Research on Information System Risk Analysis and Security Situation Assessment Method

In order to scientifically and accurately evaluate power information system, the new power information risk evaluation method based on the genetic algorithm and BP neural network is presented. The method combining the genetic algorithm and BP algorithm can be used to train the feedforward neural network , namely, first , to use the genetic algorithm to do the global training, then ,to use BP algorithm to do local precise training ,which not only overcomes the drawbacks of the traditional BP network (the training time is long, and the network is easy to fall to local extremum),but also improves the global convergence efficiency. The method was adopted to evaluate the power information system. And findings identify that the new method has distinctive convergence speed and high predicition accuracy, which provides a new concept for power information system risk assessment.

Download Full-text

Research on Network Threat and Situation Assessment Method of Electric Power Information System

Journal of Physics Conference Series ◽

10.1088/1742-6596/1883/1/012105 ◽

2021 ◽

Vol 1883 (1) ◽

pp. 012105

Author(s):

Yunhui Liang ◽

Linghao Zhang ◽

Sheng Wang ◽

Jie Zhang ◽

Juling Zhang ◽

...

Keyword(s):

Information System ◽

Electric Power ◽

Assessment Method ◽

Situation Assessment

Download Full-text

Research on the method of information system risk state estimation based on clustering particle filter

Open Physics ◽

10.1515/phys-2017-0026 ◽

2017 ◽

Vol 15 (1) ◽

pp. 240-246 ◽

Cited By ~ 1

Author(s):

Jia Cui ◽

Bei Hong ◽

Xuepeng Jiang ◽

Qinghua Chen

Keyword(s):

Risk Assessment ◽

Information System ◽

State Estimation ◽

Particle Filtering ◽

Dynamic Assessment ◽

Assessment Method ◽

Management Control ◽

Limited Information ◽

Filtering Algorithm ◽

System Risk

Abstract With the purpose of reinforcing correlation analysis of risk assessment threat factors, a dynamic assessment method of safety risks based on particle filtering is proposed, which takes threat analysis as the core. Based on the risk assessment standards, the method selects threat indicates, applies a particle filtering algorithm to calculate influencing weight of threat indications, and confirms information system risk levels by combining with state estimation theory. In order to improve the calculating efficiency of the particle filtering algorithm, the k-means cluster algorithm is introduced to the particle filtering algorithm. By clustering all particles, the author regards centroid as the representative to operate, so as to reduce calculated amount. The empirical experience indicates that the method can embody the relation of mutual dependence and influence in risk elements reasonably. Under the circumstance of limited information, it provides the scientific basis on fabricating a risk management control strategy.

Download Full-text

Research on Method of Information System Information Security Risk Management

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.926-930.4105 ◽

2014 ◽

Vol 926-930 ◽

pp. 4105-4109

Author(s):

Xiao Li Cao

Keyword(s):

Information System ◽

Risk Management ◽

Information Systems ◽

Information Security ◽

Risk Analysis ◽

Management Approach ◽

Security Risk ◽

System Risk ◽

Information Security Risk ◽

Security Risk Management

With the popularity of the Internet and global information continues to advance organizational information systems have become an important strategic resource for the survival of the importance of information security to protect its widespread concern. Once the information security organization information system is destroyed, the Organization for Security attribute information would cause tremendous impact the organization's business operation, the losses include not only economic, but also likely to organize image, reputation is a strategic competitive advantage even fatal injuries. However, the existing information systems of information security risk management approach to information system risk analysis and assessment with specific organizational environment and business background with fragmentation, lack of risk analysis and description of the formation process, carried only consider "technical" factors security decisions, lack of full expression to achieve the desired goal of a number of decisions on organizational decision-making. Therefore, the information system to carry information security risk management is essential.

Download Full-text

FORMALIZED DESCRIPTION OF THE PROCEDURE OF INFORMATION SYSTEM RISK MANAGEMENT

VESTNIK OF ASTRAKHAN STATE TECHNICAL UNIVERSITY SERIES MANAGEMENT COMPUTER SCIENCE AND INFORMATICS ◽

10.24143/2072-9502-2018-2-61-70 ◽

2018 ◽

pp. 61-70

Author(s):

Svetlana Sergeevna Kozunova ◽

Alla Grigorievna Kravets

Keyword(s):

Information System ◽

Risk Management ◽

Negative Consequences ◽

Management Procedure ◽

System Risk ◽

Weak Points ◽

Formalized Description ◽

Relationship Of ◽

The Relationship ◽

Further Development

The article highlights the aspects of risk management in the information system. According to the analysis of the work of Russian and foreign scientists and world practices in the field of risk management, it is stated that there is a need to improve the effectiveness of risk management of information system and to develop a method for managing the risks of the information system. As a solution to the problem of effective risk management of the information system, there has been proposed a formalized procedure for managing the risks of the information system. The scientific novelty of this solution is the use of decision space and optimization space to reduce risks. This procedure allows to assess the damage, risk and effectiveness of risk management of the information system. The risks of the information system are determined and analyzed; a pyramidal risk diagram is developed. This diagram allows you to describe the relationship of risks with the components of the information system. The negative consequences to which these risks can lead are given. The analysis of methods and approaches to risk management has been carried out. Based on the results of the analysis, the methods GRAMM, CORAS, GOST R ISO / IEC scored to the maximum. The weak points of these methods and the difficulty of applying these methods in practice are described. The developed formalized risk management procedure to control the risks of information system can be used as management system’s element of the information security quality that complies with the recommendations of GOST R ISO / IEC 27003-2012. The prospect of further development of the research results is the development of management systems of risk of information system.

Download Full-text

IRISK METHOD FOR SECURITY ESTIMATION OF THE SIMULATION POLYGON FOR THE PROTECTION OF CRITICAL INFORMATION RESOURCES

Visnyk Universytetu “Ukraina” ◽

10.36994/2707-4110-2019-2-23-27 ◽

2019 ◽

Author(s):

Bogdan Korniyenko ◽

Lilia Galata

Keyword(s):

Risk Assessment ◽

Information System ◽

Information Security ◽

Risk Analysis ◽

Information Resources ◽

Security System ◽

Assessment System ◽

Automated System ◽

Information Risk ◽

Critical Information

In this article, the research of information system protection by ana ly zing the risks for identifying threats for information security is considered. Information risk analysis is periodically conducted to identify information security threats and test the information security system. Currently, various information risk analysis techni ques exist and are being used, the main difference being the quantitative or qualitative risk assessment scales. On the basis of the existing methods of testing and evaluation of the vulnerabilities for the automated system, their advantages and disadvantages, for the possibility of further comparison of the spent resources and the security of the information system, the conclusion was made regarding the deter mi nation of the optimal method of testing the information security system in the context of the simulated polygon for the protection of critical information resources. A simula tion ground for the protection of critical information resources based on GNS3 application software has been developed and implemented. Among the considered methods of testing and risk analysis of the automated system, the optimal iRisk methodology was identified for testing the information security system on the basis of the simulated. The quantitative method Risk for security estimation is considered. Generalized iRisk risk assessment is calculated taking into account the following parameters: Vulnerabili ty — vulnerability assessment, Threat — threat assessment, Control — assessment of security measures. The methodology includes a common CVSS vul nerability assessment system, which allows you to use constantly relevant coefficients for the calculation of vulnerabilities, as well as have a list of all major vulnerabilities that are associated with all modern software products that can be used in the automated system. The known software and hardware vulnerabilities of the ground are considered and the resistance of the built network to specific threats by the iRisk method is calculated.

Download Full-text

Hierarchical network threat situation assessment method for DDoS based on D-S evidence theory

2017 IEEE International Conference on Intelligence and Security Informatics (ISI) ◽

10.1109/isi.2017.8004873 ◽

2017 ◽

Cited By ~ 2

Author(s):

Liu Zihao ◽

Zhang Bin ◽

Zhu Ning ◽

Li Lixun

Keyword(s):

Evidence Theory ◽

Assessment Method ◽

Hierarchical Network ◽

Situation Assessment ◽

Threat Situation

Download Full-text

Risk Analysis of Information System Security Based on Distance of Information-State Transition

Wuhan University Journal of Natural Sciences ◽

10.1007/s11859-018-1312-3 ◽

2018 ◽

Vol 23 (3) ◽

pp. 210-218 ◽

Cited By ~ 1

Author(s):

Chao Zhou ◽

Ping Pan ◽

Xinyue Mao ◽

Liang Huang

Keyword(s):

Information System ◽

Risk Analysis ◽

State Transition ◽

System Security ◽

Information System Security ◽

Information State

Download Full-text

Cyber Modeling and Simulation and System Risk Analysis

An Introduction to Cyber Modeling and Simulation ◽

10.1002/9781119420842.ch9 ◽

2018 ◽

pp. 101-124

Keyword(s):

Risk Analysis ◽

Modeling And Simulation ◽

System Risk

Download Full-text

Research Methodology of the Method of Optimization of Information Interaction in the Aspect of Solving the User's Problem

Telecom IT ◽

10.31854/2307-1303-2019-7-4-50-58 ◽

2019 ◽

Vol 7 (4) ◽

pp. 50-58

Author(s):

M. Buinevich ◽

P. Kurta

Keyword(s):

Information System ◽

Scientific Research ◽

Interaction Model ◽

Software Tool ◽

Assessment Method ◽

Performance Criteria ◽

Model Interaction ◽

Scenario Optimization ◽

Information Interaction ◽

Scientific Results

Research subject. Information interaction of the user with the information system. Objective. Improving the efficiency of user interaction with the information system to solve the main problem by customizing its interface and work script. Core results. The proposed methodology of scientific research aimed at achieving the goal, and consisting of 3 steps. As a result of each of them, the following main scientific results are expected to be obtained: interaction model, interaction assessment method, interaction optimization method. Also, it is expected to obtain private scientific results: the classification of the disadvantages of interaction, the influence of its parameters on the final efficiency, the architecture of the interface and scenario optimization system. Main conclusions. The proposed research scheme is scientifically correct and allows you to conduct a fullfledged scientific research and achieve the goal of the work. As a result, a method and a software tool will be developed that will make it possible to adjust a specific interface and a scenario for its work according to its own performance criteria - potency, operativeness and resource efficiency; at the same time, the general logic of solving the problem by the information system will remain unchanged.

Download Full-text