View article

Protection against cyber threats requires a holistic approach that should cover technology, business and human aspects of the problem domain. Impact assessment, which highly involves the harmonization of technological findings with the business requirements, is a critical analysis task that commonly exists in risk, incident, event, or vulnerability management activities. This paper presents a systematic literature review of the studies which propose a framework for the impact assessment of cyber actions on missions or business processes. The representation of the social-technical environment and the impact propagation between different layers are the focal points of this study. Based on the relevant findings, we introduce a discussion about the research gaps that exist in the literature.