Fuzzy Risk Assessment Method for Airborne Network Security Based on AHP-TOPSIS

With the exponential increase in information security risks,ensuring the safety of aircraft heavily relies on the accurate performance of risk assessment.However,experts possess a limited understanding of fundamental security elements,such as assets,threats,and vulnerabilities,due to the confidentiality of airborne networks,resulting in cognitive uncertainty.Therefore,the Pythagorean fuzzy Analytic Hierarchy Process(AHP)Technique for Order Preference by Similarity to an Ideal Solution(TOPSIS)is proposed to address the expert cognitive uncertainty during information security risk assessment for airborne networks.First,Pythagorean fuzzy AHP is employed to construct an index system and quantify the pairwise comparison matrix for determining the index weights,which is used to solve the expert cognitive uncertainty in the process of evaluating the index system weight of airborne networks.Second,Pythagorean fuzzy the TOPSIS to an Ideal Solution is utilized to assess the risk prioritization of airborne networks using the Pythagorean fuzzy weighted distance measure,which is used to address the cognitive uncertainty in the evaluation process of various indicators in airborne network threat scenarios.Finally,a comparative analysis was conducted.The proposed method demonstrated the highest Kendall coordination coefficient of 0.952.This finding indicates superior consistency and confirms the efficacy of the method in addressing expert cognition during information security risk assessment for airborne networks.

Conceivable Security Risks and Authentication Techniques for Smart Devices: A Comparative Evaluation of Security Practices

With the rapidly escalating use of smart devices and fraudulent transaction of users＇ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques.

Security Model for Cloud Computing: Case Report of Organizational Vulnerability

Cloud computing services have quickly become a mainstay in business, leading to success as a business model and numerous advantages from the client’s point of view. Ease and amount of storage and computational services provisions were not previously accessible or affordable. However, parallel to this explosion has been significant security risk concerns. Thus, it is important to understand and define these security risks in a cybersecurity framework. This paper will take a case study approach to approach past security risks and propose a model that can be followed by organizations to eliminate the risk of Cloud-related cyberattacks. The main aims of this systematic literature review (SLR) are to (1) address security risks/vulnerabilities that can target cloud environments, (2) define tools that can be used by organizations to defend their cloud environment against those security risks/vulnerabilities, and (3) analyze case studies of significant cyberattacks and provide recommendations for organizations to mitigate such cyberattacks. This paper will propose a novel cloud cybersecurity model from a two-pronged offensive and defensive perspective for implementation by organizations to enhance their security infrastructure.

Flaws in the Field of Digital Security in the Workplace: Case of Companies in Burkina Faso

Digital in the daily life of companies undeniably leads them to use services and applications of all kinds. Companies in their permanent quest for the exchange of information devote themselves to the use of the Internet which nowadays constitutes an open door for the birth of several types of faults, some of which are unknown to certain digital professionals in the field. Corporate. The purpose of this research is to show the probable existence of digital security flaws in the daily activities carried out by companies in Burkina Faso. In companies in Burkina Faso, we seem to see a way of working that does not respect the standards and safety standards prescribed by ISO 27001. We seem to see a way of working based on the result of the gain and not on the securities measures and integrity of critical data, data confidentiality, management and prevention of possible security risks related to their activities. We seem to be witnessing in companies the immanent presence of faults which could be the work of the users of the system, of the infrastructure used which is outdated or badly configured, of software anomalies linked to programming errors, and to poor implementation of the security policy within the companies. This research is important because it exposes the handicaps that companies have in terms of digital security. The expected result is to bring out existing flaws that are not taken seriously by IT staff and propose possible solutions to overcome these security risks.

Optimization of Secure Coding Practices in SDLC as Part of Cybersecurity Framework

Cybersecurity is a global goal that is central to national security planning in many countries.One of the most active research fields is design of practices for the development of so-called highly secure software as a kind of protection and reduction of the risks from cyber threats.The use of a secure software product in a real environment enables the reduction of the vulnerability of the system as a whole.It would be logical to find the most optimal solution for the integration of secure coding in the classic SDLC(software development life cycle).This paper aims to suggest practices and tips that should be followed for secure coding,in order to avoid cost and time overruns because of untimely identification of security issues.It presents the implementation of secure coding practices in software development,and showcases several real-world scenarios from different phases of the SDLC,as well as mitigation strategies.The paper covers techniques for SQL injection mitigation,authentication management for staging environments,and access control verification using JSON Web Tokens.

Comprehensive security risk factor identification for small reservoirs with heterogeneous data based on grey relational analysis model

Identification of security risk factors for small reservoirs is the basis for implementation of early warning systems.The manner of identification of the factors for small reservoirs is of practical significance when data are incomplete.The existing grey relational models have some disadvantages in measuring the correlation between categorical data sequences.To this end,this paper introduces a new grey relational model to analyze heterogeneous data.In this study,a set of security risk factors for small reservoirs was first constructed based on theoretical analysis,and heterogeneous data of these factors were recorded as sequences.The sequences were regarded as random variables,and the information entropy and conditional entropy between sequences were measured to analyze the relational degree between risk factors.Then,a new grey relational analysis model for heterogeneous data was constructed,and a comprehensive security risk factor identification method was developed.A case study of small reservoirs in Guangxi Zhuang Autonomous Region in China shows that the model constructed in this study is applicable to security risk factor identification for small reservoirs with heterogeneous and sparse data.

Security Risk Assessment of Cyber Physical Power System Based on Rough Set and Gene Expression Programming

Risk assessment is essential for the safe and reliable operation of cyber physical power system. Traditional security risk assessment methods do not take integration of cyber system and physical system of power grid into account. In order to solve this problem, security risk assessment algorithm of cyber physical power system based on rough set and gene expression programming is proposed. Firstly, fast attribution reduction based on binary search algorithm is presented. Secondly, security risk assessment function for cyber physical power system is mined based on gene expression programming. Lastly, security risk levels of cyber physical power system are predicted and analyzed by the above function model. Experimental results show that security risk assessment function model based on the proposed algorithm has high efficiency of function mining, accuracy of security risk level prediction and strong practicality.

Hesitant Fuzzy-Sets Based Decision-Making Model for Security Risk Assessment

Security is an important component in the process of developing healthcare web applications.We need to ensure security maintenance;therefore the analysis of healthcare web application’s security risk is of utmost importance.Properties must be considered to minimise the security risk.Additionally,security risk management activities are revised,prepared,implemented,tracked,and regularly set up efficiently to design the security of healthcare web applications.Managing the security risk of a healthcare web application must be considered as the key component.Security is,in specific,seen as an add-on during the development process of healthcare web applications,but not as the key problem.Researchers must ensure that security is taken into account right from the earlier developmental stages of the healthcare web application.In this row,the authors of this study have used the hesitant fuzzy-based AHP-TOPSIS technique to estimate the risks of various healthcare web applications for improving security-durability.This approach would help to design and incorporate security features in healthcare web applications that would be able to battle threats on their own,and not depend solely on the external security of healthcare web applications.Furthermore,in terms of healthcare web application’s security-durability,the security risk variable is measured,and vice versa.Hence,the findings of our study will also be useful in improving the durability of several web applications in healthcare.

Resource Allocation for Network Security Risk Assessment：A Non-Cooperative Differential Game Based Approach

In this paper, we propose a non-cooperative differential game theory based resource allocation approach for the network security risk assessment. For the risk assessment, the resource will be used for risk assess, including response cost and response negative cost. The whole assessment process is considered as a differential game for optimal resource control. The proposed scheme can be obtained through the Nash Equilibrium. It is proved that the game theory based algorithm is applicable and the optimal resource level can be achieved based on the proposed algorithm.

Security Risk Prevention and Control Deployment for 5G Private Industrial Networks

In this paper,we investigate and analyze the network security risks faced by 5G private industrial networks.Based on current network security architecture and 3GPP requirements and considering the actual application of 5G private industrial networks,a comparative analysis is used to plan and design a private network security construction scheme.The network security construction model,network organization,and key processes of 5G private industrial networks at the current stage are investigated.In addition,the key direction for the next stage of construction is discussed.

Risk assessment of water security in Haihe River Basin during drought periods based on D-S evidence theory

The weights of the drought risk index （DRI）, which linearly combines the reliability, resiliency, and vulnerability, are difficult to obtain due to complexities in water security during drought periods. Therefore, drought entropy was used to determine the weights of the three critical indices. Conventional simulation results regarding the risk load of water security during drought periods were often regarded as precise. However, neither the simulation process nor the DRI gives any consideration to uncertainties in drought events. Therefore, the Dempster-Shafer （D-S） evidence theory and the evidential reasoning algorithm were introduced, and the DRI values were calculated with consideration of uncertainties of the three indices. The drought entropy and evidential reasoning algorithm were used in a case study of the Haihe River Basin to assess water security risks during drought periods. The results of the new DRI values in two scenarios were compared and analyzed. It is shown that the values of the DRI in the D-S evidence algorithm increase slightly from the original results of Zhang et al. （2005）, and the results of risk assessment of water security during drought periods are reasonable according to the situation in the study area. This study can serve as a reference for further practical application and planning in the Haihe River Basin, and other relevant or similar studies.

Estimating Security Risk of Healthcare Web Applications: A Design Perspective

In the recent years,the booming web-based applications have attracted the hackers’community.The security risk of the web-based hospital management system(WBHMS)has been increasing rapidly.In the given context,the main goal of all security professionals and website developers is to maintain security divisions and improve on the user’s confidence and satisfaction.At this point,the different WBHMS tackle different types of security risks.In WBHMS,the security of the patients’medical information is of utmost importance.All in all,there is an inherent security risk of data and assets in the field of the medical industry as a whole.The objective of this study is to estimate the security risk assessment of WBHMS.The risks assessment pertains to securing the integrity of the information in alignment with the Health Insurance Portability and Accountability Act.This includes protecting the relevant financial records,as well as the identification,evaluation,and prevention of a data breach.In the past few years,according to the US-based cyber-security firm Fire-eye,6.8 million data thefts have been recorded in the healthcare sector in India.The breach barometer report mentions that in the year 2019,the data breaches found were up to 48.6%as compared to the year 2018.Therefore,it is very important to assess the security risk in WBHMS.In this research,we have followed the hybrid technique fuzzy analytic hierarchy process-technique for order of preference by similarity to ideal solution(F-AHPTOPSIS)approach to assess the security risk in WBHMS.The place of this empirical database is at the local hospital of Varanasi,U.P.,India.Given the affectability of WBHMS for its board framework,this work has used diverse types of web applications.The outcomes obtained and the procedure used in this assessment would support future researchers and specialists in organizing web applications through advanced support of safety and security.

Impact of Human Vulnerabilities on Cybersecurity

Today,security is a major challenge linked with computer network companies that cannot defend against cyber-attacks.Numerous vulnerable factors increase security risks and cyber-attacks,including viruses,the internet,communications,and hackers.Internets of Things(IoT)devices are more effective,and the number of devices connected to the internet is constantly increasing,and governments and businesses are also using these technologies to perform business activities effectively.However,the increasing uses of technologies also increase risks,such as password attacks,social engineering,and phishing attacks.Humans play a major role in the field of cybersecurity.It is observed that more than 39%of security risks are related to the human factor,and 95%of successful cyber-attacks are caused by human error,with most of them being insider threats.The major human factor issue in cybersecurity is a lack of user awareness of cyber threats.This study focuses on the human factor by surveying the vulnerabilities and reducing the risk by focusing on human nature and reacting to different situations.This study highlighted that most of the participants are not experienced with cybersecurity threats and how to protect their personal information.Moreover,the lack of awareness of the top three vulnerabilities related to the human factor in cybersecurity,such as phishing attacks,passwords,attacks,and social engineering,are major problems that need to be addressed and reduced through proper awareness and training.

Construction of Public Security Risk Governance System under the View of Risk Society Theory

With the development of economy,China has to fight against the increasing public security risk. The theory of risk society points out that the traditional system of hierarchical management should be transformed into the governance system led by government and participated in by multiple parties to avoid and reduce risk in modern society. In order to achieve modernization of the national governance system and capacity,we have to deal with these two important subjects,that is,what can we learn from the Western risk society theory and how to establish a scientific and efficient public security risk management system based on the characteristics of modern public security risk.

Security Risk Analysis Model for Identification and Resolution System of Industrial Internet

Identification and resolution system of the industrial Internet is the“neural hub”of the industrial Internet for coordination.Catastrophic damage to the whole industrial Internet industry ecology may be caused if the identification and resolution system is attacked.Moreover,it may become a threat to national security.Therefore,security plays an important role in identification and resolution system of the industrial Internet.In this paper,an innovative security risk analysis model is proposed for the first time,which can help control risks from the root at the initial stage of industrial Internet construction,provide guidance for related enterprises in the early design stage of identification and resolution system of the industrial Internet,and promote the healthy and sustainable development of the industrial identification and resolution system.

Identification of Key Links in Electric Power Operation Based-Spatiotemporal Mixing Convolution Neural Network

As the scale of the power system continues to expand,the environment for power operations becomes more and more complex.Existing risk management and control methods for power operations can only set the same risk detection standard and conduct the risk detection for any scenario indiscriminately.Therefore,more reliable and accurate security control methods are urgently needed.In order to improve the accuracy and reliability of the operation risk management and control method,this paper proposes a method for identifying the key links in the whole process of electric power operation based on the spatiotemporal hybrid convolutional neural network.To provide early warning and control of targeted risks,first,the video stream is framed adaptively according to the pixel changes in the video stream.Then,the optimized MobileNet is used to extract the feature map of the video stream,which contains both time-series and static spatial scene information.The feature maps are combined and non-linearly mapped to realize the identification of dynamic operating scenes.Finally,training samples and test samples are produced by using the whole process image of a power company in Xinjiang as a case study,and the proposed algorithm is compared with the unimproved MobileNet.The experimental results demonstrated that the method proposed in this paper can accurately identify the type and start and end time of each operation link in the whole process of electric power operation,and has good real-time performance.The average accuracy of the algorithm can reach 87.8%,and the frame rate is 61 frames/s,which is of great significance for improving the reliability and accuracy of security control methods.

Risk assessment of agricultural green water security in Northeast China under climate change

Northeast China is an important base for grain production,dominated by rain-fed agriculture that relies on green water.However,in the context of global climate change,rising regional temperatures,changing precipitation patterns,and increasing drought frequency pose threats and challenges to agricultural green water security.This study provides a detailed assessment of the spatiotemporal characteristics and development trends of green water security risks in the Northeast region under the base period(2001-2020)and the future(2031-2090)climate change scenarios(SSP245 and SSP585)using the green water scarcity(GWS)index based on raster-scale crop spatial distribution data,Delta downscaling bias-corrected ERA5 data,and CMIP6 multimodal data.During the base period,the green water risk-free zone for dry crops is mainly distributed in the center and east of the Northeast region(72.4% of the total area),the low-risk zone is primarily located in the center(14.0%),and the medium-risk(8.3%)and high-risk(5.3%)zones are mostly in the west.Under SSP245 and SSP585 future climate change scenarios,the green water security risk shows an overall expansion from the west to the center and east,with the low-risk zone increasing to 21.6% and 23.8%,the medium-risk zone increasing to 16.0% and 17.9%,and the high-risk zone increasing to 6.9% and 6.8%,respectively.Considering dry crops with GWS greater than 0.1 as in need of irrigation,the irrigated area increases from 27.6%(base period)to 44.5%(SSP245)and 48.6%(SSP585),with corresponding increases in irrigation water requirement(IWR)of 4.64 and 5.92 billion m~3,respectively,which further exacerbates conflicts between supply and demand of agricultural water resources.In response to agricultural green water security risks,coping strategies such as evapotranspiration(ET)-based water resource management for dry crops and deficit irrigation are proposed.The results of this study can provide scientific basis and decision support for the development of Northeast irrigated agriculture and the construction planning of the national water network.

Towards an integrated risk analysis security framework according to a systematic analysis of existing proposals

The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets.The availability of these systems is now vital for the protection and evolution of companies.However,several factors have led to an increasing need for more accurate risk analysis approaches.These are:the speed at which technologies evolve,their global impact and the growing requirement for companies to collaborate.Risk analysis processes must consequently adapt to these new circumstances and new technological paradigms.The objective of this paper is,therefore,to present the results of an exhaustive analysis of the techniques and methods offered by the scientific community with the aim of identifying their main weaknesses and providing a new risk assessment and management process.This analysis was carried out using the systematic review protocol and found that these proposals do not fully meet these new needs.The paper also presents a summary of MARISMA,the risk analysis and management framework designed by our research group.The basis of our framework is the main existing risk standards and proposals,and it seeks to address the weaknesses found in these proposals.MARISMA is in a process of continuous improvement,as is being applied by customers in several European and American countries.It consists of a risk data management module,a methodology for its systematic application and a tool that automates the process.

How Does the Internet Impact the Public's Perception of Information Security Risk?

Clarifying the relationship between internet use and public information security risk perception helps us gain a better understanding of the factors influencing public risk perception.However,the relationship is still under-explored.This paper empirically examines the relationship between internet use and information security risk perception based on data from the 2021 Chinese Social Survey.It was found that whether to use the internet and the frequency of use are both significantly positively correlated with the perception of information security risk.On this basis,the mechanism by which internet use affects public information security risk perceptions is verified from the perspective of interpersonal trust.The mechanism analysis found that interpersonal trust exerts an indirect effect between internet use and perceived information security risk.The findings of this study provide new insights for our further understanding of how internet use affects residents'perceptions of securityrisk.