An Approach for Intentional Modeling of Web Services Security Risk Assessment

In this chapter, we provide a conceptual modeling approach for Web services security risk assessment that is based on the identification and analysis of stakeholder intentions. There are no similar approaches for modeling Web services security risk assessment in the existing pieces of literature. The approach is, thus, novel in this domain. The approach is helpful for performing means-end analysis, thereby, uncovering the structural origin of security risks in WS, and how the root-causes of such risks can be controlled from the early stages of the projects. The approach addresses “why” the process is the way it is by exploring the strategic dependencies between the actors of a security system, and analyzing the motivations, intents, and rationales behind the different entities and activities in constituting the system.

Download Full-text

An Approach for Intentional Modeling of Web Services Security Risk Assessment

Web Services Security Development and Architecture ◽

10.4018/978-1-60566-950-2.ch015 ◽

2011 ◽

pp. 295-308

Author(s):

C. Misra Subhas ◽

Kumar Vinod ◽

Kumar Uma

Keyword(s):

Risk Assessment ◽

Web Services ◽

Conceptual Modeling ◽

Security System ◽

Security Risk ◽

Security Risks ◽

Early Stages ◽

Modeling Approach ◽

Web Services Security ◽

Security Risk Assessment

In this chapter, we provide a conceptual modeling approach for Web services security risk assessment that is based on the identification and analysis of stakeholder intentions. There are no similar approaches for modeling Web services security risk assessment in the existing pieces of literature. The approach is, thus, novel in this domain. The approach is helpful for performing means-end analysis, thereby, uncovering the structural origin of security risks in WS, and how the root-causes of such risks can be controlled from the early stages of the projects. The approach addresses “why” the process is the way it is by exploring the strategic dependencies between the actors of a security system, and analyzing the motivations, intents, and rationales behind the different entities and activities in constituting the system.

Download Full-text

Study on Risk Assessment of Network Security Based on Game Theory

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.181-182.799 ◽

2011 ◽

Vol 181-182 ◽

pp. 799-803

Author(s):

Yan Li Xu ◽

Ling Ling Wang

Keyword(s):

Risk Assessment ◽

Game Theory ◽

Network Security ◽

Detection System ◽

Comparative Method ◽

Security System ◽

Security Risk ◽

Protective Mechanisms ◽

Game Analysis ◽

Security Risk Assessment

to strengthen the network security and to enhance the accuracy of the network security risk assessment, the essay conducts game analysis to the security system of protective mechanisms. Using the basic theory of games and the analytical and comparative method, and raising the network security and physical model for the security system, this process will protect and improve the network security. At the aspect of setting the model, we did not rely on the traditional game theory, but creatively set behavior of the game for a large number of players for the limit logos of groups in the model, and paid more attention to the detection system to reach a state of stability. Analysis shows that the proposed models and the method are feasible and effective.

Download Full-text

Genre-Based Approach to Assessing Information and Knowledge Security Risks

International Journal of Knowledge Management ◽

10.4018/ijkm.2014040102 ◽

2014 ◽

Vol 10 (2) ◽

pp. 13-27 ◽

Cited By ~ 3

Author(s):

Ali Mohammad Padyab ◽

Tero Päivärinta ◽

Dan Harnesk

Keyword(s):

Risk Assessment ◽

Information Security ◽

Assessment Method ◽

Organizational Dynamics ◽

Future Research ◽

Security Risk ◽

Security Risks ◽

Risk Assessment Method ◽

Information Security Risk ◽

Security Risk Assessment

Contemporary methods for assessing information security risks have adopted mainly technical views on information and technology assets. Organizational dynamics of information management and knowledge sharing have gained less attention. This article outlines a new, genre-based, approach to information security risk assessment in order to orientate toward organization- and knowledge-centric identification and analysis of security risks. In order to operationalize the genre-based approach, we suggest the use of a genre-based analytical method for identifying organizational communication patterns through which organizational knowledge is shared. The genre-based method is then complemented with tasks and techniques from a textbook risk assessment method (OCTAVE Allegro). We discuss the initial experiences of three experienced information security professionals who tested the method. The article concludes with implications of the genre-based approach to analyzing information and knowledge security risks for future research and practice.

Download Full-text

Analysing Information Security Risk Ontologies

International Journal of Systems and Software Security and Protection ◽

10.4018/ijsssp.2020010101 ◽

2020 ◽

Vol 11 (1) ◽

pp. 1-16

Author(s):

Ines Meriah ◽

Latifa Ben Arfa Rabai

Keyword(s):

Risk Assessment ◽

Research Work ◽

Security Risk ◽

Security Risks ◽

Security Models ◽

Information Security Risk ◽

Security Compliance ◽

Security Risk Assessment ◽

Security Standards

This research work presents existing security ontologies and identifies relevant security ontology requirements in information systems. Moreover, it proposes a new classification of security ontologies in which, two main families, namely ontologies-based security standards and ontologies-based security risk assessment, are defined. For each family, a set of related research works is selected and a thorough description of their security ontologies is presented. The purpose of this analysis is to identify security ontology requirements as well as ontological characteristics for each study in order to help a security decision maker to select an ontology based off of their security risks and requirements as well as their needed security models and standards. By selecting the appropriate ontology, security stakeholders support security compliance and risk assessment in an enterprise.

Download Full-text

Information Security Risk Assessment of Smart Grid Based on Absorbing Markov Chain and SPA

International Journal of Emerging Electric Power Systems ◽

10.1515/ijeeps-2014-0123 ◽

2014 ◽

Vol 15 (6) ◽

pp. 527-532 ◽

Cited By ~ 4

Author(s):

Zhang Jianye ◽

Zeng Qinshun ◽

Song Yiyang ◽

Li Cunbin

Keyword(s):

Risk Assessment ◽

Markov Chain ◽

Information Security ◽

Smart Grid ◽

Risk Index ◽

Security Risk ◽

Security Risks ◽

Information Security Risk ◽

Security Risk Assessment ◽

Smart Grid Information Security

Abstract To assess and prevent the smart grid information security risks more effectively, this paper provides risk index quantitative calculation method based on absorbing Markov chain to overcome the deficiencies that links between system components were not taken into consideration and studies mostly were limited to static evaluation. The method avoids the shortcomings of traditional Expert Score with significant subjective factors and also considers the links between information system components, which make the risk index system closer to the reality. Then, a smart grid information security risk assessment model on the basis of set pair analysis improved by Markov chain was established. Using the identity, discrepancy, and contradiction of connection degree to dynamically reflect the trend of smart grid information security risk and combining with the Markov chain to calculate connection degree of the next period, the model implemented the smart grid information security risk assessment comprehensively and dynamically. Finally, this paper proves that the established model is scientific, effective, and feasible to dynamically evaluate the smart grid information security risks.

Download Full-text

Information Security Risk Assessment

Encyclopedia ◽

10.3390/encyclopedia1030050 ◽

2021 ◽

Vol 1 (3) ◽

pp. 602-617

Author(s):

Ievgeniia Kuzminykh ◽

Bogdan Ghita ◽

Volodymyr Sokolov ◽

Taimur Bakhshi

Keyword(s):

Risk Assessment ◽

Information System ◽

Information Security ◽

Management Practices ◽

Security Risk ◽

Security Risks ◽

Information Security Risk ◽

Security Risk Assessment ◽

The Cost ◽

Cost Of Protection

Information security risk assessment is an important part of enterprises’ management practices that helps to identify, quantify, and prioritize risks against criteria for risk acceptance and objectives relevant to the organization. Risk management refers to a process that consists of identification, management, and elimination or reduction of the likelihood of events that can negatively affect the resources of the information system to reduce security risks that potentially have the ability to affect the information system, subject to an acceptable cost of protection means that contain a risk analysis, analysis of the “cost-effectiveness” parameter, and selection, construction, and testing of the security subsystem, as well as the study of all aspects of security.

Download Full-text

Genre-Based Approach to Assessing Information and Knowledge Security Risks

Transportation Systems and Engineering ◽

10.4018/978-1-4666-8473-7.ch063 ◽

2015 ◽

pp. 1237-1253

Author(s):

Ali Mohammad Padyab ◽

Tero Päivärinta ◽

Dan Harnesk

Keyword(s):

Risk Assessment ◽

Information Security ◽

Assessment Method ◽

Organizational Dynamics ◽

Future Research ◽

Security Risk ◽

Security Risks ◽

Risk Assessment Method ◽

Information Security Risk ◽

Security Risk Assessment

Contemporary methods for assessing information security risks have adopted mainly technical views on information and technology assets. Organizational dynamics of information management and knowledge sharing have gained less attention. This article outlines a new, genre-based, approach to information security risk assessment in order to orientate toward organization- and knowledge-centric identification and analysis of security risks. In order to operationalize the genre-based approach, we suggest the use of a genre-based analytical method for identifying organizational communication patterns through which organizational knowledge is shared. The genre-based method is then complemented with tasks and techniques from a textbook risk assessment method (OCTAVE Allegro). We discuss the initial experiences of three experienced information security professionals who tested the method. The article concludes with implications of the genre-based approach to analyzing information and knowledge security risks for future research and practice.

Download Full-text

Security and Privacy Requirements Engineering

Cyber Law, Privacy, and Security ◽

10.4018/978-1-5225-8897-9.ch083 ◽

2019 ◽

pp. 1711-1729 ◽

Cited By ~ 1

Author(s):

Nancy R. Mead ◽

Saeed Abu-Nimeh

Keyword(s):

Risk Assessment ◽

Requirements Engineering ◽

Security Requirements ◽

Security And Privacy ◽

Future Research ◽

Security Risk ◽

Security Risks ◽

Privacy Requirements ◽

Assessment Techniques ◽

Security Risk Assessment

Security requirements engineering identifies security risks in software in the early stages of the development cycle. In this chapter, the authors present the SQUARE security requirements method. They integrate privacy requirements into SQUARE to identify privacy risks in addition to security risks. They then present a privacy elicitation technique and subsequently combine security risk assessment techniques with privacy risk assessment techniques. The authors discuss prototype tools that have been developed to support SQUARE for security and privacy as well as recent workshops that have focused on additional results in the security and privacy requirements area. Finally, the authors suggest future research and case studies needed to further contribute to early lifecycle activities that will address security and privacy-related issues.

Download Full-text

Assessment of Security Risks in Railway Transport using the Fuzzy Logical Deduction Method

Communications - Scientific letters of the University of Zilina ◽

10.26552/com.c.2020.2.79-87 ◽

2020 ◽

Vol 22 (2) ◽

pp. 79-87

Author(s):

Libor Hadacek ◽

Lenka Sivakova ◽

Radovan Sousek ◽

Mikael Zeegers

Keyword(s):

Risk Assessment ◽

High Speed ◽

Security Risk ◽

Railway Transport ◽

Security Risks ◽

The Czech Republic ◽

Logical Deduction ◽

Management Experience ◽

Security Risk Assessment ◽

Fuzzy Logical

The aim of the paper is to inform about the possibilities of using a fuzzy logical deduction in security practice. The fuzzy logic deduction allows to record the management experience in IF - THEN rules and does not require a precise description of the parameters of the controlled function. This property is an important asset for risk assessment in an incompletely defined environment. The application of the method is demonstrated in the security risk assessment of the physical protection of the national railway with a focus on the corridor railway lines and with regard to the future construction of high-speed railway lines in the Czech Republic. At present, it is a generally accepted fact that securing basic transport functions is a prerequisite for successful crisis management. These functions can be specified as road and rail negotiability.

Download Full-text