Digital Innovation Risk Management Model of Discrete Manufacturing Enterprise Based on Big Data Analysis

At present, most risk management work mainly relies on manpower, and manpower relies on the professional knowledge of relevant skilled workers to discover hidden safety risks in production activities. This article combines relevant big data theories and 4V characteristics to analyze and investigate safety production and big data, study data structure, data source and data type. Using 5W1H scientific big data and applications, this analysis method analyzes the theoretical basis, applications and beneficiaries of big data related to safety production, some of which are application links and important theoretical issues. Secondly, it studies the security risk management model based on big data, proposes a risk management model based on big data, the technical basis of big data and the idea of a three-dimensional model, and applies the systematic space method, which is reflected in three aspects of risk management. In the end, a risk identification model based on big data, a risk assessment classification model, and a risk early warning and pre-control model are defined.

Application of Bayesian network in risk assessment for website deployment scenarios

Abstract—The rapid development of web-based systems in the digital transformation era has led to a dramatic increase in the number and the severity of cyber-attacks. Current attack prevention solutions such as system monitoring, security testing and assessment are installed after the system has been deployed, thus requiring more cost and manpower. In that context, the need to assess cyber security risks before the deployment of web-based systems becomes increasingly urgent. This paper introduces a cyber security risk assessment mechanism for web-based systems before deployment. We use the Bayesian network to analyze and quantify the cyber security risks posed by threats to the deployment components of a website. First, the deployment components of potential website deployment scenarios are considered assets, so that their properties are mapped to specific vulnerabilities or threats. Next, the vulnerabilities or threats of each deployment component will be assessed according to the considered risk criteria in specific steps of a deployment process. The risk assessment results for deployment components are aggregated into the risk assessment results for their composed deployment scenario. Based on these results, administrators can compare and choose the least risky deployment scenario. Tóm tắt—Sự phát triển mạnh mẽ của các hệ thống trên nền tảng web trong công cuộc chuyển đổi số kéo theo sự gia tăng nhanh chóng về số lượng và mức độ nguy hiểm của các cuộc tấn công mạng. Các giải pháp phòng chống tấn công hiện nay như theo dõi hoạt động hệ thống, kiểm tra và đánh giá an toàn thông tin mạng được thực hiện khi hệ thống đã được triển khai, do đó đòi hỏi chi phí và nhân lực thực hiện lớn. Trong bối cảnh đó, nhu cầu đánh giá rủi ro an toàn thông tin mạng cho các hệ thống website trước khi triển khai thực tế trở nên cấp thiết. Bài báo này giới thiệu một cơ chế đánh giá rủi ro an toàn thông tin mạng cho các hệ thống website trước khi triển khai thực tế. Chúng tôi sử dụng mạng Bayes để phân tích và định lượng rủi ro về an toàn thông tin do các nguồn đe dọa khác nhau gây ra trên các thành phần triển khai của một website. Đầu tiên, các thành phần triển khai của các kịch bản triển khai website tiềm năng được mô hình hoá dưới dạng các tài sản, sao cho các thuộc tính của chúng đều được ánh xạ với các điểm yếu hoặc nguy cơ cụ thể. Tiếp đó, các điểm yếu, nguy cơ của từng thành phần triển khai sẽ được đánh giá theo các tiêu chí rủi ro đang xét tại mỗi thời điểm cụ thể trong quy trình triển khai. Kết quả đánh giá của các thành phần triển khai được tập hợp lại thành kết quả đánh giá hệ thống trong một kịch bản cụ thể. Căn cứ vào kết quả đánh giá rủi ro, người quản trị có thể so sánh các kịch bản triển khai tiềm năng với nhau để lựa chọn kịch bản triển khai ít rủi ro nhất.

Physical Layer Components Security Risks in Optical Fiber Infrastructures

Optical fiber communications are essential for all types of long- and short-distance transmissions. The aim of this paper is to analyze the previously presented security risks and, based on measurements, provide the risk level evaluation. The major risk is the possibility of inserting a splitter into the optical distribution network and capturing a portion of the entire spectrum, i.e., all channels in the optical fiber. Another significant security risk is crosstalk on multiplexers in networks with wavelength division multiplexing. The paper covers the macrobend attenuation evaluation of fiber and back-reflection measurements. Based on the measurements, risks were evaluated for both point-to-point and point-to-multipoint networks and, lastly, the paper covers crosstalk measurements of an optomechanical switch. Finally, all individual risks are evaluated according to the severity, and a proposal for risk minimization is provided.

The Precautionary Principles of the Potential Risks of Compound Events in Danish Municipalities

The risk of compound events describes potential weather and climate events in which the combination of multiple drivers and hazards consolidate, resulting in extreme socio-economic impacts. Compound events affecting exposed societies can therefore be deemed a crucial security risk. Designing appropriate preparation proves difficult, as compound events are rarely documented. This paper explores the understanding and practices of climate risk management related to compound events in specific Danish municipalities vulnerable to flood hazards (i.e., Odense, Hvidovre, and Vejle). These practices illuminate that different understandings of compound events steer risk attitudes and consequently decisions regarding the use of different policy instruments. Through expert interviews supported by policy documents, we found that the municipalities understand compound events as either a condition or situation and develop precautionary strategies to some extent. Depending on their respective geographical surroundings, they observe compound events either as no clear trend (Odense), a trend to be critically watched (Hvidovre), or already as a partial reality (Vejle). They perceive flood drivers and their combinations as major physical risks to which they adopt different tailor-made solutions. By choosing a bottom-up approach focusing on local governance structures, it demonstrated that the mismatch between responsibility and capacity and the ongoing separation of services related to climatic risks in the Danish municipality context need to be critically considered. The findings highlight that the complex challenge of compound events cannot be solved by one (scientific) discipline alone. Thus, the study advocates a broader inclusion of scientific practices and increased emphasis on local focus within compound event research to foster creative thinking, better preparation, and subsequently more effective management of their risks.

Why Bitcoin Will Fail to Scale?

Bitcoin falls dramatically short of the scale provided by banks for payments. Currently, its ledger grows by the addition of blocks of ∼2,000 transactions every 10 minutes. Intuitively, one would expect that increasing the block capacity would solve this scaling problem. However, we show that increasing the block capacity would be futile. We analyze strategic interactions of miners, who are heterogeneous in their power over block addition, and users, who are heterogeneous in the value of their transactions, using a game-theoretic model. We show that a capacity increase can facilitate large miners to tacitly collude—artificially reversing back the capacity via strategically adding partially filled blocks in order to extract economic rents. This strategic partial filling crowds out low-value payments. Collusion is sustained if the smallest colluding miner has a share of block addition power above a lower bound. We provide empirical evidence of such strategic partial filling of blocks by large miners of Bitcoin. We show that a protocol design intervention can breach the lower bound and eliminate collusion. However, this also makes the system less secure. On the one hand, collusion crowds out low-value payments; on the other hand, if collusion is suppressed, security threatens high-value payments. As a result, it is untenable to include a range of payments with vastly different outside options, willingness to bear security risk, and delay onto a single chain. Thus, we show economic limits to the scalability of Bitcoin. Under these economic limits, collusive rent extraction acts as an effective mechanism to invest in platform security and build responsiveness to demand shocks. These traits are otherwise hard to attain in a disintermediated setting owing to the high cost of consensus. This paper was accepted by Kartik Hosanagar, information systems.

Rank-based risk target data analysis using digital twin on oil pipeline network based on manifold learning

Oil and Gas Pipeline (OGP) projects face a wide scope of wellbeing and security Risk Factors (RFs) all around the world, especially in the oil and gas delivering nations having influencing climate and unsampled data. Lacking data about the reasons for pipeline risk predictor and unstructured data about the security of the OGP prevent endeavors of moderating such dangers. This paper, subsequently, means to foster a risk analyzing framework in view of a comprehensive methodology of recognizing, dissecting and positioning the related RFs, and assessing the conceivable pipeline characteristics. Hazard Mitigation Methods (HMMs), which are the initial steps of this approach. A new methodology has been created to direct disappointment investigation of pinhole erosion in pipelines utilizing the typical pipeline risk strategy and erosion climate reenactments during a full life pattern of the pipeline. Hence in the proposed work, manifold learning with rank based clustering algorithm is incorporated with the cloud server for improved data analysis. The probability risk rate is identified from the burst pressure by clustering the normal and leak category to improve the accuracy of the prediction system experimented on the lab-scale oil pipeline system. The numerical results like auto-correlation, periodogram, Laplace transformed P-P Plot are utilized to estimate the datasets restructured by the manifold learning approach. The obtained experimental results shows that the cloud server datasets are clustered with rank prioritization to make proactive decision in faster manner by distinguishing labelled and unlabeled pressure attributes.

IoT information theft prediction using ensemble feature selection

The recent years have seen a proliferation of Internet of Things (IoT) devices and an associated security risk from an increasing volume of malicious traffic worldwide. For this reason, datasets such as Bot-IoT were created to train machine learning classifiers to identify attack traffic in IoT networks. In this study, we build predictive models with Bot-IoT to detect attacks represented by dataset instances from the Information Theft category, as well as dataset instances from the data exfiltration and keylogging subcategories. Our contribution is centered on the evaluation of ensemble feature selection techniques (FSTs) on classification performance for these specific attack instances. A group or ensemble of FSTs will often perform better than the best individual technique. The classifiers that we use are a diverse set of four ensemble learners (Light GBM, CatBoost, XGBoost, and random forest (RF)) and four non-ensemble learners (logistic regression (LR), decision tree (DT), Naive Bayes (NB), and a multi-layer perceptron (MLP)). The metrics used for evaluating classification performance are area under the receiver operating characteristic curve (AUC) and Area Under the precision-recall curve (AUPRC). For the most part, we determined that our ensemble FSTs do not affect classification performance but are beneficial because feature reduction eases computational burden and provides insight through improved data visualization.

A SEEC Model Based on the DPSIR Framework Approach for Watershed Ecological Security Risk Assessment: A Case Study in Northwest China

The DPSIR model is a conceptual model established by the European Environment Agency to solve environmental problems. It provides an overall framework for analysis of environmental problems from five aspects: driving force (D), pressure (P), state (S), impact (I), and response (R). Through use of the DPSIR model framework, this paper presents the SEEC model approach for evaluating watershed ecological security. The SEEC model considers four aspects: socioeconomic impact (S), ecological health (E), ecosystem services function (E), and control management (C). Through screening, 38 evaluation indicators of the SEEC model were determined. The evaluation results showed that the ecological security index of the study area was >80, indicating a generally safe level. The lowest score was mainly attributable to the low rate of treatment of rural domestic sewage. The water quality status was used to evaluate the applicability of the SEEC model, and the calculation results indicated that the higher the score of the ecological security evaluation results, the better the water quality status. The findings show that the SEEC model demonstrates satisfactory applicability to evaluation of watershed ecological security.