Factor identification and computation in the assessment of information security risks for digital libraries

2016 ◽  
Vol 51 (1) ◽  
pp. 78-94 ◽  
Author(s):  
Shuiqing Huang ◽  
Zhengbiao Han ◽  
Bo Yang ◽  
Ni Ren
Keyword(s):  
Information Security ◽  
Digital Library ◽  
Digital Libraries ◽  
Public Library ◽  
Weighted Average ◽  
Assessment Method ◽  
Security Risk ◽  
Security Risks ◽  
Assignment Method ◽  
The Status

This study proposes an objective methodology for identifying and computing the factors relevant to the assessment of information security risks for digital libraries that is also compliant with the ISO 27000 and the GB/T 20984 standards. By introducing a fuzzy comprehensive assessment method and an expert investigation method to the dimensions of assets and threats, this study proposes a model for computing the value of assets and the severity of threats. In the dimension of vulnerabilities, a vulnerability computation model based on the multi-channel weighted average method is proposed. By considering the digital library of a typical public library in China as the object of assessment, this study acquires assessment data by using a combination of a questionnaire survey, an on-site survey and vulnerability scanning. Research findings consisted of the following: (1) the digital library identified a total of 3111 information security risk items; (2) according to the assessment results attained using a combination of the factor identification and computational methodologies proposed here in conjunction with the multiplicative method specified in GB/T 20984, the high-risk (or higher risk) items accounted for 0.9% of all risky items, which is consistent with the status quo in information security risks faced by digital libraries. The analysis showed that the proposed methodology is more scientific than the currently prevailing direct value assignment method.

Development of an E-Healthcare Information Security Risk Assessment Method

2013 ◽  
Vol 24 (1) ◽  
pp. 36-57 ◽  
Author(s):  
June Wei ◽  
Binshan Lin ◽  
Meiga Loho-Noya
Keyword(s):  
Risk Factors ◽  
Information Security ◽  
Information Flow ◽  
Assessment Method ◽  
Assessment Model ◽  
Risk Level ◽  
Security Risk ◽  
Security Risks ◽  
Healthcare Information ◽  
Information Security Risk

This paper developed a method to assess information security risks in e-healthcare. Specifically, it first developed a static E-Healthcare Information Security Risk (EHISR) model to present thirty-three security risk factors by identifying information security threats and their sources in e-healthcare. Second, a dynamic E-Healthcare Information Flow (EHIF) model was developed to logically link these information risk factors in the EHISR model. Pattern analysis showed that information security risks could be classified into two levels, and versatility analysis showed that the overall security risks for eight information flows were close with a range from 55% to 86%. Third, one quantifiable approach based on a relative-weighted assessment model was developed to demonstrate how to assess the information security risks in e-healthcare. This quantitative security risk measurement establishes a reference point for assessing e-healthcare security risks and assists managers in selecting a reliable information flow infrastructure with a lower security risk level.

Genre-Based Approach to Assessing Information and Knowledge Security Risks

2014 ◽  
Vol 10 (2) ◽  
pp. 13-27 ◽  
Author(s):  
Ali Mohammad Padyab ◽  
Tero Päivärinta ◽  
Dan Harnesk
Keyword(s):  
Risk Assessment ◽  
Information Security ◽  
Assessment Method ◽  
Organizational Dynamics ◽  
Future Research ◽  
Security Risk ◽  
Security Risks ◽  
Risk Assessment Method ◽  
Information Security Risk ◽  
Security Risk Assessment

Contemporary methods for assessing information security risks have adopted mainly technical views on information and technology assets. Organizational dynamics of information management and knowledge sharing have gained less attention. This article outlines a new, genre-based, approach to information security risk assessment in order to orientate toward organization- and knowledge-centric identification and analysis of security risks. In order to operationalize the genre-based approach, we suggest the use of a genre-based analytical method for identifying organizational communication patterns through which organizational knowledge is shared. The genre-based method is then complemented with tasks and techniques from a textbook risk assessment method (OCTAVE Allegro). We discuss the initial experiences of three experienced information security professionals who tested the method. The article concludes with implications of the genre-based approach to analyzing information and knowledge security risks for future research and practice.

Development of an E-Healthcare Information Security Risk Assessment Method

2015 ◽  
pp. 248-269
Author(s):  
June Wei ◽  
Binshan Lin ◽  
Meiga Loho-Noya
Keyword(s):  
Risk Factors ◽  
Information Security ◽  
Information Flow ◽  
Assessment Method ◽  
Risk Level ◽  
Security Risk ◽  
Security Risks ◽  
Healthcare Information ◽  
Information Security Risk ◽  
Security Risk Assessment

This paper developed a method to assess information security risks in e-healthcare. Specifically, it first developed a static E-Healthcare Information Security Risk (EHISR) model to present thirty-three security risk factors by identifying information security threats and their sources in e-healthcare. Second, a dynamic E-Healthcare Information Flow (EHIF) model was developed to logically link these information risk factors in the EHISR model. Pattern analysis showed that information security risks could be classified into two levels, and versatility analysis showed that the overall security risks for eight information flows were close with a range from 55% to 86%. Third, one quantifiable approach based on a relative-weighted assessment model was developed to demonstrate how to assess the information security risks in e-healthcare. This quantitative security risk measurement establishes a reference point for assessing e-healthcare security risks and assists managers in selecting a reliable information flow infrastructure with a lower security risk level.

Genre-Based Approach to Assessing Information and Knowledge Security Risks

2015 ◽  
pp. 1237-1253
Author(s):  
Ali Mohammad Padyab ◽  
Tero Päivärinta ◽  
Dan Harnesk
Keyword(s):  
Risk Assessment ◽  
Information Security ◽  
Assessment Method ◽  
Organizational Dynamics ◽  
Future Research ◽  
Security Risk ◽  
Security Risks ◽  
Risk Assessment Method ◽  
Information Security Risk ◽  
Security Risk Assessment

Contemporary methods for assessing information security risks have adopted mainly technical views on information and technology assets. Organizational dynamics of information management and knowledge sharing have gained less attention. This article outlines a new, genre-based, approach to information security risk assessment in order to orientate toward organization- and knowledge-centric identification and analysis of security risks. In order to operationalize the genre-based approach, we suggest the use of a genre-based analytical method for identifying organizational communication patterns through which organizational knowledge is shared. The genre-based method is then complemented with tasks and techniques from a textbook risk assessment method (OCTAVE Allegro). We discuss the initial experiences of three experienced information security professionals who tested the method. The article concludes with implications of the genre-based approach to analyzing information and knowledge security risks for future research and practice.

Knowledge Transfer in Information Security Capacity Building for Community-Based Organizations

2015 ◽  
Vol 11 (4) ◽  
pp. 52-69 ◽  
Author(s):  
Janine L. Spears ◽  
Tonia San Nicolas-Rocca
Keyword(s):  
Service Learning ◽  
Information Security ◽  
Knowledge Transfer ◽  
Initial Study ◽  
Security Risk ◽  
Security Risks ◽  
Community Based ◽  
Services Sector ◽  
Community Based Organizations ◽  
Study Results

Community-based organizations (CBOs) in the health and human services sector handle very sensitive client information, such as psychiatric, HIV testing, criminal justice, and financial records. With annual revenue often in the range of $1 to $10 million, these organizations typically lack the financial, labor, and technical resources to identify and manage information security risks within their environment. Therefore, information security risk assessments were conducted at CBOs as part of a university service learning course intended to ultimately improve security within participating CBOs. Knowledge transfer between trainees and trainers is essential in order for security improvements to be realized. Therefore, this paper constructs a theoretical model of knowledge transfer that is used as a lens through which to examine initial study results of the CBO interventions as part of an exploratory study.

scholarly journals Information Security Risk Propagation Model Based on the SEIR Infectious Disease Model for Smart Grid

Information ◽  
2019 ◽  
Vol 10 (10) ◽  
pp. 323 ◽  
Author(s):  
Boyu Zhu ◽  
Song Deng ◽  
Yunan Xu ◽  
Xinya Yuan ◽  
Zi Zhang
Keyword(s):  
Infectious Disease ◽  
Information Systems ◽  
Information Security ◽  
Smart Grid ◽  
Disease Model ◽  
Propagation Model ◽  
Information Collection ◽  
Security Risk ◽  
Security Risks ◽  
Physical Systems

With the high integration of smart grid information and physical systems, the security of information systems must affect the safe and stable operation of physical systems. Risk assessment is an effectual means to objectively evaluate the information security threats of the smart grid. However, the existing risk assessment methods are aim at solving the threat of security risks in communication networks and information systems in the smart grid, but there is no in-depth study on how the spread of information security risks between information systems and physical systems in the smart grid. Therefore, based on the traditional infectious disease transmission theory, the information security risk propagation model based on the Susceptible–Exposed–Infected–Recovered (SEIR) infectious disease model for smart grid (ISRP-SEIRIDM) is proposed in this paper. In ISRP-SEIRIDM, we analyze the information interaction between information collection devices and define the connection of nature and the security risks between the information collection devices in the smart grid. At the same time, we also study the impact of the number of information acquisition devices and information interaction capabilities of these devices on the speed of security risk transmission between information systems and physics systems in the smart grid and the maximum risk range. Experimental results show that the risk propagation range can be significantly reduced by optimizing the data interaction capability and information transmission path between information collection devices in the smart grid; when a probability from a susceptible state to an exposed state reduces by 0.15, the maximum spread and average spread of security risk will be reduced by 7% and 1.96%, respectively.

scholarly journals Analysis and identification of ways to reduce critical information security risks

2020 ◽  
Vol 44 (4) ◽  
Author(s):  
M. M. Zaporozhchenko ◽  
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Acceptable Level ◽  
Security Risk ◽  
Security Risks ◽  
Critical Information ◽  
Information Security Risk ◽  
Information Assets ◽  
Security Risk Management

One of the key requirements for the protection of an organization's information assets is to ensure proper information security risk management. In the process of risk management, they should be identified, assessed, analyzed and processed in order to change the value of risk to an acceptable level. The article proposes to consider ways to reduce information risks that may be caused by critical categories of threats and vulnerabilities.

Sign in / Sign up

Export Citation Format

Share Document