Cybersecurity Risk Assessment of Information Systems of Critical Infrastructure Objects

2020 ◽  
Author(s):  
Volodymyr Mokhor ◽  
Serhii Honchar ◽  
Alla Onyskova
Keyword(s):  
Risk Assessment ◽  
Information Systems ◽  
Critical Infrastructure

scholarly journals Securing Remote Access to Information Systems of Critical Infrastructure Using Two-Factor Authentication

Electronics ◽  
2021 ◽  
Vol 10 (15) ◽  
pp. 1819
Author(s):  
Rasa Bruzgiene ◽  
Konstantinas Jurgilas
Keyword(s):  
Information Systems ◽  
Identity Management ◽  
Critical Infrastructure ◽  
User Authentication ◽  
Remote Access ◽  
Access To Information ◽  
Digital Space ◽  
Cyber Threats ◽  
The Core ◽  
Common Target

Information systems of critical infrastructure provide services on which the core functions of a state and its economy depend as well as welfare of society. Such systems are becoming an increasingly common target for crimes and attacks in cyberspace, as their vulnerabilities can be exploited for malicious activities seeking financial or political gain. One of the main reasons that threatens the security of these systems is the weak control of remote access, otherwise defined as management of a system’s user identity. Management of user identity depends on user authentication, authorization and the assignment of certain rights in the digital space. This paper provides the proposed two-factor (2FA) digital authentication method for remote access to an information system of a critical infrastructure. Results of testing the method’s usability and resilience to cyber threats have shown that the system, in which the method was implemented, is protected from dangerous HTTP requests and publicly available system’s endpoints are protected from threatening inputs that could cause malicious activities on the critical infrastructure. Additionally, the implementation of the authentication API application ensures the rapidity of the method for less than 500 ms for 100 users working in parallel with the system at the same time.

Risk Reduction in Natural Disaster Management through Information Systems

2015 ◽  
pp. 79-107
Author(s):  
Guido Schryen ◽  
Felix Wex
Keyword(s):  
Risk Assessment ◽  
Information Systems ◽  
United Nations ◽  
Natural Disasters ◽  
Natural Disaster ◽  
Disaster Management ◽  
Systems Research ◽  
Information Systems Research ◽  
The United Nations ◽  
Natural Disaster Management

Natural disasters, including earthquakes, Tsunamis, floods, hurricanes, and volcanic eruptions, have caused tremendous harm and continue to threaten millions of humans and various infrastructure capabilities each year. In their efforts to take countermeasures against the threats posed by future natural disasters, the United Nations formulated the “Hyogo Framework for Action”, which aims at assessing and reducing risk. This framework and a global review of disaster reduction initiatives of the United Nations acknowledge the need for information systems research contributions in addressing major challenges of natural disaster management. In this paper, the authors provide a review of the literature with regard to how information systems research has addressed risk assessment and reduction in natural disaster management. Based on the review the authors identify research gaps that are centered around the need for acquiring general knowledge on how to design IS artifacts for risk assessment and reduction. In order to close these gaps in further research, the authors develop a research agenda that follows the IS design science paradigm.

Information Systems Security Assurance Management at Municipal Software Solutions, Inc.

2011 ◽  
pp. 67-74
Author(s):  
Virginia Franke Kleist ◽  
Bonnie Morris ◽  
James W. Denton
Keyword(s):  
Risk Assessment ◽  
Information Systems ◽  
Information Systems Security ◽  
Accounting Information Systems ◽  
Security Assurance ◽  
Continuity Planning ◽  
Systems Security ◽  
Software Product ◽  
It Audit ◽  
Operations Center

Based on an actual company, this case focuses on Business Continuity Planning issues for a small but growing software company, Municipal Software Solutions, Inc. (MSS). The firm experienced a catastrophic fire which completely eliminated all aspects of the information systems infrastructure, including the software product code repository, the client access infrastructure, the hardware operations center, and the software design facility. Fortunately, no one was harmed, and the firm survived despite the fact that it did not have a formal disaster recovery plan in place. MSS was very lucky. The case can be used in conjunction with coverage of risk assessment concepts in the context of the availability component of systems reliability and trust of services management. Accordingly, it is appropriate for use in courses covering information systems security, accounting information systems, or IT audit.

Sign in / Sign up

Export Citation Format

Share Document