A Bayesian networks-based security risk analysis model for information systems integrating the observed cases with expert experience

There is a strong need for information security education, which stems from the pervasiveness of information technology in business and society. Both government departments and private industries depend on information systems, as information systems are widespread across all business functions. Disruption of critical operational information systems can have serious financial impacts. According to a CSI/FBI report (2004), losses from security breaches have risen rapidly in recent years and exceeded $200 million in 2003. The information security field is very diverse and combines disciplines such as computer science, business, information science, engineering, education, psychology, criminal justice, public administration, law, and accounting. The broad interdisciplinary nature of information security requires several specialists to collaboratively teach the curriculum and integrate different perspectives and teaching styles into a cohesivedelivery. This chapter presents a pedagogical model based on a “teaching hospital” concept that addresses the issues introduced above. By using a specific information-risk-analysis case, the chapter highlights the basic concept of the teaching hospital and its application in teaching and learning contexts.

Download Full-text

Physical and logical Security Risk Analysis model

2011 Carnahan Conference on Security Technology ◽

10.1109/ccst.2011.6095895 ◽

2011 ◽

Cited By ~ 1

Author(s):

Koldo Pecina ◽

Alfonso Bilbao ◽

Enrique Bilbao

Keyword(s):

Risk Analysis ◽

Security Risk ◽

Analysis Model

Download Full-text

Credit Risk Analysis Model in Microfinance Institutions in Peru Through the use of Bayesian Networks

2019 Congreso Internacional de Innovación y Tendencias en Ingenieria (CONIITI ) ◽

10.1109/coniiti48476.2019.8960694 ◽

2019 ◽

Author(s):

Eduardo Alarcon Morales ◽

Brian Mora Ramos ◽

Jimmy Armas Aguirre ◽

David Mauricio Sanchez

Keyword(s):

Risk Analysis ◽

Bayesian Networks ◽

Credit Risk ◽

Microfinance Institutions ◽

Analysis Model ◽

Credit Risk Analysis

Download Full-text

A Probabilistic Estimation Model for Information Systems Security Risk Analysis

2009 International Conference on Management and Service Science ◽

10.1109/icmss.2009.5303998 ◽

2009 ◽

Cited By ~ 1

Author(s):

Nan Feng ◽

Jing Xie ◽

Deying Fang

Keyword(s):

Information Systems ◽

Risk Analysis ◽

Security Risk ◽

Information Systems Security ◽

Estimation Model ◽

Probabilistic Estimation ◽

Systems Security

Download Full-text

An Investigation Of Organizational Information Security Risk Analysis

Journal of Service Science (JSS) ◽

10.19030/jss.v3i2.368 ◽

2010 ◽

Vol 3 (2) ◽

Cited By ~ 1

Author(s):

Zack Jourdan ◽

R. Kelly Rainer, Jr. ◽

Thomas E. Marshall ◽

F. Nelson Ford

Keyword(s):

Information Systems ◽

Information Security ◽

Risk Analysis ◽

Security Threats ◽

Security Risk ◽

Current State ◽

Policies And Procedures ◽

Organizational Information ◽

Quantitative Results ◽

Information Security Risk

Despite a growing number and variety of information security threats, many organizations continue to neglect implementing information security policies and procedures. The likelihood that an organization’s information systems can fall victim to these threats is known as information systems risk (Straub & Welke, 1998). To combat these threats, an organization must undergo a rigorous process of self-analysis. To better understand the current state of this information security risk analysis (ISRA) process, this study deployed a questionnaire using both open-ended and closed ended questions administered to a group of information security professionals (N=32). The qualitative and quantitative results of this study show that organizations are beginning to conduct regularly scheduled ISRA processes. However, the results also show that organizations still have room for improvement to create idyllic ISRA processes.

Download Full-text

Cyber Security Risk Analysis Model Composed with Activity-quality and Architecture Model

Proceedings of the International Conference on Computer, Networks and Communication Engineering (ICCNCE 2013) ◽

10.2991/iccnce.2013.151 ◽

2013 ◽

Cited By ~ 5

Author(s):

Jinsoo Shin ◽

Hanseong Son ◽

Gyunyoung Heo

Keyword(s):

Risk Analysis ◽

Cyber Security ◽

Security Risk ◽

Analysis Model ◽

Architecture Model

Download Full-text

Information Security Risk Analysis

Tools for Teaching Computer Networking and Hardware Concepts ◽

10.4018/978-1-59140-735-5.ch010 ◽

2011 ◽

pp. 179-200

Author(s):

Sanjay Goel ◽

Damira Pon

Keyword(s):

Information Systems ◽

Information Security ◽

Risk Analysis ◽

Teaching Hospital ◽

Information Science ◽

Business And Society ◽

Security Risk ◽

Security Breaches ◽

Operational Information ◽

Nature Of Information

There is a strong need for information security education, which stems from the pervasiveness of information technology in business and society. Both government departments and private industries depend on information systems, as information systems are widespread across all business functions. Disruption of critical operational information systems can have serious financial impacts. According to a CSI/FBI report (2004), losses from security breaches have risen rapidly in recent years and exceeded $200 million in 2003. The information security field is very diverse and combines disciplines such as computer science, business, information science, engineering, education, psychology, criminal justice, public administration, law, and accounting. The broad interdisciplinary nature of information security requires several specialists to collaboratively teach the curriculum and integrate different perspectives and teaching styles into a cohesivedelivery. This chapter presents a pedagogical model based on a “teaching hospital” concept that addresses the issues introduced above. By using a specific information-risk-analysis case, the chapter highlights the basic concept of the teaching hospital and its application in teaching and learning contexts.

Download Full-text

Towards Ontological Approach to Security Risk Analysis of Information System

International Journal of Secure Software Engineering ◽

10.4018/ijsse.2016070101 ◽

2016 ◽

Vol 7 (3) ◽

pp. 1-25

Author(s):

Oluwasefunmi ‘Tale Arogundade ◽

Olusola Adeniran ◽

Zhi Jin ◽

Yang Xiaoguang

Keyword(s):

Information System ◽

Risk Analysis ◽

Banking System ◽

Security Risk ◽

Analysis Model ◽

Agent Based ◽

Ontological Approach ◽

Operational Lifetime ◽

Analysis System ◽

Events Data

Resource allocation decisions can be enhanced by performing risk assessment during the early development phase. In order to improve and maintain the security of the Information System (IS, hereafter), there is need to build risk analysis model that can dynamically analyze threat data collected during the operational lifetime of the IS. In this paper the authors propose an ontological approach to accomplishing this goal. They present analyzer model and architecture, an agent-based risk analysis system (ARAS) which gathers identified threats events, probe them and correlates those using ontologies. It explores both quantitative and qualitative risk analysis techniques using real events data for probability predictions of threats based on an existing designed security ontology. To validate the feasibility of the approach a case study on e-banking system has been conducted. Simulated IDS output serves as input into the risk analysis system. The authors used JADE to implement the agents, protégé OWL to create the ontology and ORACLE 11g SQL developer for the database. Optimistic results were obtained.

Download Full-text