A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis

Purpose – Actual costs frequently deviate from the estimated costs in either favorable or adverse direction in construction projects. Conventional cost evaluation methods do not take the uncertainty and correlation effects into account. In this regard, a simulation-based cost risk analysis model, the Correlated Cost Risk Analysis Model, previously has been proposed to evaluate the uncertainty effect on construction costs in case of correlated costs and correlated risk-factors. The purpose of this paper is to introduce the detailed evaluation of the Cost Risk Analysis Model through scenario and sensitivity analyses. Design/methodology/approach – The evaluation process consists of three scenarios with three sensitivity analyses in each and 28 simulations in total. During applications, the model’s important parameter called the mean proportion coefficient is modified and the user-dependent variables like the risk-factor influence degrees are changed to observe the response of the model to these modifications and to examine the indirect, two-sided and qualitative correlation capturing algorithm of the model. Monte Carlo Simulation is also applied on the same data to compare the results. Findings – The findings have shown that the Correlated Cost Risk Analysis Model is capable of capturing the correlation between the costs and between the risk-factors, and operates in accordance with the theoretical expectancies. Originality/value – Correlated Cost Risk Analysis Model can be preferred as a reliable and practical method by the professionals of the construction sector thanks to its detailed evaluation introduced in this paper.

Download Full-text

Risk analysis of construction of administration projects using Bayesian networks

Journal of Engineering Design and Technology ◽

10.1108/jedt-04-2021-0222 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Mohammad Osama ◽

Aly Sherif ◽

Mohamed Badawy

Keyword(s):

Risk Factors ◽

Life Cycle ◽

Risk Analysis ◽

Construction Industry ◽

Construction Projects ◽

Causal Relationships ◽

Content Type ◽

Project Life Cycle ◽

Project Objectives ◽

Project Life

Purpose This paper aims to enlighten the importance of the risk management process which is considered as a major procedure to effectively handle the potential inherent risks in the construction industry. However, most traditional risk analysis techniques are based on theories that deal with each risk factor as an independent, which does not take into consideration the causal relationships between risk factors. Design/methodology/approach This study aspires to identify the overall risk of the administrative construction projects in Egypt and to recognize the most influencing risk factors through the project life cycle by using Bayesian belief networks (BBN). Through a review of the literature, 27 risk factors were identified and categorized as the most common risk factors in the construction industry. A structured questionnaire was performed to estimate the probability and severity of these risks. Through site visits and interviews with experts in the construction field, 200 valid questionnaires were collected. A risk analysis model was developed using BBNs, then the applicability of this model was verified using a case study in Egypt. Findings However, the outcome showed that critical risks that manipulate administrative construction projects in Egypt were corruption and bribery, contractor financial difficulties, force majeure, damage to the structure and defective material installation. Practical implications The proposed study presents the possibilities available to the project parties to obtain a better forecast of the project objectives, including the project duration, total project cost and the target quality by examining the causal relationships between project risks and project objectives. Originality/value This study aspires to identify the overall risk of the administrative construction projects in Egypt and to recognize the most influencing risk factors through the project life cycle by using BBNs.

Download Full-text

Research of Bid Evaluation Risk Analysis Model Based on Decision Tree

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.998-999.1595 ◽

2014 ◽

Vol 998-999 ◽

pp. 1595-1600

Author(s):

Hui Kai Gao ◽

Lin Ying Xu ◽

Cai Hong Li

Keyword(s):

Risk Factors ◽

Statistical Theory ◽

Risk Analysis ◽

Decision Tree ◽

Project Implementation ◽

Classification Rules ◽

Analysis Model ◽

C4.5 Algorithm ◽

Potential Risks ◽

Bid Evaluation

Human and objective factors in bid evaluation might bring some risks to the relevant project. Therefore, an evaluation results-oriented model is developed for analyzing the projects' risks. The risk analysis model analyzes bidders’ evaluation results data by adopting the C4.5 algorithm, and then conducts risk analysis based on statistical theory and classification rules of the decision tree. The experiment result shows that the model could correctly detect risk factors of the bid-winning enterprise, issue early warnings of the potential risks during the project implementation, and provide suggestions to cope with the risks.

Download Full-text

Information Security Risk Analysis

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch190 ◽

2008 ◽

pp. 2849-2864

Author(s):

Sanjay Goel ◽

Damira Pon

Keyword(s):

Information Systems ◽

Information Security ◽

Risk Analysis ◽

Teaching Hospital ◽

Information Science ◽

Business And Society ◽

Security Risk ◽

Security Breaches ◽

Operational Information ◽

Nature Of Information

There is a strong need for information security education, which stems from the pervasiveness of information technology in business and society. Both government departments and private industries depend on information systems, as information systems are widespread across all business functions. Disruption of critical operational information systems can have serious financial impacts. According to a CSI/FBI report (2004), losses from security breaches have risen rapidly in recent years and exceeded $200 million in 2003. The information security field is very diverse and combines disciplines such as computer science, business, information science, engineering, education, psychology, criminal justice, public administration, law, and accounting. The broad interdisciplinary nature of information security requires several specialists to collaboratively teach the curriculum and integrate different perspectives and teaching styles into a cohesivedelivery. This chapter presents a pedagogical model based on a “teaching hospital” concept that addresses the issues introduced above. By using a specific information-risk-analysis case, the chapter highlights the basic concept of the teaching hospital and its application in teaching and learning contexts.

Download Full-text

Physical and logical Security Risk Analysis model

2011 Carnahan Conference on Security Technology ◽

10.1109/ccst.2011.6095895 ◽

2011 ◽

Cited By ~ 1

Author(s):

Koldo Pecina ◽

Alfonso Bilbao ◽

Enrique Bilbao

Keyword(s):

Risk Analysis ◽

Security Risk ◽

Analysis Model

Download Full-text

A Probabilistic Estimation Model for Information Systems Security Risk Analysis

2009 International Conference on Management and Service Science ◽

10.1109/icmss.2009.5303998 ◽

2009 ◽

Cited By ~ 1

Author(s):

Nan Feng ◽

Jing Xie ◽

Deying Fang

Keyword(s):

Information Systems ◽

Risk Analysis ◽

Security Risk ◽

Information Systems Security ◽

Estimation Model ◽

Probabilistic Estimation ◽

Systems Security

Download Full-text

Digital Twin-Based Safety Risk Coupling of Prefabricated Building Hoisting

Sensors ◽

10.3390/s21113583 ◽

2021 ◽

Vol 21 (11) ◽

pp. 3583

Author(s):

Zhansheng Liu ◽

Xintong Meng ◽

Zezhong Xing ◽

Antong Jiang

Keyword(s):

Risk Factors ◽

Risk Analysis ◽

Information Integration ◽

Large Scale ◽

Security Management ◽

Information Modeling ◽

Security Risk ◽

Safety Risk ◽

Digital Twin ◽

Prefabricated Building

Safety management in hoisting is the key issue to determine the development of prefabricated building construction. However, the security management in the hoisting stage lacks a truly effective method of information physical fusion, and the safety risk analysis of hoisting does not consider the interaction of risk factors. In this paper, a hoisting safety risk management framework based on digital twin (DT) is presented. The digital twin hoisting safety risk coupling model is built. The proposed model integrates the Internet of Things (IoT), Building Information Modeling (BIM), and a security risk analysis method combining the Apriori algorithm and complex network. The real-time perception and virtual–real interaction of multi-source information in the hoisting process are realized, the association rules and coupling relationship among hoisting safety risk factors are mined, and the time-varying data information is visualized. Demonstration in the construction of a large-scale prefabricated building shows that with the proposed framework, it is possible to complete the information fusion between the hoisting site and the virtual model and realize the visual management. The correlative relationship among hoisting construction safety risk factors is analyzed, and the key control factors are found. Moreover, the efficiency of information integration and sharing is improved, the gap of coupling analysis of security risk factors is filled, and effective security management and decision-making are achieved with the proposed approach.

Download Full-text

An Investigation Of Organizational Information Security Risk Analysis

Journal of Service Science (JSS) ◽

10.19030/jss.v3i2.368 ◽

2010 ◽

Vol 3 (2) ◽

Cited By ~ 1

Author(s):

Zack Jourdan ◽

R. Kelly Rainer, Jr. ◽

Thomas E. Marshall ◽

F. Nelson Ford

Keyword(s):

Information Systems ◽

Information Security ◽

Risk Analysis ◽

Security Threats ◽

Security Risk ◽

Current State ◽

Policies And Procedures ◽

Organizational Information ◽

Quantitative Results ◽

Information Security Risk

Despite a growing number and variety of information security threats, many organizations continue to neglect implementing information security policies and procedures. The likelihood that an organization’s information systems can fall victim to these threats is known as information systems risk (Straub & Welke, 1998). To combat these threats, an organization must undergo a rigorous process of self-analysis. To better understand the current state of this information security risk analysis (ISRA) process, this study deployed a questionnaire using both open-ended and closed ended questions administered to a group of information security professionals (N=32). The qualitative and quantitative results of this study show that organizations are beginning to conduct regularly scheduled ISRA processes. However, the results also show that organizations still have room for improvement to create idyllic ISRA processes.

Download Full-text