scholarly journals Mathematical model for selecting a contractor to assess information security risks

2020 ◽  
Vol 23 (2) ◽  
pp. 36-41
Author(s):  
A. S. Koltays ◽  
◽  
A. A. Shatrova ◽  
A. A. Shelupanov ◽  
◽  
...  
Keyword(s):  
Mathematical Model ◽  
Information Security ◽  
Security Risks

scholarly journals A mathematical model of information security for a mining company

2020 ◽  
Vol 174 ◽  
pp. 04012
Author(s):  
Aleksandr Kirenberg ◽  
Aleksey Medvedev ◽  
Evgeniya Prokopenko
Keyword(s):  
Mathematical Model ◽  
Information Security ◽  
Cost Effective ◽  
Economic Security ◽  
Economic Systems ◽  
Security Risks ◽  
Mining Company ◽  
The Relationship ◽  
A Company ◽  
Efficiency Indicators

The relationship between the concepts of information and economic security in terms of their use in assessing the efficiency of business planning in a company using standard efficiency indicators (NPV) is discussed in the article. The necessity of using optimization models and methods for solving problems of information and economic security in a company is substantiated. A mathematical model has been developed to minimize the information security risks of a cost-effective company in the form of a two-objective linear optimal control problem. The conclusion is drawn about the possibility of using a mathematical model of information and economic security, as a component in the analysis of the investment attractiveness of economic systems and, in particular, small and medium- sized businesses.

scholarly journals Constructing a model for the dynamic evaluation of vulnerability in software based on public sources

2021 ◽  
Vol 6 (2 (114)) ◽  
pp. 19-29
Author(s):  
Yuliia Tatarinova ◽  
Olga Sinelnikova
Keyword(s):  
Mathematical Model ◽  
Information Security ◽  
Technical Information ◽  
General System ◽  
Security Risks ◽  
Dynamic Evaluation ◽  
System A ◽  
Neuro Fuzzy ◽  
The Cost ◽  
The Impact

One of the key processes in software development and information security management is the evaluation of vulnerability risks. Analysis and evaluation of vulnerabilities are considered a resource-intensive process that requires high qualifications and a lot of technical information. The main opportunities and drawbacks of existing systems for evaluation of vulnerability risks in software, which include the lack of consideration of the impact of trends and the degree of popularity of vulnerability on the final evaluation, were analyzed. During the study, the following information was analyzed in the structured form: the vector of the general system of vulnerability evaluation, the threat type, the attack vector, the existence of the original code with patches, exploitation programs, and trends. The obtained result made it possible to determine the main independent characteristics, the existence of a correlation between the parameters, the order, and schemes of the relationships between the basic magnitudes that affect the final value of evaluation of vulnerability impact on a system. A dataset with formalized characteristics, as well as expert evaluation for further construction of a mathematical model, was generated. Analysis of various approaches and methods for machine learning for construction of a target model of dynamic risk evaluation was carried out: neuro-fuzzy logic, regression analysis algorithms, neuro-network modeling. A mathematical model of dynamic evaluation of vulnerability risk in software, based on the dynamics of spreading information about a vulnerability in open sources and a multidimensional model with an accuracy of 88.9 %, was developed. Using the obtained model makes it possible to reduce the analysis time from several hours to several minutes and to make a more effective decision regarding the establishment of the order of patch prioritization, to unify the actions of experts, to reduce the cost of managing information security risks

Knowledge Transfer in Information Security Capacity Building for Community-Based Organizations

2015 ◽  
Vol 11 (4) ◽  
pp. 52-69 ◽  
Author(s):  
Janine L. Spears ◽  
Tonia San Nicolas-Rocca
Keyword(s):  
Service Learning ◽  
Information Security ◽  
Knowledge Transfer ◽  
Initial Study ◽  
Security Risk ◽  
Security Risks ◽  
Community Based ◽  
Services Sector ◽  
Community Based Organizations ◽  
Study Results

Community-based organizations (CBOs) in the health and human services sector handle very sensitive client information, such as psychiatric, HIV testing, criminal justice, and financial records. With annual revenue often in the range of $1 to $10 million, these organizations typically lack the financial, labor, and technical resources to identify and manage information security risks within their environment. Therefore, information security risk assessments were conducted at CBOs as part of a university service learning course intended to ultimately improve security within participating CBOs. Knowledge transfer between trainees and trainers is essential in order for security improvements to be realized. Therefore, this paper constructs a theoretical model of knowledge transfer that is used as a lens through which to examine initial study results of the CBO interventions as part of an exploratory study.

scholarly journals THE EXTANDING OF ECONOMIC-COST MODEL OF INFORMATION SECURITY RISKS MANAGMENT BY THE USE OF SOCIAL-PSYCHOLOGICAL TYPES OF INTRUDERS

2015 ◽  
Vol 17 (1) ◽  
Author(s):  
Олександр Євгенійович Архипов ◽  
Андрій Володимирович Скиба ◽  
Олена Іванівна Хоріна
Keyword(s):  
Information Security ◽  
Cost Model ◽  
Economic Cost ◽  
Social Psychological ◽  
Security Risks ◽  
Psychological Types

scholarly journals Use of entropy approach for information security risks assessment

2016 ◽  
Vol 4 (2) ◽  
pp. 255-261
Author(s):  
Volodymyr Mokhor ◽  
Vasyl Tsurkan ◽  
Yaroslav Dorohyi ◽  
Serhii Mykhailov ◽  
Oleksandr Bakalynskyi ◽  
...  
Keyword(s):  
Information Security ◽  
Security Risks ◽  
Risks Assessment

scholarly journals Analytical geometry approach for information security risks analyses

2015 ◽  
Vol 3 (1) ◽  
pp. 60-67
Author(s):  
Volodymyr Mokhor ◽  
Vitalii Bezshtanko ◽  
Serhii Honchar ◽  
Hryhorii Kravtsov ◽  
Ihor Kotsiuba ◽  
...  
Keyword(s):  
Information Security ◽  
Security Risks ◽  
Analytical Geometry

Security Information and Event Management Implementation Guidance

2013 ◽  
pp. 94-115
Author(s):  
Yushi Shen ◽  
Yale Li ◽  
Ling Wu ◽  
Shaofeng Liu ◽  
Qian Wen
Keyword(s):  
Information Security ◽  
Security Analysis ◽  
The United States ◽  
Professional Judgment ◽  
Event Management ◽  
Security Risks ◽  
Customer Information ◽  
Simple Step ◽  
Security Information ◽  
Security As A Service

This chapter is about guidance and implementation prepared by the Cloud Security Alliance (CSA) Security as a Service (SecaaS) workgroup, which is made up of users and practitioners in the field of information security. In preparing this implementation guide, input has been sought from experts throughout Europe, the Middle East, and the United States. A lot of professional judgment and experience are applied in the architecture, engineering, and implementation of a Security Information and Event Management (SIEM) guide to ensure that it logs the information necessary to successfully increase visibility and remove ambiguity, surrounding the security events and risks that an organization faces. By providing SIEM as a service under SecaaS, the provider has to be able to accept log and event information, customer information and event feeds, and conduct information security analysis, correlation, and support incident response. By providing flexible real-time access to SIEM information, it allows the party consuming the SIEM service to identify threats acting against their environment cloud. This identification then allows for the appropriate action and response to be taken to protect or mitigate the threat. The simple step of increasing visibility and removing ambiguity is a powerful tool to understanding the information security risks that an organization is facing.

Socio-Technical Determinants of Information Security Perceptions in US Local Governments

2016 ◽  
Vol 12 (3) ◽  
pp. 1-20
Author(s):  
Eunjung Shin ◽  
Eric W. Welch
Keyword(s):  
Local Government ◽  
Information Security ◽  
Local Governments ◽  
Security Policy ◽  
Organizational Design ◽  
Online Media ◽  
Electronic Information ◽  
Security Risks ◽  
Decentralized Decision Making ◽  
Using Data

Concerns about electronic information security in government have increased alongside increased use of online media. However, to date, few studies have examined the social mechanisms influencing electronic information security. This article applies a socio-technical framework to model how technical, organizational and environmental complexities limit electronic information security perceived by local government managers. Furthermore, it examines to what extent organizational design buffers security risks. Using data from a 2010 national survey of local government managers, this article empirically tests the proposed model in the context of U.S. local government's online media use. Findings show that, in addition to technical complexity, organizational and environmental complexities are negatively associated with local managers' awareness of and confidence in electronic information security. On the other hand, internal security policy and decentralized decision-making appear to buffer security risks and enhance perceived information security.

Sign in / Sign up

Export Citation Format

Share Document