity and presents an approach for its applicability in organizations. The proposed contribution is related to the lack of previous academic content on the subject, given its recent appearance.

Downloads

References

F. Pacheco, “Ciberdefensa Activa: modelo de trabajo para estrategias defensivas basadas en el error del adversario”.

V. Markkanen and T. Frantti, “Patch management planning - towards one-to-one policy,” in 2023 10th International Conference on Dependable Systems and Their Applications (DSA), Tokyo, Japan: IEEE, Aug. 2023, pp. 60–69. doi: 10.1109/DSA59317.2023.00018.

J. Nunez and A. Davies, “Hype Cycle for Security Operations,” Gartner Inc., G00787018, Jul. 2023.

V. Smyth, “Software vulnerability management: how intelligence helps reduce the risk,” Network Security, vol. 2017, no. 3, pp. 10–12, Mar. 2017, doi: 10.1016/S1353-4858(17)30027-2.

K. Rahi, M. Bourgault, and C. Preece, “Risk and vulnerability management, project agility and resilience: a comparative analysis,” IJISPM, vol. 9, no. 4, pp. 5–21, Jan. 2022, doi: 10.12821/ijispm090401.

S. Ainslie, D. Thompson, S. Maynard, and A. Ahmad, “Cyber-threat intelligence for security decision-making: A review and research agenda for practice,” Computers & Security, vol. 132, p. 103352, Sep. 2023, doi: 10.1016/j.cose.2023.103352.

P. Shoard, “Strategic Roadmap for Managing Threat Exposure 2024,” Gartner Inc., G00787028, Nov. 2023.

Dr. A. S. George, A.S.Hovan George, and Dr.T.Baskar, “Digitally Immune Systems: Building Robust Defences in the Age of Cyber Threats,” Aug. 2023, doi: 10.5281/ZENODO.8274514.

H. Koskenkorva, “The role of security patch management in vulnerability management”.

Risto Hookana, “SOCs as Enablers for Continuous Threat Exposure Management”, Mar. 2024

Downloads

Published

2025-04-01

Issue

Vol. 24 No. 1 (2025): Special Edition dedicated to the 53 JAIIO: ASAID - ASSE - CAIS - SACS - SIIIO

Section

Papers

License

Copyright (c) 2025 Federico Pacheco, Diego Staino

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Those authors who have publications with this journal, agree with the following terms:

a. Authors will retain its copyright and will ensure the rights of first publication of its work to the journal, which will be at the same time  subject to the Creative Commons Atribución-NoComercial-CompartirIgual 4.0 Internacional (CC BY-NC-SA 4.0) allowing third parties to share the work as long as the author and the first publication on this journal is indicated.

b. Authors may elect other non-exclusive license agreements of the distribution of the published work (for example: locate it on an institutional telematics file or  publish it on an monographic volume) as long as the first publication on this journal is indicated,

c. Authors are allowed and suggested to disseminate its work through the internet (for example: in institutional telematics files or in their website) before and during the submission process, which could produce interesting exchanges and increase the references of the published work. (see The effect of open Access)