28,732 Hits in 8.5 sec

A Tree Model for Identification of Threats as the First Stage of Risk Assessment in HIS

Ahmad Bakhtiyari Shahri, Zuraini Ismail
2012 Journal of Information Security  
This work-in-progress study will proceed to the next stage of ranking the security threats for assessing risk in HIS.  ...  Identifying the threats to IS may lead to an effective method for measuring security as the initial stage for risk management.  ...  Acknowledgements This study was funded by the Research University Grant (RUG) from Universiti Teknologi Malaysia (UTM) and Ministry of Higher Education (MOHE) Malaysia with project number Q.K 130000.2138.01H98  ... 
doi:10.4236/jis.2012.32020 fatcat:6hgvoartefgt3ow7lo6fesroeu

Towards a Privacy Risk Assessment Methodology for Location-Based Systems [chapter]

Jesús Friginal, Jérémie Guiochet, Marc-Olivier Killijian
2014 Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering  
This paper presents the first steps towards a privacy risk assessment methodology to (i) identify (ii) analyse, and (iii) evaluate the potential privacy issues affecting mobiquitous systems.  ...  The design and deployment of Privacy-Enhancing Technologies (PETs) for LBS has been widely addressed in the last years.  ...  Acknowledgements This work is partially supported by the ANR French project AMORES (ANR-11-INSE-010) and the Intel Doctoral Student Honour Programme 2012.  ... 
doi:10.1007/978-3-319-11569-6_65 fatcat:7gcajko7araxxpik5mkv4rupba

A Risk Assessment Framework to Reduce Risk Level and Optimize Software Quality

Sanjeev Puri
2015 SAMRIDDHI A Journal of Physical Sciences Engineering and Technology  
The paper a risk assessment framework for a precise, unambiguous and efficient risk analysis with qualitative risk analysis methodologies and tree based techniques by exploiting the synthesis of risk analysis  ...  It is necessary to have some well-founded infrastructure for the identification of software security risks as well as the application of appropriate controls to manage risks.  ...  Methodologies such as threat/vulnerability identification, software testing and assessment, software reliability and the traditional risk assessment approaches that are used to allow risk to drive the  ... 
doi:10.18090/samriddhi.v1i1.1576 fatcat:ltbiennv5neyzj7aen7m5wju3y

Security Modeling for Web Based Visitor's Login System for Pursuance of Security Design Pattern

These activities consist of security requirements identification and threats analysis which are to be converted into design decisions to lessen the risks to identified important assets.  ...  Every system should be built by taking security as a main priority while building a system so as to make it reliable, safety and also it should be enhanced with other quality parameters.  ...  SECURITY MODELING FOR INCORPORATING THE SECURITY IN SDLC There are mainly four key stages for the embedding of the security in software development life cycle as follows.  ... 
doi:10.35940/ijitee.a4580.119119 fatcat:hedmlkcvlnf3xcosnihyirsw44

Threat Analysis and Risk Assessment for Connected Vehicles: A Survey

Feng Luo, Yifan Jiang, Zhaojing Zhang, Yi Ren, Shuo Hou, George Drosatos
2021 Security and Communication Networks  
This paper gives an overview of threat analysis and risk assessment in the automotive field. First, a novel classification of different TARA methods has been proposed.  ...  Threat analysis and risk assessment (TARA) is an efficient method to ensure the defense effect and greatly save costs in the early stage of vehicle development.  ...  Acknowledgments is work was financially supported by prospective study funding of Nanchang Automotive Innovation Institute, Tongji University (No. TPD-TC202010-13).  ... 
doi:10.1155/2021/1263820 fatcat:tai37rizlnhrbehomdi5oe3ofa

A review of cyber security risk assessment methods for SCADA systems

Yulia Cherdantseva, Pete Burnap, Andrew Blyth, Peter Eden, Kevin Jones, Hugh Soulsby, Kristan Stoddart
2016 Computers & security  
We select and in-detail examine twenty-four risk assessment methods developed for or applied in the context of a SCADA system.  ...  Based on the analysis, we suggest an intuitive scheme for the categorisation of cyber security risk assessment methods for SCADA systems.  ...  Acknowledgements This work is funded by the Airbus Group Endeavr Wales scheme under the SCADA Cyber Security Lifecycle (SCADA-CSL) programme.  ... 
doi:10.1016/j.cose.2015.09.009 fatcat:cf232dewkvcndl5ctydyuywhgq

Quantitative Security Risk Assessment for Industrial Control Systems: Research Opportunities and Challenges

Matthias Eckhart, Bernhard Brenner, Andreas Ekelhart, Edgar R. Weippl
2019 Journal of Internet Services and Information Security  
We report that the current state of quantitatively assessing cyber risks for ICSs is characterized by the absence of adequate (dynamic) security risk assessment methods tailored to the peculiarities of  ...  Risk assessment is an integral part of the risk management process in which risks are identified, analyzed, and evaluated.  ...  Acknowledgments The COMET center SBA Research (SBA-K1) is funded within the framework of COMET -Competence Centers for Excellent Technologies by BMVIT, BMDW, and the federal state of Vienna, managed by  ... 
doi:10.22667/jisis.2019.08.31.052 dblp:journals/jisis/EckhartBEW19 fatcat:ygosiipn5jc2rbkkvq5aopwulm

Attack Tree Design and Analysis of Offshore Oil and Gas Process Complex SCADA System

M. V., P. S.
2019 International Journal of Computer Applications  
Attack Trees are very important in the effort to secure Industrial Process Control Systems ( I C S ) , because they aid directly in indicating the presence of vulnerabilities in network and how attackers  ...  In this paper it will be illustrated for designing attack tree in Offshore Oil and Gas Process Complex SCADA System to identify various vulnerabilities.  ...  Meadows in his paper proposed using a graph representation to model stages of attacks on cryptographic protocols [3] .  ... 
doi:10.5120/ijca2019918440 fatcat:r5py7zdyzbe7zokfhtpldusvs4

Comparative Analysis of Threat Modeling Methods for Cloud Computing towards Healthcare Security Practice

Prosper K. Yeng, Stephen D., Bian Yang
2020 International Journal of Advanced Computer Science and Applications  
Amid many threat modelling methods, which of them is suitable for identifying cloud related threats towards the adoption of cloud computing for healthcare?  ...  Essentially, privacy related threat modeling methods such as LINDDUN framework, need to be included in these synergy of cloud related threat modelling methods towards enhancing security and privacy for  ...  In the future a development of a hybrid threat modelling framework for cloud computing in healthcare need to be considered alongside with risk identification and mitigation, and assessing the method for  ... 
doi:10.14569/ijacsa.2020.0111194 fatcat:fcp7ndid4ba3hpe7jvmzfga6a4

Towards Information Security Metrics Framework for Cloud Computing

Muhammad Imran Tariq
2012 International Journal of Cloud Computing and Services Science (IJ-CLOSER)  
The aim of this paper is to discuss security issues of cloud computing, and propose basic building blocks of information security metrics framework for cloud computing.  ...  This framework helps cloud users to create information security metrics, analyze cloud threats, processing on cloud threats to mitigate them and threat assessment.  ...  Similarly Amenaza IT Threat Tree Modeling System [35] was developed to model threats in hierarchy trees. It calculates risk of the threat and impact of the threat to get risk value.  ... 
doi:10.11591/closer.v1i4.1442 fatcat:v4kykgds7zbhnfevpnvwet6wni

Automating Risk Analysis of Software Design Models

Maxime Frydman, Guifré Ruiz, Elisa Heymann, Eduardo César, Barton P. Miller
2014 The Scientific World Journal  
These are the components of our model for automated threat modeling, AutSEC.  ...  This paper describes an approach to reduce the need for costly human expertise to perform risk analysis in software, which is common in secure development methodologies, by automating threat modeling.  ...  available the vulnerability data regarding VOMS that allowed the validation of our model.  ... 
doi:10.1155/2014/805856 pmid:25136688 pmcid:PMC4090456 fatcat:jvpyti257fd55mum6yiksvnqi4

Risk management-based security evaluation model for telemedicine systems

Dong-won Kim, Jin-young Choi, Keun-hee Han
2020 BMC Medical Informatics and Decision Making  
However, with the convergence of these diverse technologies, various risks and security threats have emerged.  ...  To protect patients and improve telemedicine quality for patient safety, it is necessary to analyze these risks and security threats comprehensively and institute appropriate countermeasures.  ...  This paper provides a method of attack tree modeling and analysis for cyber risk management.  ... 
doi:10.1186/s12911-020-01145-7 pmid:32522216 pmcid:PMC7286211 fatcat:kejyg2ybjnaa3koxciboe3igry

Telecommunications Networks Risk Assessment with Bayesian Networks [chapter]

Marcin Szpyrka, Bartosz Jasiul, Konrad Wrona, Filip Dziedzic
2013 Lecture Notes in Computer Science  
We propose a solution which provides a system operator with valuation of security risk introduced by various components of the communication and information system.  ...  This risk signature of the system enables the operator to make an informed decision about which network elements shall be used in order to provide a service requested by the user while minimising security  ...  Acknowledgements Work has been partially financed by the European Regional Development Fund the Innovative Economy Operational Programme, INSIGMA project no. 01.01.02-00-062/09.  ... 
doi:10.1007/978-3-642-40925-7_26 fatcat:5uxswgogvzg7pnspbffvesd5dy

A Multi-objective Decision Support Framework for Simulation-Based Security Control Selection

E. Kiesling, C. Strausss, C. Stummer
2012 2012 Seventh International Conference on Availability, Reliability and Security  
We outline a methodological framework that accounts for characteristics of the organization, its information infrastructure, assets to be protected, the particular threat sources it faces, and the decision-makers  ...  In this paper, we report on our ongoing research on simulation-based information security risk assessment and multi-objective optimization of investment in security controls.  ...  Conceptual model Optimization Engine Step 2: Baseline Risk Assessment Step Simulation Engine Threat Modeling/ Identification Infrastructure and Asset Modeling Candidate Control Identification  ... 
doi:10.1109/ares.2012.70 dblp:conf/IEEEares/KieslingSS12 fatcat:cnswkpi6hrey5gbd6l3xxapxkq

Risk-based Decision-making System for Information Processing Systems

Serhii Zybin, National Aviation University, Kyiv, Ukraine, Yana Bielozorova
2021 International Journal of Information Technology and Computer Science  
The known methods for solving the first problem provide for the identification of risks (qualitative analysis), as well as the assessment of the probabilities and the extent of possible damage (quantitative  ...  The main idea of the proposed approach to the analysis of the impact of threats and risks in decision-making is that events that cause threats or risks are considered as a part of the decision support  ...  The known methods for solving the first problem provide for the identification of risks (qualitative analysis), as well as the assessment of the probabilities and the extent of possible damage (quantitative  ... 
doi:10.5815/ijitcs.2021.05.01 fatcat:i57qxgex6bcgfcwqe5gywnplqq
« Previous Showing results 1 — 15 out of 28,732 results