Information Security Risk Propagation Model Based on the SEIR Infectious Disease Model for Smart Grid

With the high integration of smart grid information and physical systems, the security of information systems must affect the safe and stable operation of physical systems. Risk assessment is an effectual means to objectively evaluate the information security threats of the smart grid. However, the existing risk assessment methods are aim at solving the threat of security risks in communication networks and information systems in the smart grid, but there is no in-depth study on how the spread of information security risks between information systems and physical systems in the smart grid. Therefore, based on the traditional infectious disease transmission theory, the information security risk propagation model based on the Susceptible–Exposed–Infected–Recovered (SEIR) infectious disease model for smart grid (ISRP-SEIRIDM) is proposed in this paper. In ISRP-SEIRIDM, we analyze the information interaction between information collection devices and define the connection of nature and the security risks between the information collection devices in the smart grid. At the same time, we also study the impact of the number of information acquisition devices and information interaction capabilities of these devices on the speed of security risk transmission between information systems and physics systems in the smart grid and the maximum risk range. Experimental results show that the risk propagation range can be significantly reduced by optimizing the data interaction capability and information transmission path between information collection devices in the smart grid; when a probability from a susceptible state to an exposed state reduces by 0.15, the maximum spread and average spread of security risk will be reduced by 7% and 1.96%, respectively.

Download Full-text

Information Security Risk Assessment of Smart Grid Based on Absorbing Markov Chain and SPA

International Journal of Emerging Electric Power Systems ◽

10.1515/ijeeps-2014-0123 ◽

2014 ◽

Vol 15 (6) ◽

pp. 527-532 ◽

Cited By ~ 4

Author(s):

Zhang Jianye ◽

Zeng Qinshun ◽

Song Yiyang ◽

Li Cunbin

Keyword(s):

Risk Assessment ◽

Markov Chain ◽

Information Security ◽

Smart Grid ◽

Risk Index ◽

Security Risk ◽

Security Risks ◽

Information Security Risk ◽

Security Risk Assessment ◽

Smart Grid Information Security

Abstract To assess and prevent the smart grid information security risks more effectively, this paper provides risk index quantitative calculation method based on absorbing Markov chain to overcome the deficiencies that links between system components were not taken into consideration and studies mostly were limited to static evaluation. The method avoids the shortcomings of traditional Expert Score with significant subjective factors and also considers the links between information system components, which make the risk index system closer to the reality. Then, a smart grid information security risk assessment model on the basis of set pair analysis improved by Markov chain was established. Using the identity, discrepancy, and contradiction of connection degree to dynamically reflect the trend of smart grid information security risk and combining with the Markov chain to calculate connection degree of the next period, the model implemented the smart grid information security risk assessment comprehensively and dynamically. Finally, this paper proves that the established model is scientific, effective, and feasible to dynamically evaluate the smart grid information security risks.

Download Full-text

Knowledge Transfer in Information Security Capacity Building for Community-Based Organizations

International Journal of Knowledge Management ◽

10.4018/ijkm.2015100104 ◽

2015 ◽

Vol 11 (4) ◽

pp. 52-69 ◽

Cited By ~ 1

Author(s):

Janine L. Spears ◽

Tonia San Nicolas-Rocca

Keyword(s):

Service Learning ◽

Information Security ◽

Knowledge Transfer ◽

Initial Study ◽

Security Risk ◽

Security Risks ◽

Community Based ◽

Services Sector ◽

Community Based Organizations ◽

Study Results

Community-based organizations (CBOs) in the health and human services sector handle very sensitive client information, such as psychiatric, HIV testing, criminal justice, and financial records. With annual revenue often in the range of $1 to $10 million, these organizations typically lack the financial, labor, and technical resources to identify and manage information security risks within their environment. Therefore, information security risk assessments were conducted at CBOs as part of a university service learning course intended to ultimately improve security within participating CBOs. Knowledge transfer between trainees and trainers is essential in order for security improvements to be realized. Therefore, this paper constructs a theoretical model of knowledge transfer that is used as a lens through which to examine initial study results of the CBO interventions as part of an exploratory study.

Download Full-text

INFORMATION SECURITY MANAGEMENT STRATEGY ANALYSIS USING SYSTEM DYNAMICS MODELING

JOURNAL ASRO ◽

10.37875/asro.v9i2.81 ◽

2018 ◽

Vol 9 (2) ◽

pp. 107

Author(s):

Arie Marbandi ◽

Ahmadi Ahmadi ◽

Adi Bandono ◽

Okol S Suharyo

Keyword(s):

Information Systems ◽

Information Security ◽

System Dynamics ◽

Security Management ◽

Security Risk ◽

Dynamics Modeling ◽

Strategy Analysis ◽

Information Security Management ◽

Security Costs ◽

Alternative Choice

Handling information security management is an absolute thing to do for organizations that have information systems to support the organization's operations. Information systems consisting of assets both software and hardware that manage data and information that are spread over networks and the internet, make it vulnerable to threats. Therefore investment and costs are needed to secure it. Costs incurred for this need are not small, but investment expenditures and information security costs carried out need serious handling to be more effective and on target. The System Dynamics Model is used to evaluate alternative strategies to demonstrate the effectiveness of investment and the cost of managing information security through simulation of policy changes. System Dynamics are methods for describing models and systems analysis that are dynamic and complex, consisting of variables that influence each other in the form of causal relationships and feedback between variables that are either reinforcing or giving balance. Simulation using a dynamic system model in this study illustrates that the management of risk assessment followed by vulnerability reduction efforts has a very large impact on the management of information security. By making a difference in the value of security tools investment, this provides an alternative choice in information security risk management investments to achieve the effectiveness of the overall costs incurred in managing information security

Download Full-text

Analysis and identification of ways to reduce critical information security risks

Modern information security ◽

10.31673/2409-7292.2020.042832 ◽

2020 ◽

Vol 44 (4) ◽

Author(s):

M. M. Zaporozhchenko ◽

Keyword(s):

Risk Management ◽

Information Security ◽

Acceptable Level ◽

Security Risk ◽

Security Risks ◽

Critical Information ◽

Information Security Risk ◽

Information Assets ◽

Security Risk Management

One of the key requirements for the protection of an organization's information assets is to ensure proper information security risk management. In the process of risk management, they should be identified, assessed, analyzed and processed in order to change the value of risk to an acceptable level. The article proposes to consider ways to reduce information risks that may be caused by critical categories of threats and vulnerabilities.

Download Full-text

Development of an E-Healthcare Information Security Risk Assessment Method

Journal of Database Management ◽

10.4018/jdm.2013010103 ◽

2013 ◽

Vol 24 (1) ◽

pp. 36-57 ◽

Cited By ~ 6

Author(s):

June Wei ◽

Binshan Lin ◽

Meiga Loho-Noya

Keyword(s):

Risk Factors ◽

Information Security ◽

Information Flow ◽

Assessment Method ◽

Assessment Model ◽

Risk Level ◽

Security Risk ◽

Security Risks ◽

Healthcare Information ◽

Information Security Risk

This paper developed a method to assess information security risks in e-healthcare. Specifically, it first developed a static E-Healthcare Information Security Risk (EHISR) model to present thirty-three security risk factors by identifying information security threats and their sources in e-healthcare. Second, a dynamic E-Healthcare Information Flow (EHIF) model was developed to logically link these information risk factors in the EHISR model. Pattern analysis showed that information security risks could be classified into two levels, and versatility analysis showed that the overall security risks for eight information flows were close with a range from 55% to 86%. Third, one quantifiable approach based on a relative-weighted assessment model was developed to demonstrate how to assess the information security risks in e-healthcare. This quantitative security risk measurement establishes a reference point for assessing e-healthcare security risks and assists managers in selecting a reliable information flow infrastructure with a lower security risk level.

Download Full-text

Information Security Risk Analysis

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch190 ◽

2008 ◽

pp. 2849-2864

Author(s):

Sanjay Goel ◽

Damira Pon

Keyword(s):

Information Systems ◽

Information Security ◽

Risk Analysis ◽

Teaching Hospital ◽

Information Science ◽

Business And Society ◽

Security Risk ◽

Security Breaches ◽

Operational Information ◽

Nature Of Information

There is a strong need for information security education, which stems from the pervasiveness of information technology in business and society. Both government departments and private industries depend on information systems, as information systems are widespread across all business functions. Disruption of critical operational information systems can have serious financial impacts. According to a CSI/FBI report (2004), losses from security breaches have risen rapidly in recent years and exceeded $200 million in 2003. The information security field is very diverse and combines disciplines such as computer science, business, information science, engineering, education, psychology, criminal justice, public administration, law, and accounting. The broad interdisciplinary nature of information security requires several specialists to collaboratively teach the curriculum and integrate different perspectives and teaching styles into a cohesivedelivery. This chapter presents a pedagogical model based on a “teaching hospital” concept that addresses the issues introduced above. By using a specific information-risk-analysis case, the chapter highlights the basic concept of the teaching hospital and its application in teaching and learning contexts.

Download Full-text

Genre-Based Approach to Assessing Information and Knowledge Security Risks

International Journal of Knowledge Management ◽

10.4018/ijkm.2014040102 ◽

2014 ◽

Vol 10 (2) ◽

pp. 13-27 ◽

Cited By ~ 3

Author(s):

Ali Mohammad Padyab ◽

Tero Päivärinta ◽

Dan Harnesk

Keyword(s):

Risk Assessment ◽

Information Security ◽

Assessment Method ◽

Organizational Dynamics ◽

Future Research ◽

Security Risk ◽

Security Risks ◽

Risk Assessment Method ◽

Information Security Risk ◽

Security Risk Assessment

Contemporary methods for assessing information security risks have adopted mainly technical views on information and technology assets. Organizational dynamics of information management and knowledge sharing have gained less attention. This article outlines a new, genre-based, approach to information security risk assessment in order to orientate toward organization- and knowledge-centric identification and analysis of security risks. In order to operationalize the genre-based approach, we suggest the use of a genre-based analytical method for identifying organizational communication patterns through which organizational knowledge is shared. The genre-based method is then complemented with tasks and techniques from a textbook risk assessment method (OCTAVE Allegro). We discuss the initial experiences of three experienced information security professionals who tested the method. The article concludes with implications of the genre-based approach to analyzing information and knowledge security risks for future research and practice.

Download Full-text

Fire Risk Assessment Procedure of Underground Commercial Street Based on Infectious Disease Model

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.663.17 ◽

2013 ◽

Vol 663 ◽

pp. 17-20 ◽

Cited By ~ 2

Author(s):

Hua Xie ◽

Xu Zhang ◽

Hui Chang Niu

Keyword(s):

Infectious Disease ◽

Risk Assessment ◽

Risk Model ◽

Disease Model ◽

Fire Risk ◽

Propagation Model ◽

Fire Prevention ◽

Assessment Procedure ◽

Infectious Disease Model ◽

Commercial Street

The fire risks of spreading trends and spreading processes of Underground Commercial Street were digitalized in this work combining with the analog of the ‘infection propagation’ model, and a dynamic fire risk model was established with the consideration of fire risk flow. This investigation will provide effective data support for the initial planning, designing and fire prevention in various stages of Underground Commercial Street.

Download Full-text