Risk Assessment of Security Requirements of Banking Information Systems Based on Attack Patterns

Security Risk Assessment of Information Systems in an Indeterminate Environment

2021 11th International Conference on Cloud Computing, Data Science & Engineering (Confluence) ◽

10.1109/confluence51648.2021.9377129 ◽

2021 ◽

Author(s):

Basundhara Basumatary ◽

Chandan Kumar ◽

Dilip Kumar Yadav

Keyword(s):

Risk Assessment ◽

Information Systems ◽

Security Risk ◽

Security Risk Assessment

Download Full-text

Model and Technique for Abonent Address Masking in Cyberspace

Voprosy kiberbezopasnosti ◽

10.21681/2311-3456-2020-06-2-13 ◽

2020 ◽

pp. 2-13

Author(s):

Vadim Kuchurov ◽

◽

Roman Maximov ◽

Roman Sherstobitov ◽

◽

...

Keyword(s):

Information System ◽

Information Systems ◽

Information Security ◽

Information Exchange ◽

Information Technologies ◽

System Structure ◽

Security Requirements ◽

Kolmogorov Equation ◽

Basic Set ◽

Technical Solutions

Regulators charge to counter information security threats against the structural and functional characteristics of the information system to ensure the information security requirements. These requirements include information system structure and composition, information technologies and functioning characteristics, physical and logical, functional and technological interconnections between information system segments. They order false components of information system emulation as a basic step of protection, as well as information technologies hiding, information system configuration management and its switching to predetermined configuration that provides a protection. However that steps are not included into basic set and they protection aims are reached with compensative assets, formalizing and implementing inhibitory orders and set of organizational and technical measures on threat source. The purpose of research – to disclose and to state main ways of search of new technical solutions for structure masking of distributed information systems in cyberspace implementing masking traffic taking into account the requirements for the timeliness of information exchange. The method of research – operations research in the face of uncertainty, the application of the theory of Markov processes and Kolmogorov equation for solving the problem of increasing the efficiency of masking exchange. The result of research – finding the probabilistic and temporal characteristics of the functioning process of the data transmission network when applying technical solutions for information systems masking in cyberspace. The results obtained make it possible to explicitly implement protection measures aimed at forming persistent false stereotypes among violators about information systems and control processes implemented with their help.

Download Full-text

Integrated Information Systems for Technological Risk Assessment

Computer Supported Risk Management - Topics in Safety, Risk, Reliability and Quality ◽

10.1007/978-94-011-0245-2_13 ◽

1995 ◽

pp. 213-232 ◽

Cited By ~ 3

Author(s):

Kurt Fedra ◽

Elisabeth Weigkricht

Keyword(s):

Risk Assessment ◽

Information Systems ◽

Technological Risk ◽

Integrated Information

Download Full-text

Risk-aware decision support with constrained goal models

Information and Computer Security ◽

10.1108/ics-01-2018-0010 ◽

2018 ◽

Vol 26 (4) ◽

pp. 472-490 ◽

Cited By ~ 1

Author(s):

Nikolaos Argyropoulos ◽

Konstantinos Angelopoulos ◽

Haralambos Mouratidis ◽

Andrew Fish

Keyword(s):

Risk Assessment ◽

Automated Reasoning ◽

Functional System ◽

Assessment Process ◽

Security Requirements ◽

Government Information ◽

Content Type ◽

Additional Value ◽

Goal Models ◽

Selection Of

Purpose The selection of security configurations for complex information systems is a cumbersome process. Decision-making regarding the choice of security countermeasures has to take into consideration a multitude of, often conflicting, functional and non-functional system goals. Therefore, a structured method to support crucial security decisions during a system’s design that can take account of risk whilst providing feedback on the optimal decisions within specific scenarios would be valuable. Design/methodology/approach Secure Tropos is a well-established security requirements engineering methodology, but it has no concepts of Risk, whilst Constrained Goal Models are an existing method to support relevant automated reasoning tasks. Hence we bridge these methods, by extending Secure Tropos to incorporate the concept of Risk, so that the elicitation and analysis of security requirements can be complimented by a systematic risk assessment process during a system’s design time and supporting the reasoning regarding the selection of optimal security configurations with respect to multiple system objectives and constraints, via constrained goal models. Findings As a means of conceptual evaluation, to give an idea of the applicability of the approach and to check if alterations may be desirable, a case study of its application to an e-government information system is presented. The proposed approach is able to generate security mechanism configurations for multiple optimisation scenarios that are provided, whilst there are limitations in terms of a natural trade-off of information levels of risk assessment that are required to be elicited. Originality/value The proposed approach adds additional value via its flexibility in permitting the consideration of different optimisation scenarios by prioritising different system goals and the automated reasoning support.

Download Full-text

Cybersecurity Risk Assessment of Information Systems of Critical Infrastructure Objects

2020 IEEE International Conference on Problems of Infocommunications. Science and Technology (PIC S&T) ◽

10.1109/picst51311.2020.9467957 ◽

2020 ◽

Author(s):

Volodymyr Mokhor ◽

Serhii Honchar ◽

Alla Onyskova

Keyword(s):

Risk Assessment ◽

Information Systems ◽

Critical Infrastructure

Download Full-text

An Accounting Information Systems Perspective on Data Analytics and Big Data

Journal of Information Systems ◽

10.2308/isys-51799 ◽

2017 ◽

Vol 31 (3) ◽

pp. 101-114 ◽

Cited By ~ 19

Author(s):

Esperanza Huerta ◽

Scott Jensen

Keyword(s):

Big Data ◽

Information Systems ◽

Data Analytics ◽

Accounting Information ◽

Security Requirements ◽

Future Research ◽

Accounting Information Systems ◽

Systems Perspective ◽

Analytic Skills

ABSTRACT Forty-six academics and practitioners participated in the second Journal of Information Systems Conference to discuss data analytics and Big Data from an accounting information systems perspective. The panels discussed the evolving role of technology in accounting, privacy within the domain of Big Data, and people and Big Data. Throughout all three panels, several topics emerged that impact all areas of accounting—developing enhanced analytical and data handling skills; evaluating privacy, security requirements, and risks; thinking creatively; and assessing the threat of automation to the accounting profession. Other topics were specific to a segment of the profession, such as the growing demand for privacy compliance audits and the curriculum adjustments necessary to develop data analytic skills. This commentary synthesizes and expands the discussions of the conference panels and suggests potential areas for future research.

Download Full-text

Dynamic FCFS ACM Model for Risk Assessment on Real Time Unix File System

Transportation Systems and Engineering ◽

10.4018/978-1-4666-8473-7.ch027 ◽

2015 ◽

pp. 551-571

Author(s):

Prashant Kumar Patra ◽

Padma Lochan Pradhan

Keyword(s):

Risk Assessment ◽

Access Control ◽

Security Policy ◽

Security Requirements ◽

Management Policy ◽

Security Model ◽

Distributed Environment ◽

Web Portal ◽

Proposed Model ◽

The Right

The access control is a mechanism that a system grants, revoke the right to access the object. The subject and object can able to integrate, synchronize, communicate and optimize through read, write and execute over a UFS. The access control mechanism is the process of mediating each and every request to system resources, application and data maintained by a operating system and determining whether the request should be approve, created, granted or denied as per top management policy. The AC mechanism, management and decision is enforced by implementing regulations established by a security policy. The management has to investigate the basic concepts behind access control design and enforcement, point out different security requirements that may need to be taken into consideration. The authors have to formulate and implement several ACM on normalizing and optimizing them step by step, that have been highlighted in proposed model for development and production purpose. This research paper contributes to the development of an optimization model that aims and objective to determine the optimal cost, time and maximize the quality of services to be invested into security model and mechanisms deciding on the measure components of UFS. This model has to apply to ACM utilities over a Web portal server on object oriented and distributed environment. This ACM will be resolve the uncertainty, un-order, un formal and unset up (U^4) problems of web portal on right time and right place of any where & any time in around the globe. It will be more measurable and accountable for performance, fault tolerance, throughput, bench marking and risk assessment on any application.

Download Full-text

Risk Reduction in Natural Disaster Management through Information Systems

Transportation Systems and Engineering ◽

10.4018/978-1-4666-8473-7.ch004 ◽

2015 ◽

pp. 79-107

Author(s):

Guido Schryen ◽

Felix Wex

Keyword(s):

Risk Assessment ◽

Information Systems ◽

United Nations ◽

Natural Disasters ◽

Natural Disaster ◽

Disaster Management ◽

Systems Research ◽

Information Systems Research ◽

The United Nations ◽

Natural Disaster Management

Natural disasters, including earthquakes, Tsunamis, floods, hurricanes, and volcanic eruptions, have caused tremendous harm and continue to threaten millions of humans and various infrastructure capabilities each year. In their efforts to take countermeasures against the threats posed by future natural disasters, the United Nations formulated the “Hyogo Framework for Action”, which aims at assessing and reducing risk. This framework and a global review of disaster reduction initiatives of the United Nations acknowledge the need for information systems research contributions in addressing major challenges of natural disaster management. In this paper, the authors provide a review of the literature with regard to how information systems research has addressed risk assessment and reduction in natural disaster management. Based on the review the authors identify research gaps that are centered around the need for acquiring general knowledge on how to design IS artifacts for risk assessment and reduction. In order to close these gaps in further research, the authors develop a research agenda that follows the IS design science paradigm.

Download Full-text

Internal Control Considerations for Information System Changes and Patches

Advances in Business Information Systems and Analytics - Information Systems and Technology for Organizational Agility, Intelligence, and Resilience ◽

10.4018/978-1-4666-5970-4.ch008 ◽

2014 ◽

pp. 161-179 ◽

Cited By ~ 2

Author(s):

Jeffrey S. Zanzig ◽

Guillermo A. Francia III ◽

Xavier P. Francia

Keyword(s):

Information System ◽

Information Systems ◽

Internal Control ◽

Security Requirements ◽

Information Technology Professionals ◽

Organization Management ◽

Internal Auditors ◽

Security Issues ◽

System Changes ◽

Current Change

The dependence of businesses on properly functioning information systems to allow organizational personnel and outside investors to make important decisions has never been more pronounced. Information systems are constantly evolving due to operational and security requirements. These changes to information systems involve a risk that they could occur in a way that results in improper processing of information and/or security issues. The purpose of this chapter is to consider related guidance provided in a Global Technology Audit Guide (GTAG) from The Institute of Internal Auditors in conjunction with current change and patch management literature in order to assist internal auditors and organizational personnel in better understanding a process that leads to efficient and effective information system changes. The authors describe how internal auditors and information technology professionals can work together with organization management to form a mature approach in addressing both major information system changes and patches.

Download Full-text

A Mark-Up Language for the Specification of Information Security Governance Requirements

Privacy Solutions and Security Frameworks in Information Protection ◽

10.4018/978-1-4666-2050-6.ch007 ◽

2013 ◽

pp. 103-123

Author(s):

Anirban Sengupta ◽

Chandan Mazumdar

Keyword(s):

Information Systems ◽

Information Security ◽

Security Requirements ◽

Security Requirement ◽

Security Governance ◽

Digital World ◽

Information Security Governance ◽

Version 2.0 ◽

Enterprise Security ◽

And Control

As enterprises become dependent on information systems, the need for effective Information Security Governance (ISG) assumes significance. ISG manages risks relating to the confidentiality, integrity and availability of information, and its supporting processes and systems, in an enterprise. Even a medium-sized enterprise contains a huge collection of information and other assets. Moreover, risks evolve rapidly in today’s connected digital world. Therefore, the proper implementation of ISG requires automation of the various monitoring, analysis, and control processes. This can be best achieved by representing information security requirements of an enterprise in a standard, structured format. This paper presents such a structured format in the form of Enterprise Security Requirement Markup Language (ESRML) Version 2.0. It is an XML-based language that considers the elements of ISO 27002 best practices.

Download Full-text