Combination of D-AHP and Grey Theory for the Assessment of the Information Security Risks of Smart Grids

As a modern power infrastructure, smart grids have great advantages over traditional power grids, but their effective operation is largely restricted by information security. Hence, a smart grid information security risk assessment (ISRA) method is proposed. This method combines D numbers to improve the classical analytic hierarchy process (D-AHP) independent of experts’ subjective qualitative assessment and then integrated with grey theory which does not require complete and unambiguous information. First, we establish a smart grid ISRA system according to the characteristics and development reality of smart grid technology. The proposed system includes 5 first-level indexes as an intelligent terminal, a wireless communication channel, password security, application code and embedded system, and corresponding 13 secondary indexes. Second, a D-AHP method aimed at the uncertainty of human subjective judgment and fuzziness of language assessment is used to obtain the weight of each index. The D-AHP method is then combined with the grey assessment matrix solved by grey theory, to obtain the comprehensive assessment value and corresponding risk grade. With a smart grid demonstration project in Suzhou, China, as an example, an empirical study is carried out using expert scoring. The comprehensive assessment risk value is 3.8199, and the corresponding risk level is moderate. The results of this work could serve as a reference for the information security protection of smart grids.

Download Full-text

A Situation-Aware Scheme for Efficient Device Authentication in Smart Grid-Enabled Home Area Networks

Electronics ◽

10.3390/electronics9060989 ◽

2020 ◽

Vol 9 (6) ◽

pp. 989 ◽

Cited By ~ 1

Author(s):

Anhao Xiang ◽

Jun Zheng

Keyword(s):

Smart Grid ◽

Smart Grids ◽

Communication Complexity ◽

Situational Awareness ◽

Security Analysis ◽

Risk Level ◽

Security Risk ◽

Risk Levels ◽

Home Area ◽

Home Area Networks

Home area networks (HANs) are the most vulnerable part of smart grids since they are not directly controlled by utilities. Device authentication is one of most important mechanisms to protect the security of smart grid-enabled HANs (SG-HANs). In this paper, we propose a situation-aware scheme for efficient device authentication in SG-HANs. The proposed scheme utilizes the security risk information assessed by the smart home system with a situational awareness feature. A suitable authentication protocol with adequate security protection and computational and communication complexity is then selected based on the assessed security risk level. A protocol design of the proposed scheme considering two security risk levels is presented in the paper. The security of the design is verified by using both formal verification and informal security analysis. Our performance analysis demonstrates that the proposed scheme is efficient in terms of computational and communication costs.

Download Full-text

A Technoethical Study of Ethical Hacking Communication and Management Within a Canadian University

The Changing Scope of Technoethics in Contemporary Society - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-5094-5.ch017 ◽

2018 ◽

pp. 307-326 ◽

Cited By ~ 1

Author(s):

Baha Abu-Shaqra ◽

Rocci Luppicini

Keyword(s):

Decision Making ◽

Information Security ◽

Ethical Decision Making ◽

Information Environment ◽

Risk Level ◽

Security Risk ◽

Study Approach ◽

Security Awareness Training ◽

Security Risk Management ◽

Decision Making Model

Ethical hacking is an important information security risk management strategy within higher education applied against the growing threat of hacking attacks. Confusion regarding the meaning and ethics of ethical hacking within broader society and which resonates within organizations undermines information security. Confusion within organizations increases unpredictably (equivocality) in the information environment, which raises risk level. Taking a qualitative exploratory case study approach, this chapter pairs technoethical inquiry theory with Karl Weick's sensemaking model to explore the meanings, ethics, uses and practices, and value of ethical hacking in a Canadian university and applies technoethical inquiry decision-making grid (TEI-DMG) as an ethical decision-making model. Findings point to the need to expand the communicative and sociocultural considerations involved in decision making about ethical hacking organizational practices, and to security awareness training to leverage sensemaking opportunities and reduce equivocality in the information environment.

Download Full-text

Information security risk assessment using the AHP method

IOP Conference Series Materials Science and Engineering ◽

10.1088/1757-899x/710/1/012036 ◽

2019 ◽

Vol 710 ◽

pp. 012036

Author(s):

J Zaburko ◽

J Szulżyk-Cieplak

Keyword(s):

Risk Assessment ◽

Information Security ◽

Security Risk ◽

Ahp Method ◽

Information Security Risk ◽

Security Risk Assessment

Download Full-text

Information Security Risk Propagation Model Based on the SEIR Infectious Disease Model for Smart Grid

Information ◽

10.3390/info10100323 ◽

2019 ◽

Vol 10 (10) ◽

pp. 323 ◽

Cited By ~ 1

Author(s):

Boyu Zhu ◽

Song Deng ◽

Yunan Xu ◽

Xinya Yuan ◽

Zi Zhang

Keyword(s):

Infectious Disease ◽

Information Systems ◽

Information Security ◽

Smart Grid ◽

Disease Model ◽

Propagation Model ◽

Information Collection ◽

Security Risk ◽

Security Risks ◽

Physical Systems

With the high integration of smart grid information and physical systems, the security of information systems must affect the safe and stable operation of physical systems. Risk assessment is an effectual means to objectively evaluate the information security threats of the smart grid. However, the existing risk assessment methods are aim at solving the threat of security risks in communication networks and information systems in the smart grid, but there is no in-depth study on how the spread of information security risks between information systems and physical systems in the smart grid. Therefore, based on the traditional infectious disease transmission theory, the information security risk propagation model based on the Susceptible–Exposed–Infected–Recovered (SEIR) infectious disease model for smart grid (ISRP-SEIRIDM) is proposed in this paper. In ISRP-SEIRIDM, we analyze the information interaction between information collection devices and define the connection of nature and the security risks between the information collection devices in the smart grid. At the same time, we also study the impact of the number of information acquisition devices and information interaction capabilities of these devices on the speed of security risk transmission between information systems and physics systems in the smart grid and the maximum risk range. Experimental results show that the risk propagation range can be significantly reduced by optimizing the data interaction capability and information transmission path between information collection devices in the smart grid; when a probability from a susceptible state to an exposed state reduces by 0.15, the maximum spread and average spread of security risk will be reduced by 7% and 1.96%, respectively.

Download Full-text

Using cluster analysis techniques to optimize the qualitative assessment of information security risk

Bezopasnost informacionnyh tehnology ◽

10.26583/bit.2021.2.07 ◽

2021 ◽

Vol 28 (2) ◽

pp. 70-82

Author(s):

Vladimir L. Evseev ◽

Anton S. Burakov ◽

Vitaliy G. Ivanenko

Keyword(s):

Cluster Analysis ◽

Information Security ◽

Qualitative Assessment ◽

Security Risk ◽

Analysis Techniques ◽

Information Security Risk

Download Full-text

Development of an E-Healthcare Information Security Risk Assessment Method

Journal of Database Management ◽

10.4018/jdm.2013010103 ◽

2013 ◽

Vol 24 (1) ◽

pp. 36-57 ◽

Cited By ~ 6

Author(s):

June Wei ◽

Binshan Lin ◽

Meiga Loho-Noya

Keyword(s):

Risk Factors ◽

Information Security ◽

Information Flow ◽

Assessment Method ◽

Assessment Model ◽

Risk Level ◽

Security Risk ◽

Security Risks ◽

Healthcare Information ◽

Information Security Risk

This paper developed a method to assess information security risks in e-healthcare. Specifically, it first developed a static E-Healthcare Information Security Risk (EHISR) model to present thirty-three security risk factors by identifying information security threats and their sources in e-healthcare. Second, a dynamic E-Healthcare Information Flow (EHIF) model was developed to logically link these information risk factors in the EHISR model. Pattern analysis showed that information security risks could be classified into two levels, and versatility analysis showed that the overall security risks for eight information flows were close with a range from 55% to 86%. Third, one quantifiable approach based on a relative-weighted assessment model was developed to demonstrate how to assess the information security risks in e-healthcare. This quantitative security risk measurement establishes a reference point for assessing e-healthcare security risks and assists managers in selecting a reliable information flow infrastructure with a lower security risk level.

Download Full-text

Research of information security risk prediction based on grey theory and ANP

2016 IEEE Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC) ◽

10.1109/imcec.2016.7867182 ◽

2016 ◽

Cited By ~ 2

Author(s):

Qian Yu ◽

Yongjun Shen

Keyword(s):

Information Security ◽

Risk Prediction ◽

Grey Theory ◽

Security Risk ◽

Information Security Risk

Download Full-text

The Research of Information Security Risk Assessment Method Based on AHP

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.187.575 ◽

2011 ◽

Vol 187 ◽

pp. 575-580 ◽

Cited By ~ 3

Author(s):

Ning Xu ◽

Dong Mei Zhao

Keyword(s):

Risk Assessment ◽

Network Security ◽

Information Security ◽

Hierarchical Model ◽

Assessment Method ◽

Security Risk ◽

Ahp Method ◽

Related Factors ◽

Information Security Risk ◽

Security Risk Assessment

Information security risk assessment is one important part of the security engineering in information system. It has been the focus of the research in the world wide information security fields. This paper designs and realizes a new model of information security risk assessment based on AHP method. In this case, In order to estimate the network security risk by AHP method, firstly should identify the most related factors and establish the threaten identification Hierarchical Model and Vulnerability Identification Hierarchical Model for information security risks. Then, compare every two elements to determine the relative importance of each element. Finally, judge the comprehensive weight for each element. The study of the case shows that the method can be easily used to the risk assessment of the network security. The results are in accord with the reality.

Download Full-text