Annemiek's weblog

After another hunt on the internet I found the following:

The U.S. Cyber Consequence Unit (USCCU). This non-profit organization provides information for all kind of organizations whether it be companies, individuals or nations regarding cyber security. According to the website:

“… [It] provides assessments of the strategic and economic consequences of possible cyber-attacks and cyber-assisted physical attacks. It also investigates the likelihood of such attacks and examines the cost-effectiveness of possible counter-measures”

=>Strategic and economic consequences of cyber attacks is one way to look at the effects such an attack can have. Of course there are other issues at stake, however, these two can be used for justification when one wants to convince (or not) others on what kind of policy to implement regarding Cyber security.
=> Furthermore, the numbers provided on cost-effectiveness of possible counter-measures is of interest as well. Too bad I was not able to find any reports or numbers on their website (only general info on the USCCU was found).

After a further search on their website, the USCCU check-list was found. It divides the vulnerabilities into 6 areas and subdivides these into smaller areas. The six are

1) Hardware Vulnerabilities, 2) Software Access Vulnerabilities, 3) Network Vulnerabilities, 4) Automation Vulnerabilities, 5) Human Operator Vulnerabilities, 6) Software Supply Vulnerabilities.

The document itself is rather comprehensive as approx. 28 pages are filled with questions relating to cyber security.

It is a good start. Do one might wonder whether a plain individual or an organization not aware of risks are going to sift through all these pages and questions to secure oneself better.