AssessITS: Integrating Procedural Guidelines and Practical Evaluation Metrics for Organizational IT and Cybersecurity Risk Assessment

In today’s digitally driven landscape, robust Information Technology (IT) risk assessment practices are essential for safeguarding systems, digital communication, and data. This paper introduces “AssessITS,” an actionable method designed to provide organizations with comprehensive guidelines for conducting IT and cybersecurity risk assessments. Drawing extensively from NIST 800-30 Rev 1, COBIT 5, and ISO 31000, “AssessITS” bridges the gap between high-level theoretical standards and practical implementation challenges. The paper outlines a step-by-step methodology that organizations can simply adopt to systematically identify, analyze, and mitigate IT risks. By simplifying complex principles into actionable procedures, this framework equips practitioners with the tools needed to perform risk assessments independently, without too much reliance on external vendors. The guidelines are developed to be straightforward, integrating practical evaluation metrics that allow for the precise quantification of asset values, threat levels, vulnerabilities, and impacts on confidentiality, integrity, and availability. This approach ensures that the risk assessment process is not only comprehensive but also accessible, enabling decision-makers to implement effective risk mitigation strategies customized to their unique operational contexts. “AssessITS” aims to enable organizations to enhance their IT security strength through practical, actionable guidance based on internationally recognized standards.

A Systematic Review and Performance Evaluation of Open-Source Tools for Smart Contract Vulnerability Detection

With the rise of blockchain technology,the security issues of smart contracts have become increasingly critical.Despite the availability of numerous smart contract vulnerability detection tools,many face challenges such as slow updates,usability issues,and limited installation methods.These challenges hinder the adoption and practicality of these tools.This paper examines smart contract vulnerability detection tools from 2016 to 2023,sourced from the Web of Science(WOS)and Google Scholar.By systematically collecting,screening,and synthesizing relevant research,38 open-source tools that provide installation methods were selected for further investigation.From a developer’s perspective,this paper offers a comprehensive survey of these 38 open-source tools,discussing their operating principles,installation methods,environmental dependencies,update frequencies,and installation challenges.Based on this,we propose an Ethereum smart contract vulnerability detection framework.This framework enables developers to easily utilize various detection tools and accurately analyze contract security issues.To validate the framework’s stability,over 1700 h of testing were conducted.Additionally,a comprehensive performance test was performed on the mainstream detection tools integrated within the framework,assessing their hardware requirements and vulnerability detection coverage.Experimental results indicate that the Slither tool demonstrates satisfactory performance in terms of system resource consumption and vulnerability detection coverage.This study represents the first performance evaluation of testing tools in this domain,providing significant reference value.

Integrated Evaluation of Ecological Security at Different Scales Using Remote Sensing: A Case Study of Zhongxian County, the Three Gorges Area, China

Based on related literature and this research, an ecological security evaluation from the pixel scale to the small watershed or county scale was presented using remote sensing data and related models. With the driver-pressure, state and exposure to pollution-response （DPSER） model as a basis, a conceptual framework of regional ecological evaluation and an index system were established. The extraction and standardization of evaluation indices were carried out with GIS techniques, an information extraction model and a data standardization model. The conversion of regional ecological security results from the pixel scale to a small watershed or county scale was obtained with an evaluation model and a scaling model. Two conceptual scale conversion models of regional ecological security from the pixel scale to the county scale were proposed： 1） scale conversion of ecological security regime results from plxel to small watershed; and 2） scale conversion from pixel to county. These research results could provide useful ideas for regional ecological security evaluation as well as ecological and environmental management.

Evaluation and scenario simulation for forest ecological security in China

Continuously growing populations and rapid economic development have led to the excessive use of forest resources,and the forest ecosystem is threatened.In response,forest ecological security(FES)has attracted attention.In this study,an integrated dynamic simulation model was constructed using the system dynamic method,and it was used to evaluate the FES in China from 1999 to 2014.A scenario analysis was then used to evaluate the changes in the FES under five forestry policy scenarios for the 2015–2050 period,including the baseline,afforestation policy,harvesting policies,management policy,investment policy,and a policy mix.The results showed that the evaluation values of the FES increased during the period from 1999 to 2002,the period from 2004 to 2010 and the year 2014,and they decreased in 2003 and during the period from 2011 to 2013.During the 2015–2050 simulation period,the FES improved continuously.In particular,China would enter a new stage when the economic systems,social systems and ecosystems were in harmony after 2040.To improve the FES and the current status of the FES,a scenario analysis showed the most suitable scenario to be Scenario 5 from 2015 to 2020 and Scenario 2 from 2021 to 2050.To relieve pressure,the most suitable scenario would be Scenario 5 from 2015 to 2040 and from 2046 to 2050,and the most suitable scenario would be Scenario 4 for 2041–2045.A policy mix(Scenario 5)would be most efficient under current conditions,while the effects of all the benefits of the forestry policies would weaken over the long term.The integrated method can be regarded as a decision support tool to help policy makers understand FES and promulgate a reasonable forestry policy.

Security evaluation of compounded microbial flocculant

A new kind of compounded microbial flocculant (CMBF) for water and wastewater treatment has been developed through biological technology. In order to discuss its biological security, four groups of experiments, rat acute toxicity test via mouth, salmonella assay in vitro, mouse micronucleus in vivo test and teratogenesis test were conducted to evaluate its general toxicity, genotoxicity and generative toxicity. The experimental results showed that this type of compounded microbial flocculant was a substantial non-toxic substance based on the fact that LD50 value was over 10 mg/kg. The results from salmonella in vivo test and mouse micronucleus in vivo test revealed that the compounded microbial flocculant is a genetically non-toxic substance. Furthermore, compounded microbial flocculant has little effect on the growth of all the rats, and any morphologic abnormal phenomenon hasn’t appeared.

Ecological Security Evaluation Algorithm for Resource-Exhausted Cities Based on the PSR Model

Today,resource depletion threatens a number of resource-based cities in China.The ecological security problem caused by the long-term exploitation of natural resources is a key issue to be solved in the development of resource-exhausted cities.Using 23 indicators,this study evaluated the ecological security status and development trends of 21 resource-exhausted cities in China from 2011 to 2017.The results showed that from 2011 to 2015,the overall ecological security of this type of city was low,with over 60%of the cities at an unsafe level.However,ecological security improved rapidly after 2016,and by 2017,all of the cities had reached the critical safety level.The top 10 indicators of ecological security included industrial sulfur dioxide emissions,water supply,agricultural fertilizer application,and forest coverage.These 10 indicators’cumulative contribution to ecological security was 48.3%;among them,reducing industrial sulfur dioxide emissions contributed the most at 5.7%.These findings can help governments better understand the ecological security status of resource-exhausted cities,and it can provide a reference for the allocation of funds and other resources to improve the ecological safety of these cities.

Comprehensive Information Security Evaluation Model Based on Multi-Level Decomposition Feedback for IoT

The development of the Internet of Things(IoT)calls for a comprehensive in-formation security evaluation framework to quantitatively measure the safety score and risk(S&R)value of the network urgently.In this paper,we summarize the architecture and vulnerability in IoT and propose a comprehensive information security evaluation model based on multi-level decomposition feedback.The evaluation model provides an idea for information security evaluation of IoT and guides the security decision maker for dynamic protection.Firstly,we establish an overall evaluation indicator system that includes four primary indicators of threat information,asset,vulnerability,and management,respectively.It also includes eleven secondary indicators of system protection rate,attack detection rate,confidentiality,availability,controllability,identifiability,number of vulnerabilities,vulnerability hazard level,staff organization,enterprise grading and service continuity,respectively.Then,we build the core algorithm to enable the evaluation model,wherein a novel weighting technique is developed and a quantitative method is proposed to measure the S&R value.Moreover,in order to better supervise the performance of the proposed evaluation model,we present four novel indicators includes residual risk,continuous conformity of residual risk,head-to-tail consistency and decrease ratio,respectively.Simulation results show the advantages of the proposed model in the evaluation of information security for IoT.

Generalized dominance-based rough set approach to security evaluation with imprecise information

The model of grey multi-attribute group decision-making （MAGDM） is studied, in which the attribute values are grey numbers. Based on the generalized dominance-based rough set approach （G-DR- SA）, a synthetic security evaluation method is presented. With-the grey MAGDM security evaluation model as its foundation, the extension of technique for order performance by similarity to ideal solution （TOPSIS） integrates the evaluation of each decision-maker （DM） into a group＇s consensus and obtains the expected evaluation results of information system. Via the quality of sorting （QoS） of G-DRSA, the inherent information hidden in data is uncovered, and the security attribute weight and DMs＇ weight are rationally obtained. Taking the computer networks in a certain university as objects, the example illustrates that this method can effectively remove the bottleneck of the grey MAGDM model and has practical significance in the synthetic security evaluation.

Stochastic Modelling of Vulnerability Life Cycle and Security Risk Evaluation

The objective of the present study is to propose a risk evaluation statistical model for a given vulnerability by examining the Vulnerability Life Cycle and the CVSS score. Having a better understanding of the behavior of vulnerability with respect to time will give us a great advantage. Such understanding will help us to avoid exploitations and introduce patches for a particular vulnerability before the attacker takes the advantage. Utilizing the proposed model one can identify the risk factor of a specific vulnerability being exploited as a function of time. Measuring of the risk factor of a given vulnerability will also help to improve the security level of software and to make appropriate decisions to patch the vulnerability before an exploitation takes place.

Application of Security Index in Evaluation of Agricultural Insurance Security Level

At present,there is still no unified standard for evaluation of agricultural insurance security level,especially in the quantitative evaluation. In order to explore a scientific and reasonable evaluation method for agricultural insurance security level,this paper analyzed the current situation of evaluation methods of social insurance,endowment insurance and medical insurance,as well as the application of security index. It is expected to provide a certain reference for evaluation of agricultural insurance security level by the agricultural insurance security index.

Dynamic Tracking and Comprehensive Evaluation on the Natural Resources Security Elements and System in China

System theory,pressure-state-response and drivingpressure-state-impact-response model have been applied to establishing China's dynamic tracking evaluation system of natural resources security in this article.Based on analytic hierarchy process and Delphi methods,the natural resources security situation has been evaluated systematically from 1991 to 2007.The result showed that the overall level of China's natural resources security presented a downtrend from 1991 to 2007.The basic reasons are the pressure indicators such as population,GDP,natural resources trade increased gradually,resulting in tension and fragility of natural resources security.

Evaluation of Security of Mine Ventilation Systems

A mine ventilation system has a deterministic function for the safety of coal production and for the control of mine accidents. So, it has an important meaning to evaluate the security of a mine ventilation system. This paper studied the evaluation index system of the security of a mine ventilation system, and the security of a mine ventilation system was described quantitatively in the safety degree. Finally, an example of the security evaluation was given.

Tourism Destination Eco-Security and Its Dynamic Evaluation Method

Ecological security of tourism destination is an important factor for the sustainable development of tourism industry, and many tourism destinations are threatened by various ecological problems. A complete understanding of eco-security situation is the foundation of maintaining sustainable development for tourism destinations. However, study on tourism destination eco-security has remained in the initial stage, based on domestic and international researches, the connotations and dynamic characteristics of tourism destination eco-security were discussed. Then, evaluation method of tourism destination eco-security and standard system were proposed, also dynamic evaluation method of tourism destination eco-safety based on the situation evaluation and trend was analyzed.

Quantitative Security Evaluation for Software System from Vulnerability Database

This paper proposes a quantitative security evaluation for software system from the vulnerability data consisting of discovery date, solution date and exploit publish date based on a stochastic model. More precisely, our model considers a vulnerability life-cycle model and represents the vulnerability discovery process as a non-homogeneous Poisson process. In a numerical example, we show the quantitative measures for contents management system of an open source project.

A Design of the Network Security Evaluation System

The security evaluation for an information network system is an important management tool to insure its normal operation. We must realize the significance of the comprehensive network security risks. A network evaluation model and the algorithm are presented and adapt the hierarchical method to characterize the security risk situation. The evaluation method is used to evaluate the key nodes and the mathematics is used to analyze the whole network security situation. Compared with others, the method can automatically create a rule-based security evaluation model to evaluate the security threat from the individual security elements and the combination of security elements, and then evaluation the network situation. It is shown that this system provides a valuable model and algorithms to help to find the security rules, adjust the security

Model of Security Evaluation of Infrastructure as a Service Layer of Cloud Computing System

At present,most providers of cloud computing mainly provide infrastructures and services of infrastructure as a service(IaaS).But there is a serious problem that is the lack of security standards and evaluation model of IaaS.After analyzing the vulnerabilities performance of IaaS cloud computing system,the mapping relationship was established between the vulnerabilities of IaaS and the nine threats of cloud computing which was released by cloud security alliance(CSA).According to the mapping relationship,a model for evaluating security of IaaS was proposed which verified the effectiveness of the model on OpenStack by the analytic hierarchy process(AHP) and the fuzzy evaluation method.

Researches On The Network Security Evaluation Method Based Bn BP Neural Network

This paper first describes the basic theory of BP neural network algorithm, defects and improved methods, establishes a computer network security evaluation index system, explores the computer network security evaluation method based on BP neural network, and has designed to build the evaluation model, and shows that the method is feasible through the MATLAB simulation experiments.

Network security equipment evaluation based on attack tree with risk fusion

Network security equipment is crucial to information systems, and a proper evaluation model can ensure the quality of network security equipment. However, there is only a few models of comprehensive models nowadays. An index system for network security equipment was established and a model based on attack tree with risk fusion was proposed to obtain the score of qualitative indices. The proposed model implements attack tree model and controlled interval and memory(CIM) model to solve the problem of quantifying qualitative indices, and thus improves the accuracy of the evaluation.