With the rapid expansion of e-commerce,its security and risk management problems become increasingly prominent.In the current business environment,the ability to understand and apply e-commerce security and risk manag...With the rapid expansion of e-commerce,its security and risk management problems become increasingly prominent.In the current business environment,the ability to understand and apply e-commerce security and risk management has become an important criterion to measure a good person.Therefore,the importance of e-commerce security and risk management courses in college education is self-evident.This course can not only help students master the basic knowledge of e-commerce,but also enable them to understand how to deal with various risks in practical work and ensure the safe operation of e-commerce.At the same time,through the study of e-commerce security and risk management,students can better understand the operation mode and law of e-commerce,and lay a solid foundation for their future career.In general,e-commerce security and risk management occupy an important position in the curriculum of colleges and universities,and play a crucial role in cultivating e-commerce professionals with practical operation ability and innovative thinking.展开更多
To guarantee a unified response to disasters, humanitarian organizations work together via the United Nations Office for the Coordination of Humanitarian Affairs (OCHA). Although the OCHA has made great strides to imp...To guarantee a unified response to disasters, humanitarian organizations work together via the United Nations Office for the Coordination of Humanitarian Affairs (OCHA). Although the OCHA has made great strides to improve its information management and increase the availability of accurate, real-time data for disaster and humanitarian response teams, significant gaps persist. There are inefficiencies in the emergency management of data at every stage of its lifecycle: collection, processing, analysis, distribution, storage, and retrieval. Disaster risk reduction and disaster risk management are the two main tenets of the United Nations’ worldwide plan for disaster management. Information systems are crucial because of the crucial roles they play in capturing, processing, and transmitting data. The management of information is seldom discussed in published works. The goal of this study is to employ qualitative research methods to provide insight by facilitating an expanded comprehension of relevant contexts, phenomena, and individual experiences. Humanitarian workers and OCHA staffers will take part in the research. The study subjects will be chosen using a random selection procedure. Online surveys with both closed- and open-ended questions will be used to compile the data. UN OCHA offers a structure for the handling of information via which all humanitarian actors may contribute to the overall response. This research will enable the UN Office for OCHA better gather, process, analyze, disseminate, store, and retrieve data in the event of a catastrophe or humanitarian crisis.展开更多
This research discusses the role of information security development (ISD) using organizational factors such as information security plans, information security awareness, perceived quality training programs, inform...This research discusses the role of information security development (ISD) using organizational factors such as information security plans, information security awareness, perceived quality training programs, information security policies and procedures, and organizational culture in effective information security management (ISM) implementation in the banks (a Nigerian case). This paper explores the existing literature and a proposed framework that consists of ISD such as information security plans, information security awareness, perceived quality training programs, information security policies and procedures, and organizational culture in ISM implementation. ISD factors are found to be statistically significant, because it motivates an organization to implement effective ISM in the banks. Hence, it could be said that the role of ISD practices in an effective implementation of ISM among banks in Nigeria will be of great value.展开更多
In this paper, online security warning and risk assessment of power grid are proposed, based on data from EMS (Energy Management System), combined with information of real-time operation state, component status and ...In this paper, online security warning and risk assessment of power grid are proposed, based on data from EMS (Energy Management System), combined with information of real-time operation state, component status and external operating environment. It combines the two factors, contingency likelihood and severity, that determine system reliability, into risk indices on different loads and operation modes, which provide precise evaluation of the power grid's security performance. According to these indices, it can know the vulnerable area of the system and whether the normal operating mode or repair mode is over-limited or not, and provide decision-making support for dispatchers. Common cause outages and equipment-aging are considered in terms of the establishment of outage model. Multiple risk indices are defined in order to reflect the risk level of the power grid more comprehensively.展开更多
With the exponential increase in information security risks,ensuring the safety of aircraft heavily relies on the accurate performance of risk assessment.However,experts possess a limited understanding of fundamental ...With the exponential increase in information security risks,ensuring the safety of aircraft heavily relies on the accurate performance of risk assessment.However,experts possess a limited understanding of fundamental security elements,such as assets,threats,and vulnerabilities,due to the confidentiality of airborne networks,resulting in cognitive uncertainty.Therefore,the Pythagorean fuzzy Analytic Hierarchy Process(AHP)Technique for Order Preference by Similarity to an Ideal Solution(TOPSIS)is proposed to address the expert cognitive uncertainty during information security risk assessment for airborne networks.First,Pythagorean fuzzy AHP is employed to construct an index system and quantify the pairwise comparison matrix for determining the index weights,which is used to solve the expert cognitive uncertainty in the process of evaluating the index system weight of airborne networks.Second,Pythagorean fuzzy the TOPSIS to an Ideal Solution is utilized to assess the risk prioritization of airborne networks using the Pythagorean fuzzy weighted distance measure,which is used to address the cognitive uncertainty in the evaluation process of various indicators in airborne network threat scenarios.Finally,a comparative analysis was conducted.The proposed method demonstrated the highest Kendall coordination coefficient of 0.952.This finding indicates superior consistency and confirms the efficacy of the method in addressing expert cognition during information security risk assessment for airborne networks.展开更多
This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends t...This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].展开更多
In today’s digitally driven landscape, robust Information Technology (IT) risk assessment practices are essential for safeguarding systems, digital communication, and data. This paper introduces “AssessITS,” an act...In today’s digitally driven landscape, robust Information Technology (IT) risk assessment practices are essential for safeguarding systems, digital communication, and data. This paper introduces “AssessITS,” an actionable method designed to provide organizations with comprehensive guidelines for conducting IT and cybersecurity risk assessments. Drawing extensively from NIST 800-30 Rev 1, COBIT 5, and ISO 31000, “AssessITS” bridges the gap between high-level theoretical standards and practical implementation challenges. The paper outlines a step-by-step methodology that organizations can simply adopt to systematically identify, analyze, and mitigate IT risks. By simplifying complex principles into actionable procedures, this framework equips practitioners with the tools needed to perform risk assessments independently, without too much reliance on external vendors. The guidelines are developed to be straightforward, integrating practical evaluation metrics that allow for the precise quantification of asset values, threat levels, vulnerabilities, and impacts on confidentiality, integrity, and availability. This approach ensures that the risk assessment process is not only comprehensive but also accessible, enabling decision-makers to implement effective risk mitigation strategies customized to their unique operational contexts. “AssessITS” aims to enable organizations to enhance their IT security strength through practical, actionable guidance based on internationally recognized standards.展开更多
Healthcare security and privacy breaches are occurring in the United States (US), and increased substantially during the pandemic. This paper reviews the National Institute of Standards and Technology (NIST) publicati...Healthcare security and privacy breaches are occurring in the United States (US), and increased substantially during the pandemic. This paper reviews the National Institute of Standards and Technology (NIST) publication base as an effective solution. The NIST Special Publication 800-66 Revision 1 was an essential standard in US healthcare, which was withdrawn in February 2024 and superseded by SP 800-66 Revision 2. This review investigates the academic papers concerning the application of the NIST SP 800-66 Revision 1 standard in the US healthcare literature. A systematic review method was used in this study to determine current knowledge gaps of the SP 800-66 Revision 1. Some limitations were employed in the search to enforce validity. A total of eleven articles were found eligible for the study. Consequently, this study suggests the necessity for additional academic papers pertaining to SP 800-66 Revision 2 in the US healthcare literature. In turn, it will enhance awareness of safeguarding electronic protected health information (ePHI), help to mitigate potential future risks, and eventually reduce breaches.展开更多
With the rapid development of network technology, the meaning of layers and attributes in respect of information system security must be extended based on the understanding of the concept of information system securit...With the rapid development of network technology, the meaning of layers and attributes in respect of information system security must be extended based on the understanding of the concept of information system security. The layering model (LM) of information system security and the five-attribute model (FAM) based on security factors were put forward to perfect the description and modeling of the information system security framework. An effective framework system of risk calculation and assessment was proposed, which is based on FAM.展开更多
In the recent years,the booming web-based applications have attracted the hackers’community.The security risk of the web-based hospital management system(WBHMS)has been increasing rapidly.In the given context,the mai...In the recent years,the booming web-based applications have attracted the hackers’community.The security risk of the web-based hospital management system(WBHMS)has been increasing rapidly.In the given context,the main goal of all security professionals and website developers is to maintain security divisions and improve on the user’s confidence and satisfaction.At this point,the different WBHMS tackle different types of security risks.In WBHMS,the security of the patients’medical information is of utmost importance.All in all,there is an inherent security risk of data and assets in the field of the medical industry as a whole.The objective of this study is to estimate the security risk assessment of WBHMS.The risks assessment pertains to securing the integrity of the information in alignment with the Health Insurance Portability and Accountability Act.This includes protecting the relevant financial records,as well as the identification,evaluation,and prevention of a data breach.In the past few years,according to the US-based cyber-security firm Fire-eye,6.8 million data thefts have been recorded in the healthcare sector in India.The breach barometer report mentions that in the year 2019,the data breaches found were up to 48.6%as compared to the year 2018.Therefore,it is very important to assess the security risk in WBHMS.In this research,we have followed the hybrid technique fuzzy analytic hierarchy process-technique for order of preference by similarity to ideal solution(F-AHPTOPSIS)approach to assess the security risk in WBHMS.The place of this empirical database is at the local hospital of Varanasi,U.P.,India.Given the affectability of WBHMS for its board framework,this work has used diverse types of web applications.The outcomes obtained and the procedure used in this assessment would support future researchers and specialists in organizing web applications through advanced support of safety and security.展开更多
The problem of perfectly secure communication has enjoyed considerable theoretical treatment over the last decades. Results in this area include the identification of multipath transmission as a necessary ingredient, ...The problem of perfectly secure communication has enjoyed considerable theoretical treatment over the last decades. Results in this area include the identification of multipath transmission as a necessary ingredient, as well as quantum key distribution (QKD), which can perfectly protect direct lines, Combining the advantages of the quantum and multipath transmission paradigm, as well as rigorously analyzing the security of such combined techniques, is possible by virtue of game-theory. Based on a game-theoretic measure of channel vulnerability, the authors prove the problem of setting up infrastructures for QKD-based multipath transmission to be NP-complete. The authors consider the problem in two flavors, both being computationally hard. Remarkably, the authors' results indicate that the P-vs-NP-question is only of minor effect for confidentiality, because either nowadays public-key cryptosystems remain secure (in case that P, NP) or infrastructures facilitating perfectly confidential communication can be constructed efficiently (in case that P = NP).展开更多
The investment strategy choice of state-owned commercial bank is related to its franchise value change information. This paper analyzes the franchise value change information of state-owned commercial bank. The franch...The investment strategy choice of state-owned commercial bank is related to its franchise value change information. This paper analyzes the franchise value change information of state-owned commercial bank. The franchise value change information shows that the franchise value of state-owned Commercial Bank is descending. Along with the descending of the franchise value, state-owned commercial bank strengthens its high risk investment motive when it chooses its investment strategy. State-owned commercial bank tends to run the high risk of investing securities because its investment variety is very sparse. Based on the theoretical principle of how to control securities investment risk, this paper proposes some countermeasures and suggestions that state-owned commercial bank strengthen the control of its securities investment risk in order to perfect its investment strategy.展开更多
Clarifying the relationship between internet use and public information security risk perception helps us gain a better understanding of the factors influencing public risk perception.However,the relationship is still...Clarifying the relationship between internet use and public information security risk perception helps us gain a better understanding of the factors influencing public risk perception.However,the relationship is still under-explored.This paper empirically examines the relationship between internet use and information security risk perception based on data from the 2021 Chinese Social Survey.It was found that whether to use the internet and the frequency of use are both significantly positively correlated with the perception of information security risk.On this basis,the mechanism by which internet use affects public information security risk perceptions is verified from the perspective of interpersonal trust.The mechanism analysis found that interpersonal trust exerts an indirect effect between internet use and perceived information security risk.The findings of this study provide new insights for our further understanding of how internet use affects residents'perceptions of securityrisk.展开更多
The sources of supply chain enterprise risk from different aspects including material flow, information flow, cash flow and partner relationship is analyzed. Measures for risk reduction have also been summarized from ...The sources of supply chain enterprise risk from different aspects including material flow, information flow, cash flow and partner relationship is analyzed. Measures for risk reduction have also been summarized from the aspects of risk sharing, information sharing, change of inventory control mode, and supply chain flexibility. Finally, problems in current research on supply chain risk management are pointed out and a discussion on future research trend is presented.展开更多
The concept of value of information(VOI)has been widely used in the oil industry when making decisions on the acquisition of new data sets for the development and operation of oil fields.The classical approach to VOI ...The concept of value of information(VOI)has been widely used in the oil industry when making decisions on the acquisition of new data sets for the development and operation of oil fields.The classical approach to VOI assumes that the outcome of the data acquisition process produces crisp values,which are uniquely mapped onto one of the deterministic reservoir models representing the subsurface variability.However,subsurface reservoir data are not always crisp;it can also be fuzzy and may correspond to various reservoir models to different degrees.The classical approach to VOI may not,therefore,lead to the best decision with regard to the need to acquire new data.Fuzzy logic,introduced in the 1960 s as an alternative to the classical logic,is able to manage the uncertainty associated with the fuzziness of the data.In this paper,both classical and fuzzy theoretical formulations for VOI are developed and contrasted using inherently vague data.A case study,which is consistent with the future development of an oil reservoir,is used to compare the application of both approaches to the estimation of VOI.The results of the VOI process show that when the fuzzy nature of the data is included in the assessment,the value of the data decreases.In this case study,the results of the assessment using crisp data and fuzzy data change the decision from"acquire"the additional data(in the former)to"do not acquire"the additional data(in the latter).In general,different decisions are reached,depending on whether the fuzzy nature of the data is considered during the evaluation.The implications of these results are significant in a domain such as the oil and gas industry(where investments are huge).This work strongly suggests the need to define the data as crisp or fuzzy for use in VOI,prior to implementing the assessment to select and define the right approach.展开更多
As the scale of the power system continues to expand,the environment for power operations becomes more and more complex.Existing risk management and control methods for power operations can only set the same risk dete...As the scale of the power system continues to expand,the environment for power operations becomes more and more complex.Existing risk management and control methods for power operations can only set the same risk detection standard and conduct the risk detection for any scenario indiscriminately.Therefore,more reliable and accurate security control methods are urgently needed.In order to improve the accuracy and reliability of the operation risk management and control method,this paper proposes a method for identifying the key links in the whole process of electric power operation based on the spatiotemporal hybrid convolutional neural network.To provide early warning and control of targeted risks,first,the video stream is framed adaptively according to the pixel changes in the video stream.Then,the optimized MobileNet is used to extract the feature map of the video stream,which contains both time-series and static spatial scene information.The feature maps are combined and non-linearly mapped to realize the identification of dynamic operating scenes.Finally,training samples and test samples are produced by using the whole process image of a power company in Xinjiang as a case study,and the proposed algorithm is compared with the unimproved MobileNet.The experimental results demonstrated that the method proposed in this paper can accurately identify the type and start and end time of each operation link in the whole process of electric power operation,and has good real-time performance.The average accuracy of the algorithm can reach 87.8%,and the frame rate is 61 frames/s,which is of great significance for improving the reliability and accuracy of security control methods.展开更多
The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets.The availability of these systems is now vital for the protection and ev...The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets.The availability of these systems is now vital for the protection and evolution of companies.However,several factors have led to an increasing need for more accurate risk analysis approaches.These are:the speed at which technologies evolve,their global impact and the growing requirement for companies to collaborate.Risk analysis processes must consequently adapt to these new circumstances and new technological paradigms.The objective of this paper is,therefore,to present the results of an exhaustive analysis of the techniques and methods offered by the scientific community with the aim of identifying their main weaknesses and providing a new risk assessment and management process.This analysis was carried out using the systematic review protocol and found that these proposals do not fully meet these new needs.The paper also presents a summary of MARISMA,the risk analysis and management framework designed by our research group.The basis of our framework is the main existing risk standards and proposals,and it seeks to address the weaknesses found in these proposals.MARISMA is in a process of continuous improvement,as is being applied by customers in several European and American countries.It consists of a risk data management module,a methodology for its systematic application and a tool that automates the process.展开更多
Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global infor...Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.展开更多
Cross-border data transmission in the biomedical area is on the rise,which brings potential risks and management challenges to data security,biosafety,and national security.Focusing on cross-border data security asses...Cross-border data transmission in the biomedical area is on the rise,which brings potential risks and management challenges to data security,biosafety,and national security.Focusing on cross-border data security assessment and risk management,many countries have successively issued relevant laws,regulations,and assessment guidelines.This study aims to provide an index system model and management application reference for the risk assessment of the cross-border data movement.From the perspective of a single organization,the relevant risk assessment standards of several countries are integrated to guide the identification and determination of risk factors.Then,the risk assessment index system of cross-border data flow is constructed.A case study of risk assessment in 358 biomedical organizations is carried out,and the suggestions for data management are offered.This study is condusive to improving security monitoring and the early warning of the cross-border data flow,thereby realizing the safe and orderly global flow of biomedical data.展开更多
文摘With the rapid expansion of e-commerce,its security and risk management problems become increasingly prominent.In the current business environment,the ability to understand and apply e-commerce security and risk management has become an important criterion to measure a good person.Therefore,the importance of e-commerce security and risk management courses in college education is self-evident.This course can not only help students master the basic knowledge of e-commerce,but also enable them to understand how to deal with various risks in practical work and ensure the safe operation of e-commerce.At the same time,through the study of e-commerce security and risk management,students can better understand the operation mode and law of e-commerce,and lay a solid foundation for their future career.In general,e-commerce security and risk management occupy an important position in the curriculum of colleges and universities,and play a crucial role in cultivating e-commerce professionals with practical operation ability and innovative thinking.
文摘To guarantee a unified response to disasters, humanitarian organizations work together via the United Nations Office for the Coordination of Humanitarian Affairs (OCHA). Although the OCHA has made great strides to improve its information management and increase the availability of accurate, real-time data for disaster and humanitarian response teams, significant gaps persist. There are inefficiencies in the emergency management of data at every stage of its lifecycle: collection, processing, analysis, distribution, storage, and retrieval. Disaster risk reduction and disaster risk management are the two main tenets of the United Nations’ worldwide plan for disaster management. Information systems are crucial because of the crucial roles they play in capturing, processing, and transmitting data. The management of information is seldom discussed in published works. The goal of this study is to employ qualitative research methods to provide insight by facilitating an expanded comprehension of relevant contexts, phenomena, and individual experiences. Humanitarian workers and OCHA staffers will take part in the research. The study subjects will be chosen using a random selection procedure. Online surveys with both closed- and open-ended questions will be used to compile the data. UN OCHA offers a structure for the handling of information via which all humanitarian actors may contribute to the overall response. This research will enable the UN Office for OCHA better gather, process, analyze, disseminate, store, and retrieve data in the event of a catastrophe or humanitarian crisis.
文摘This research discusses the role of information security development (ISD) using organizational factors such as information security plans, information security awareness, perceived quality training programs, information security policies and procedures, and organizational culture in effective information security management (ISM) implementation in the banks (a Nigerian case). This paper explores the existing literature and a proposed framework that consists of ISD such as information security plans, information security awareness, perceived quality training programs, information security policies and procedures, and organizational culture in ISM implementation. ISD factors are found to be statistically significant, because it motivates an organization to implement effective ISM in the banks. Hence, it could be said that the role of ISD practices in an effective implementation of ISM among banks in Nigeria will be of great value.
文摘In this paper, online security warning and risk assessment of power grid are proposed, based on data from EMS (Energy Management System), combined with information of real-time operation state, component status and external operating environment. It combines the two factors, contingency likelihood and severity, that determine system reliability, into risk indices on different loads and operation modes, which provide precise evaluation of the power grid's security performance. According to these indices, it can know the vulnerable area of the system and whether the normal operating mode or repair mode is over-limited or not, and provide decision-making support for dispatchers. Common cause outages and equipment-aging are considered in terms of the establishment of outage model. Multiple risk indices are defined in order to reflect the risk level of the power grid more comprehensively.
基金supported by the Fundamental Research Funds for the Central Universities of CAUC(3122022076)National Natural Science Foundation of China(NSFC)(U2133203).
文摘With the exponential increase in information security risks,ensuring the safety of aircraft heavily relies on the accurate performance of risk assessment.However,experts possess a limited understanding of fundamental security elements,such as assets,threats,and vulnerabilities,due to the confidentiality of airborne networks,resulting in cognitive uncertainty.Therefore,the Pythagorean fuzzy Analytic Hierarchy Process(AHP)Technique for Order Preference by Similarity to an Ideal Solution(TOPSIS)is proposed to address the expert cognitive uncertainty during information security risk assessment for airborne networks.First,Pythagorean fuzzy AHP is employed to construct an index system and quantify the pairwise comparison matrix for determining the index weights,which is used to solve the expert cognitive uncertainty in the process of evaluating the index system weight of airborne networks.Second,Pythagorean fuzzy the TOPSIS to an Ideal Solution is utilized to assess the risk prioritization of airborne networks using the Pythagorean fuzzy weighted distance measure,which is used to address the cognitive uncertainty in the evaluation process of various indicators in airborne network threat scenarios.Finally,a comparative analysis was conducted.The proposed method demonstrated the highest Kendall coordination coefficient of 0.952.This finding indicates superior consistency and confirms the efficacy of the method in addressing expert cognition during information security risk assessment for airborne networks.
文摘This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].
文摘In today’s digitally driven landscape, robust Information Technology (IT) risk assessment practices are essential for safeguarding systems, digital communication, and data. This paper introduces “AssessITS,” an actionable method designed to provide organizations with comprehensive guidelines for conducting IT and cybersecurity risk assessments. Drawing extensively from NIST 800-30 Rev 1, COBIT 5, and ISO 31000, “AssessITS” bridges the gap between high-level theoretical standards and practical implementation challenges. The paper outlines a step-by-step methodology that organizations can simply adopt to systematically identify, analyze, and mitigate IT risks. By simplifying complex principles into actionable procedures, this framework equips practitioners with the tools needed to perform risk assessments independently, without too much reliance on external vendors. The guidelines are developed to be straightforward, integrating practical evaluation metrics that allow for the precise quantification of asset values, threat levels, vulnerabilities, and impacts on confidentiality, integrity, and availability. This approach ensures that the risk assessment process is not only comprehensive but also accessible, enabling decision-makers to implement effective risk mitigation strategies customized to their unique operational contexts. “AssessITS” aims to enable organizations to enhance their IT security strength through practical, actionable guidance based on internationally recognized standards.
文摘Healthcare security and privacy breaches are occurring in the United States (US), and increased substantially during the pandemic. This paper reviews the National Institute of Standards and Technology (NIST) publication base as an effective solution. The NIST Special Publication 800-66 Revision 1 was an essential standard in US healthcare, which was withdrawn in February 2024 and superseded by SP 800-66 Revision 2. This review investigates the academic papers concerning the application of the NIST SP 800-66 Revision 1 standard in the US healthcare literature. A systematic review method was used in this study to determine current knowledge gaps of the SP 800-66 Revision 1. Some limitations were employed in the search to enforce validity. A total of eleven articles were found eligible for the study. Consequently, this study suggests the necessity for additional academic papers pertaining to SP 800-66 Revision 2 in the US healthcare literature. In turn, it will enhance awareness of safeguarding electronic protected health information (ePHI), help to mitigate potential future risks, and eventually reduce breaches.
文摘With the rapid development of network technology, the meaning of layers and attributes in respect of information system security must be extended based on the understanding of the concept of information system security. The layering model (LM) of information system security and the five-attribute model (FAM) based on security factors were put forward to perfect the description and modeling of the information system security framework. An effective framework system of risk calculation and assessment was proposed, which is based on FAM.
基金funded by Grant No.12-INF2970-10 from the National Science,Technology and Innovation Plan(MAARIFAH)the King Abdul-Aziz City for Science and Technology(KACST),Saudi Arabia.
文摘In the recent years,the booming web-based applications have attracted the hackers’community.The security risk of the web-based hospital management system(WBHMS)has been increasing rapidly.In the given context,the main goal of all security professionals and website developers is to maintain security divisions and improve on the user’s confidence and satisfaction.At this point,the different WBHMS tackle different types of security risks.In WBHMS,the security of the patients’medical information is of utmost importance.All in all,there is an inherent security risk of data and assets in the field of the medical industry as a whole.The objective of this study is to estimate the security risk assessment of WBHMS.The risks assessment pertains to securing the integrity of the information in alignment with the Health Insurance Portability and Accountability Act.This includes protecting the relevant financial records,as well as the identification,evaluation,and prevention of a data breach.In the past few years,according to the US-based cyber-security firm Fire-eye,6.8 million data thefts have been recorded in the healthcare sector in India.The breach barometer report mentions that in the year 2019,the data breaches found were up to 48.6%as compared to the year 2018.Therefore,it is very important to assess the security risk in WBHMS.In this research,we have followed the hybrid technique fuzzy analytic hierarchy process-technique for order of preference by similarity to ideal solution(F-AHPTOPSIS)approach to assess the security risk in WBHMS.The place of this empirical database is at the local hospital of Varanasi,U.P.,India.Given the affectability of WBHMS for its board framework,this work has used diverse types of web applications.The outcomes obtained and the procedure used in this assessment would support future researchers and specialists in organizing web applications through advanced support of safety and security.
文摘The problem of perfectly secure communication has enjoyed considerable theoretical treatment over the last decades. Results in this area include the identification of multipath transmission as a necessary ingredient, as well as quantum key distribution (QKD), which can perfectly protect direct lines, Combining the advantages of the quantum and multipath transmission paradigm, as well as rigorously analyzing the security of such combined techniques, is possible by virtue of game-theory. Based on a game-theoretic measure of channel vulnerability, the authors prove the problem of setting up infrastructures for QKD-based multipath transmission to be NP-complete. The authors consider the problem in two flavors, both being computationally hard. Remarkably, the authors' results indicate that the P-vs-NP-question is only of minor effect for confidentiality, because either nowadays public-key cryptosystems remain secure (in case that P, NP) or infrastructures facilitating perfectly confidential communication can be constructed efficiently (in case that P = NP).
文摘The investment strategy choice of state-owned commercial bank is related to its franchise value change information. This paper analyzes the franchise value change information of state-owned commercial bank. The franchise value change information shows that the franchise value of state-owned Commercial Bank is descending. Along with the descending of the franchise value, state-owned commercial bank strengthens its high risk investment motive when it chooses its investment strategy. State-owned commercial bank tends to run the high risk of investing securities because its investment variety is very sparse. Based on the theoretical principle of how to control securities investment risk, this paper proposes some countermeasures and suggestions that state-owned commercial bank strengthen the control of its securities investment risk in order to perfect its investment strategy.
基金supported by the National Social Science Fund of China"Research on Urban Compound Risk Analysis and Governance Based on Large-Scale Survey Data"(23&ZD144).
文摘Clarifying the relationship between internet use and public information security risk perception helps us gain a better understanding of the factors influencing public risk perception.However,the relationship is still under-explored.This paper empirically examines the relationship between internet use and information security risk perception based on data from the 2021 Chinese Social Survey.It was found that whether to use the internet and the frequency of use are both significantly positively correlated with the perception of information security risk.On this basis,the mechanism by which internet use affects public information security risk perceptions is verified from the perspective of interpersonal trust.The mechanism analysis found that interpersonal trust exerts an indirect effect between internet use and perceived information security risk.The findings of this study provide new insights for our further understanding of how internet use affects residents'perceptions of securityrisk.
基金This project was supported by the National Natural Science Foundation of China (60574077) and 973 National ResearchProgram of China (2002cb312205).
文摘The sources of supply chain enterprise risk from different aspects including material flow, information flow, cash flow and partner relationship is analyzed. Measures for risk reduction have also been summarized from the aspects of risk sharing, information sharing, change of inventory control mode, and supply chain flexibility. Finally, problems in current research on supply chain risk management are pointed out and a discussion on future research trend is presented.
文摘The concept of value of information(VOI)has been widely used in the oil industry when making decisions on the acquisition of new data sets for the development and operation of oil fields.The classical approach to VOI assumes that the outcome of the data acquisition process produces crisp values,which are uniquely mapped onto one of the deterministic reservoir models representing the subsurface variability.However,subsurface reservoir data are not always crisp;it can also be fuzzy and may correspond to various reservoir models to different degrees.The classical approach to VOI may not,therefore,lead to the best decision with regard to the need to acquire new data.Fuzzy logic,introduced in the 1960 s as an alternative to the classical logic,is able to manage the uncertainty associated with the fuzziness of the data.In this paper,both classical and fuzzy theoretical formulations for VOI are developed and contrasted using inherently vague data.A case study,which is consistent with the future development of an oil reservoir,is used to compare the application of both approaches to the estimation of VOI.The results of the VOI process show that when the fuzzy nature of the data is included in the assessment,the value of the data decreases.In this case study,the results of the assessment using crisp data and fuzzy data change the decision from"acquire"the additional data(in the former)to"do not acquire"the additional data(in the latter).In general,different decisions are reached,depending on whether the fuzzy nature of the data is considered during the evaluation.The implications of these results are significant in a domain such as the oil and gas industry(where investments are huge).This work strongly suggests the need to define the data as crisp or fuzzy for use in VOI,prior to implementing the assessment to select and define the right approach.
基金This paper is supported by the Science and technology projects of Yunnan Province(Grant No.202202AD080004).
文摘As the scale of the power system continues to expand,the environment for power operations becomes more and more complex.Existing risk management and control methods for power operations can only set the same risk detection standard and conduct the risk detection for any scenario indiscriminately.Therefore,more reliable and accurate security control methods are urgently needed.In order to improve the accuracy and reliability of the operation risk management and control method,this paper proposes a method for identifying the key links in the whole process of electric power operation based on the spatiotemporal hybrid convolutional neural network.To provide early warning and control of targeted risks,first,the video stream is framed adaptively according to the pixel changes in the video stream.Then,the optimized MobileNet is used to extract the feature map of the video stream,which contains both time-series and static spatial scene information.The feature maps are combined and non-linearly mapped to realize the identification of dynamic operating scenes.Finally,training samples and test samples are produced by using the whole process image of a power company in Xinjiang as a case study,and the proposed algorithm is compared with the unimproved MobileNet.The experimental results demonstrated that the method proposed in this paper can accurately identify the type and start and end time of each operation link in the whole process of electric power operation,and has good real-time performance.The average accuracy of the algorithm can reach 87.8%,and the frame rate is 61 frames/s,which is of great significance for improving the reliability and accuracy of security control methods.
基金the AETHERUCLM(PID2020-112540RB-C42)funded by MCIN/AEI/10.13039/501100011033,SpainALBA-UCLM(TED2021-130355B-C31,id.4809130355-130355-28-521)+1 种基金ALBA-UC(TED2021-130355B-C33,id.3611130630-130630-28-521)funded by the“Ministerio de Ciencia e Innovacion”,Spainsupported by the European Union’s Horizon 2020 Project“CyberSANE”under Grant Agreement No.833683.
文摘The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets.The availability of these systems is now vital for the protection and evolution of companies.However,several factors have led to an increasing need for more accurate risk analysis approaches.These are:the speed at which technologies evolve,their global impact and the growing requirement for companies to collaborate.Risk analysis processes must consequently adapt to these new circumstances and new technological paradigms.The objective of this paper is,therefore,to present the results of an exhaustive analysis of the techniques and methods offered by the scientific community with the aim of identifying their main weaknesses and providing a new risk assessment and management process.This analysis was carried out using the systematic review protocol and found that these proposals do not fully meet these new needs.The paper also presents a summary of MARISMA,the risk analysis and management framework designed by our research group.The basis of our framework is the main existing risk standards and proposals,and it seeks to address the weaknesses found in these proposals.MARISMA is in a process of continuous improvement,as is being applied by customers in several European and American countries.It consists of a risk data management module,a methodology for its systematic application and a tool that automates the process.
文摘Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.
基金support from the National Natural Science Foundation of China(Grant No.:71901169)the Shaanxi Province Innovative Talents Promotion Plan-Youth Science and Technology Nova Project(Grant No.:2022KJXX-50).
文摘Cross-border data transmission in the biomedical area is on the rise,which brings potential risks and management challenges to data security,biosafety,and national security.Focusing on cross-border data security assessment and risk management,many countries have successively issued relevant laws,regulations,and assessment guidelines.This study aims to provide an index system model and management application reference for the risk assessment of the cross-border data movement.From the perspective of a single organization,the relevant risk assessment standards of several countries are integrated to guide the identification and determination of risk factors.Then,the risk assessment index system of cross-border data flow is constructed.A case study of risk assessment in 358 biomedical organizations is carried out,and the suggestions for data management are offered.This study is condusive to improving security monitoring and the early warning of the cross-border data flow,thereby realizing the safe and orderly global flow of biomedical data.