METHODOLOGICAL APPROACH TO FORMALIZED ASSESSMENT OF THE EFFECTIVENESS OF A NETWORK INFORMATION SECURITY TOOL FOR AN AUTOMATED SYSTEM

2021 ◽  
pp. 17-33
Author(s):  
A.V. ANISHCHENKO ◽  
◽  
D.V. CHUPRIN ◽  
Keyword(s):  
Information Security ◽  
Performance Indicators ◽  
Performance Indicator ◽  
Methodological Approach ◽  
Automated System ◽  
Network Information

The relevance are substantiated and the calculation relations for computing the components of the integral performance indicator – private performance indicators – based on the technical characteristics of the network information security tool of an automated information and telecommunications system are determined. Present a variant of application of the proposed methodological approach on the example of multifunctional firewalls.

Information security governance as key performance indicator for financial institutions

2009 ◽  
Vol 38 (38) ◽  
pp. 161-167 ◽  
Author(s):  
Dmitry Kryukov ◽  
Raimonds Strauss
Keyword(s):  
Information Security ◽  
Financial Performance ◽  
Financial Institutions ◽  
Performance Indicators ◽  
Performance Indicator ◽  
Financial Institution ◽  
Key Performance Indicator ◽  
Security Governance ◽  
Stakeholder Groups ◽  
Information Security Governance

Information security governance as key performance indicator for financial institutions Due to their nature financial institutions and their performance are in constant focus of attention from different stakeholder groups. These groups according to their functions and interests are implementing different sets of key performance indicators for financial institution performance assessment. In the proposed paper authors present a hypothesis of information security governance being a financial institution key performance indicator. Authors provide high level overview of existing situation in key performance indicator domain for financial institutions. The overview of stakeholder groups interested in financial institution performance management is provided. In the same way as corporate governance is treated as financial and operational performance reflecting and influencing factor, information security governance as a component of corporate governance, according to authors' opinion, should be treated as key performance indicator for financial institutions. In the paper the most indicative financial performance indicators as well as their calculation methods are defined for financial institutions. The paper contains overview of information security assessment models and researches in this field. Authors have chosen information security maturity model to use in testing hypothesis. The paper contains description of calculation methodology for financial performance indicators and information security maturity indicators. The hypothesis has been proved performing analysis of correlation between calculated financial performance indicators and information security governance model indicators for chosen Latvian financial institutions.

scholarly journals GROUND OF BASIC ECONOMIC INDICATORS OF EFFECTIVENESS OF MACHINEBUILDING ENTERPRISES

2017 ◽  
Vol 19 (1(63)) ◽  
pp. 244-251
Author(s):  
O.V. Riabkova
Keyword(s):  
Monitoring System ◽  
Performance Indicators ◽  
Business Performance ◽  
Business Processes ◽  
Performance Indicator ◽  
Methodological Approach ◽  
Three Dimensional ◽  
Machine Building ◽  
Economic Indicators ◽  
The Individual

The main objectives of the article are to determine the main economic indicators of the effectiveness of machinebuilding enterprises in the monitoring system. To optimize, you need to know what is wrong or ineffective, so it is necessary to measure various aspects of business processes that reflect the performance of the enterprise. To do this, use the monitoring system of economic performance indicators of the enterprise. So in the article existing approaches to evaluating business performance and results analysis using their validity are generalized. the criteria of evaluation of integral index of effectiveness of machine-building enterprise are certain, and also his components that is determined by basic business processes and business processes of development. The partial indicators of effectiveness are considered in the context of three-dimensional criterion format "cost - time - quality". The criteria for indicators of the individual components and the integral performance indicator based on typical Harrington scale intervals are defined and meet the following levels: high, sufficient, satisfactory, inadequate and critical level. Evaluating the effectiveness of the proposed methodological approach provides a basis for defining a list of existing problems and providing substantiated proposals for the implementation of corrective and / or preventive measures aimed at improving the company's performance. Using such an assessment will provide managers with the opportunity to receive regular analytical information to monitor the performance of the enterprise, assess the relevance of the company's current activities to strategic goals and prospects of development, timely response to organizational changes. Prospects for further research, we see in determining the ratio of proposed performance indicators to the traditional economic indicators of machine-building enterprises.

IRISK METHOD FOR SECURITY ESTIMATION OF THE SIMULATION POLYGON FOR THE PROTECTION OF CRITICAL INFORMATION RESOURCES

2019 ◽  
Author(s):  
Bogdan Korniyenko ◽  
Lilia Galata
Keyword(s):  
Risk Assessment ◽  
Information System ◽  
Information Security ◽  
Risk Analysis ◽  
Information Resources ◽  
Security System ◽  
Assessment System ◽  
Automated System ◽  
Information Risk ◽  
Critical Information

In this article, the research of information system protection by ana­ ly­ zing the risks for identifying threats for information security is considered. Information risk analysis is periodically conducted to identify information security threats and test the information security system. Currently, various information risk analysis techni­ ques exist and are being used, the main difference being the quantitative or qualitative risk assessment scales. On the basis of the existing methods of testing and evaluation of the vulnerabilities for the automated system, their advantages and disadvantages, for the possibility of further comparison of the spent resources and the security of the information system, the conclusion was made regarding the deter­ mi­ nation of the optimal method of testing the information security system in the context of the simulated polygon for the protection of critical information resources. A simula­ tion ground for the protection of critical information resources based on GNS3 application software has been developed and implemented. Among the considered methods of testing and risk analysis of the automated system, the optimal iRisk methodology was identified for testing the information security system on the basis of the simulated. The quantitative method Risk for security estimation is considered. Generalized iRisk risk assessment is calculated taking into account the following parameters: Vulnerabili­ ty  — vulnerability assessment, Threat — threat assessment, Control — assessment of security measures. The methodology includes a common CVSS vul­ nerability assessment system, which allows you to use constantly relevant coefficients for the calculation of vulnerabilities, as well as have a list of all major vulnerabilities that are associated with all modern software products that can be used in the automated system. The known software and hardware vulnerabilities of the ground are considered and the resistance of the built network to specific threats by the iRisk method is calculated.

Hospital Informatization in China During the COVID-19 Pandemic: A Cross-Sectional Internet-Based Survey Study (Preprint)

2020 ◽  
Author(s):  
Ke Zeng ◽  
Weiguo Zhu ◽  
Caiyou Wang ◽  
Liyan Zhu
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Medical Information ◽  
Survey Study ◽  
Chinese Government ◽  
Qr Code ◽  
Cross Sectional ◽  
Network Information ◽  
Tertiary Hospitals ◽  
The Impact

BACKGROUND The rapid spread of COVID-19 has created a severe challenge to China’s healthcare system. Hospitals across the country reacted quickly under the leadership of the Chinese government and implemented a range of informatization measures to effectively respond to the COVID-19. OBJECTIVE To understand the impact of the pandemic on the medical business of Chinese hospitals and the difficulties faced by hospital informatization construction. To discuss the application of hospital informatization measures during the COVID-19 pandemic. To summarize the practical experience of hospitals using information technology to fight the pandemic. METHODS Performing a cross-sectional on-line questionnaire survey in Chinese hospitals, of which the participants are invited including hospital information staff, hospital administrators, medical staff, etc. Statistical analyzing the collected data by using SPSS version 24. RESULTS A total of 804 valid questionnaires (88.45%) are collected in this study from 30 provinces in mainland China, of which 731 (90.92%) were filled out by hospital information staff. 473 (58.83%) hospitals are tertiary hospitals while the remaining 331 (41.17%) are secondary hospitals. The majority hospitals (82.46%) had a drop in their business volume during the pandemic and a more substantial drop is found in tertiary hospitals. 70.40% (n=566) of hospitals have upgraded or modified their information systems in response to the epidemic. The proportion of tertiary hospitals that upgraded or modified systems is significantly higher than that of secondary hospitals. Internet hospital consultation (70.52%), pre-check and triage (62.56%), telemedicine (60.32%), health QR code (57.71%), and telecommuting (50.87%) are the most used informatization anti-pandemic measures. There are obvious differences in the application of information measures between tertiary hospitals and secondary hospitals. Among these measures, most of them (41.17%) are aiming at serving patients and most of them (62.38%) are universal which continue to be used after pandemic. The informatization measures are mostly used to control the source of infection (48.19%), such as health QR Code, etc. During the pandemic, the main difficulties faced by the hospital information department are “information construction projects are hindered” (58.96%) and “increased difficulty in ensuring network information security” (58.58%). There are significant differences in this issue between tertiary hospitals and secondary hospitals. The shortcomings of hospital informatization that should be made up for are “shorten patient consultation time and optimize consultation process” (72.51%), “Ensure network information security” (72.14%) and “build internet hospital consultations platform” (59.95%). CONCLUSIONS A significant number of innovative medical information technology have been used and played a significant role in all phases of COVID-19 prevention and control in China. Since the COVID-19 brought many challenges and difficulties for informatization work, hospitals need to constantly improve their own information technology skills to respond to public health emergencies that arise at any moment.

Integrating Performance Indicator Into the Audit Process Safety Management System

2005 ◽  
Vol 5 (2) ◽  
pp. 161
Author(s):  
C. R. Che Hassan ◽  
M. J. Pitt ◽  
A. J. Wilday
Keyword(s):  
Performance Indicators ◽  
Management System ◽  
Feedback Loop ◽  
Safety Management ◽  
Performance Indicator ◽  
Process Safety ◽  
Audit Process ◽  
Safety Management System ◽  
Audit System ◽  
Similar Elements

The development of the audit method has included the identification of possible performance indicators at each level of the sociotechnical pyramid for a range of areas of work in which accidents have been shown to occur most frequently. The measurementof performance indicators is part of a feedback loop which causes safety improvements. Integration of performance indicators into the audit system has been tested at three operating chemical industries in Terengganu and Selangor in Malaysia. A summary of the weaknesses of the similar elements identified in the three audited plants is presented. Analysis on the approach used enables the identification of deficiencies in safety management aspects. Keywords: Accidents, audit, deficiencies, performance indicators, safety management, and sociotechnical pyramid.

A Security Power Defense System Based on Cloud Computing

2014 ◽  
Vol 701-702 ◽  
pp. 919-922
Author(s):  
Hong Fei Xu ◽  
Si Rui Pang ◽  
Jian Wen Du ◽  
Xue Mei Li
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Information Network ◽  
Secondary System ◽  
Network Systems ◽  
Network Scheduling ◽  
Network Partition ◽  
Network Information ◽  
System Information ◽  
Set Up

A system includes three power information security defense line is constructed, to achieve the information network, information outside the network, scheduling data network depth protection. According to the information security protection requirements, starting from the overall structure of information systems, taking into account the information system to schedule production system as the core, based on independent research and development of core information security isolation unit, set up three lines of defense in the power of information systems, electricity secondary system, information network systems, information systems outside the network partition protection.

Sign in / Sign up

Export Citation Format

Share Document