A Bayesian Assessment Method of Network Risk

2014 ◽  
Vol 513-517 ◽  
pp. 1684-1687
Author(s):  
Ji Wen Huang ◽  
Zhi Long Deng
Keyword(s):  
Information Security ◽  
Bayesian Network ◽  
Network Inference ◽  
System Analysis ◽  
Expert Knowledge ◽  
Evaluation Process ◽  
Assessment Method ◽  
Security Assessment ◽  
Security Risk ◽  
Information Security Risk

Based on system analysis of information security risk factors and evaluation process, aiming at the uncertainty information is difficult to quantify the evaluation process, Bayesian network inference algorithm, and combined with the inference rules of conditional probability matrix is given by expert knowledge of Bayesian network, the evaluation model of information security risk. Finally an instance of the risk assessment approach on the model is analyzed which demonstrates the rationality and feasibility of this method. So it provides a new method for information security assessment.

scholarly journals Information Security Risk Assessment of Smartphones Using Bayesian Networks

2015 ◽  
Author(s):  
Kristian Herland ◽  
Heikki Hämmäinen ◽  
Pekka Kekolahti
Keyword(s):  
Risk Assessment ◽  
Information Security ◽  
Bayesian Networks ◽  
Bayesian Network ◽  
Network Model ◽  
Security Risk ◽  
Bayesian Network Model ◽  
Information Security Risk ◽  
Security Risk Assessment ◽  
Causal Bayesian Network

This study comprises an information security risk assessment of smartphone use in Finland using Bayesian networks. The primary research method is a knowledge-based approach to build a causal Bayesian network model of information security risks and consequences. The risks, consequences, probabilities and impacts are identified from domain experts in a 2-stage interview process with 8 experts as well as from existing research and statistics. This information is then used to construct a Bayesian network model which lends itself to different use cases such as sensitivity and scenario analysis. The identified risks’probabilities follow a long tail wherein the most probable risks include unintentional data disclosure, failures of device or network, shoulder surfing or eavesdropping and loss or theft of device. Experts believe that almost 50% of users share more information to other parties through their smartphones than they acknowledge or would be willing to share. This study contains several implications for consumers as well as indicates a clear need for increasing security awareness among smartphone users.  

Development of an E-Healthcare Information Security Risk Assessment Method

2013 ◽  
Vol 24 (1) ◽  
pp. 36-57 ◽  
Author(s):  
June Wei ◽  
Binshan Lin ◽  
Meiga Loho-Noya
Keyword(s):  
Risk Factors ◽  
Information Security ◽  
Information Flow ◽  
Assessment Method ◽  
Assessment Model ◽  
Risk Level ◽  
Security Risk ◽  
Security Risks ◽  
Healthcare Information ◽  
Information Security Risk

This paper developed a method to assess information security risks in e-healthcare. Specifically, it first developed a static E-Healthcare Information Security Risk (EHISR) model to present thirty-three security risk factors by identifying information security threats and their sources in e-healthcare. Second, a dynamic E-Healthcare Information Flow (EHIF) model was developed to logically link these information risk factors in the EHISR model. Pattern analysis showed that information security risks could be classified into two levels, and versatility analysis showed that the overall security risks for eight information flows were close with a range from 55% to 86%. Third, one quantifiable approach based on a relative-weighted assessment model was developed to demonstrate how to assess the information security risks in e-healthcare. This quantitative security risk measurement establishes a reference point for assessing e-healthcare security risks and assists managers in selecting a reliable information flow infrastructure with a lower security risk level.

Genre-Based Approach to Assessing Information and Knowledge Security Risks

2014 ◽  
Vol 10 (2) ◽  
pp. 13-27 ◽  
Author(s):  
Ali Mohammad Padyab ◽  
Tero Päivärinta ◽  
Dan Harnesk
Keyword(s):  
Risk Assessment ◽  
Information Security ◽  
Assessment Method ◽  
Organizational Dynamics ◽  
Future Research ◽  
Security Risk ◽  
Security Risks ◽  
Risk Assessment Method ◽  
Information Security Risk ◽  
Security Risk Assessment

Contemporary methods for assessing information security risks have adopted mainly technical views on information and technology assets. Organizational dynamics of information management and knowledge sharing have gained less attention. This article outlines a new, genre-based, approach to information security risk assessment in order to orientate toward organization- and knowledge-centric identification and analysis of security risks. In order to operationalize the genre-based approach, we suggest the use of a genre-based analytical method for identifying organizational communication patterns through which organizational knowledge is shared. The genre-based method is then complemented with tasks and techniques from a textbook risk assessment method (OCTAVE Allegro). We discuss the initial experiences of three experienced information security professionals who tested the method. The article concludes with implications of the genre-based approach to analyzing information and knowledge security risks for future research and practice.

An Information Security Risk Assessment Framework for Cloud Computing

2013 ◽  
Vol 756-759 ◽  
pp. 1469-1473
Author(s):  
Hong Chen
Keyword(s):  
Risk Assessment ◽  
Cloud Computing ◽  
Information Security ◽  
Assessment Method ◽  
Operating Efficiency ◽  
Assessment Framework ◽  
Security Risk ◽  
Information Security Risk ◽  
Significant Cost Reduction ◽  
Security Risk Assessment

Cloud computing has recently gained tremendous momentum because of the potential for significant cost reduction and the increased operating efficiency in computing. However along with these benefits come added security challenges. In this paper, we recommend enterprises assess the security risk of the cloud computing, discuss the standard information security risk assessment method and process and propose an information security risk assessment framework for cloud computing environments.

The Research of Information Security Risk Assessment Method Based on AHP

2011 ◽  
Vol 187 ◽  
pp. 575-580 ◽  
Author(s):  
Ning Xu ◽  
Dong Mei Zhao
Keyword(s):  
Risk Assessment ◽  
Network Security ◽  
Information Security ◽  
Hierarchical Model ◽  
Assessment Method ◽  
Security Risk ◽  
Ahp Method ◽  
Related Factors ◽  
Information Security Risk ◽  
Security Risk Assessment

Information security risk assessment is one important part of the security engineering in information system. It has been the focus of the research in the world wide information security fields. This paper designs and realizes a new model of information security risk assessment based on AHP method. In this case, In order to estimate the network security risk by AHP method, firstly should identify the most related factors and establish the threaten identification Hierarchical Model and Vulnerability Identification Hierarchical Model for information security risks. Then, compare every two elements to determine the relative importance of each element. Finally, judge the comprehensive weight for each element. The study of the case shows that the method can be easily used to the risk assessment of the network security. The results are in accord with the reality.

scholarly journals Automated Expert System Knowledge Base Development Method for Information Security Risk Analysis

2019 ◽  
Vol 14 (6) ◽  
pp. 743-758 ◽  
Author(s):  
Donatas Vitkus ◽  
Žilvinas Steckevičius ◽  
Nikolaj Goranin ◽  
Diana Kalibatienė ◽  
Antanas Čenys
Keyword(s):  
Expert System ◽  
Information Security ◽  
Risk Analysis ◽  
Knowledge Base ◽  
Expert Knowledge ◽  
Management Decision ◽  
Problem Solution ◽  
Security Risk ◽  
Development Method ◽  
Information Security Risk

Information security risk analysis is a compulsory requirement both from the side of regulating documents and information security management decision making process. Some researchers propose using expert systems (ES) for process automation, but this approach requires the creation of a high-quality knowledge base. A knowledge base can be formed both from expert knowledge or information collected from other sources of information. The problem of such approach is that experts or good quality knowledge sources are expensive. In this paper we propose the problem solution by providing an automated ES knowledge base development method. The method proposed is novel since unlike other methods it does not integrate ontology directly but utilizes automated transformation of existing information security ontology elements into ES rules: The Web Ontology Rule Language (OWL RL) subset of ontology is segregated into Resource Description Framework (RDF) triplets, that are transformed into Rule Interchange Format (RIF); RIF rules are converted into Java Expert System Shell (JESS) knowledge base rules. The experiments performed have shown the principal method applicability. The created knowledge base was later verified by performing comparative risk analysis in a sample company.

Sign in / Sign up

Export Citation Format

Share Document