The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
[Background] Security risk assessment methods in industry mostly use a tabular notation to represent the assessment results whilst academic works advocate graphical methods. Experiments with MSc students showed that the tabular notation is better than an iconic graphical notation for the comprehension of security risks. [Aim] We investigate whether the availability of textual labels and terse UML-style...
Supervisory control and data acquisition (SCADA) systems are the key driver for critical infrastructures and industrial facilities. Cyber-attacks to SCADA networks may cause equipment damage or even fatalities. Identifying risks in SCADA networks is critical to ensuring the normal operation of these industrial systems. In this paper we propose a Bayesian network-based cyber-security risk assessment...
We evaluated the support proposed by the RSO to represent graphically our EAM-ISSRM (Enterprise Architecture Management - Information System Security Risk Management) integrated model. The evaluation of the RSO visual notation has been done at two different levels: completeness with regards to the EAM-ISSRM integrated model (Section III) and cognitive effectiveness, relying on the nine principles...
Nowadays the importance of the term DevOps (Developer Operations) has increased around the world, and Mexico is not the exception. This paper describes the implementation of information security and risk management best practices in a DevOps approach established in a Data Center of a large government organization of Mexico. The DevOps approach with security and risk management practices was named...
Security/Safety is managed, mostly, by means of integrated systems which have to consider, more and more, sensors, devices, cameras, mobile terminals, wearable devices, etc. that use wireless networks, to ensure protection of people and/or tangible/intangible assets from voluntary attacks, allowing also the safe management of the related consequent emergency situations that can derive from the above...
Electricity represents the engine of contemporary society, but as demand continues to increase, production systems and distribution of electricity are becoming increasingly complex, vulnerable to various risks, which may cause a chain reaction, affecting the final consumer, related systems or even energy security of states. The subject of this paper is risk assessment in the critical infrastructure...
The article presents a use case evaluation of the robustness of a physical protection system for the Vodňany water tank, designated as a national critical infrastructure element. The evaluation will be performed based on three probable attack scenarios; the aim of these would be poisoning the drinking water source and intoxication of the population of the nearby city or destruction of the water tank...
Framing Internet of Things (IoT) applications as a System of Systems (SoS) can help us make sense of complexity associated with interoperability and emergence. However, assessing the risk of SoSs is a challenge due to the independence of component systems, and their differing degrees of control and emergence. This paper presents three components for SoS risk assessment that integrate with existing...
Security Risk Assessments (SRA) play a key role in the Security Development Lifecycle (SDL). At an early stage of the project, the SRA helps allocate security resources and identifies SDL requirements and activities. In this paper, we present key findings from a machine learning approach toward the SRA that seeks to learn from a database of previous product security risk assessments and associated...
This article discusses the assessment of the impact of the modern risk-based standards for ensuring the safety and security of Complex Industrial Facilities (CIF) of various industries. The focus pointed on the implementation the management systems based on PDCA cycle of safety process for CIF of fuel and energy complexes, including IT-Security. Furthermore, it is shown that the relevant applicability...
The article presents an overview of major problems of integrated management systems implementation, provides a discussion on various integration problems of target management systems, both in terms of integration among systems, as well as in terms of integration into overall organizational structure of the company. Problems recognition process provides means for proper practical ways to resolve them...
This article discusses aspects of the implementation and audit of the risk management system, implemented on the basis of modern standards for the enterprises of the oil and gas industry. Shows several practical examples of the implementation of the risk management process in the PDCA cycle proposed IMS model which contains all the basic entities to perform the audits (criteria, metrics, finding etc...
The security situation of China's futures industry is currently in good condition on the whole, with strong industrial competitiveness and control force, as well as low external dependency. However, under the new normal, there still exist some problems, such as fewer trading varieties of futures, irrational investor structure and the slow internationalization process and so on. So we must accelerate...
With advances and globalization of information technology such as big data and cloud computing, topics about potential risks with security vulnerabilities have been brought to the forefront. Considerable efforts have been made to estimate network security risk with an unlimited cycle of disclosed vulnerabilities in the form of threats or attacks and managements to migrate these risks. On the other...
Recent advances in Intrusion Risk Assessment (IRA) have brought promising solutions to enhance Intrusion Response Systems (IRS). However, current researches lack reasonable solutions to exploit system state information. Without the system state, the IRA results may suffer from the high false rate of Intrusion Detection Systems (IDS). To address this limitation, we propose a novel State-Aware Risk...
The safety of the persons in work environments is an open issue. The diffusion of smart solutions including Smart Work Environments has lead to new and enhanced approaches which consider the dynamic nature of such environments. Smart solutions use context information and adapt themselves based on the current context and needs at run-time. However, as traditional approaches have been proven to be effective,...
People are suffering from a range of risks in the ubiquitous networks of current world, such as rumours spreading in social networks, computer viruses propagating throughout the Internet and unexpected failures happened in Smart grids. We usually monitor only a few users of detecting various risks due to the resource constraints and privacy protection. This leads to a critical problem to detect compromised...
Threat propagation analysis is a valuable tool in improving the cyber resilience of enterprise networks. As these networks are interconnected and threats can propagate not only within but also across networks, a holistic view of the entire network can reveal threat propagation trajectories unobservable from within a single enterprise. However, companies are reluctant to share internal vulnerability...
In order to develop efficient and effective framework for managing any conflict between security and privacy Non-Functional requirements and to reduce risk impact in software system, the goals set by the stakeholders need to be ascertained, and then the modeling language, tools, implementation and validation procedures need to be altered accordingly. Overall, this research is aimed for constructing...
Massively Open Online Courses (MOOCs) provide a unique opportunity to reach out to students who would not normally be reached by alleviating the need to be physically present in the classroom. However, teaching software security coursework outside of a classroom setting can be challenging. What are the challenges when converting security material from an on-campus course to the MOOC format? The goal...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.