Comprehensive security risk factor identification for small reservoirs with heterogeneous data based on grey relational analysis model

Identification of security risk factors for small reservoirs is the basis for implementation of early warning systems.The manner of identification of the factors for small reservoirs is of practical significance when data are incomplete.The existing grey relational models have some disadvantages in measuring the correlation between categorical data sequences.To this end,this paper introduces a new grey relational model to analyze heterogeneous data.In this study,a set of security risk factors for small reservoirs was first constructed based on theoretical analysis,and heterogeneous data of these factors were recorded as sequences.The sequences were regarded as random variables,and the information entropy and conditional entropy between sequences were measured to analyze the relational degree between risk factors.Then,a new grey relational analysis model for heterogeneous data was constructed,and a comprehensive security risk factor identification method was developed.A case study of small reservoirs in Guangxi Zhuang Autonomous Region in China shows that the model constructed in this study is applicable to security risk factor identification for small reservoirs with heterogeneous and sparse data.

Hesitant Fuzzy-Sets Based Decision-Making Model for Security Risk Assessment

Security is an important component in the process of developing healthcare web applications.We need to ensure security maintenance;therefore the analysis of healthcare web application’s security risk is of utmost importance.Properties must be considered to minimise the security risk.Additionally,security risk management activities are revised,prepared,implemented,tracked,and regularly set up efficiently to design the security of healthcare web applications.Managing the security risk of a healthcare web application must be considered as the key component.Security is,in specific,seen as an add-on during the development process of healthcare web applications,but not as the key problem.Researchers must ensure that security is taken into account right from the earlier developmental stages of the healthcare web application.In this row,the authors of this study have used the hesitant fuzzy-based AHP-TOPSIS technique to estimate the risks of various healthcare web applications for improving security-durability.This approach would help to design and incorporate security features in healthcare web applications that would be able to battle threats on their own,and not depend solely on the external security of healthcare web applications.Furthermore,in terms of healthcare web application’s security-durability,the security risk variable is measured,and vice versa.Hence,the findings of our study will also be useful in improving the durability of several web applications in healthcare.

Security Risk Prevention and Control Deployment for 5G Private Industrial Networks

In this paper,we investigate and analyze the network security risks faced by 5G private industrial networks.Based on current network security architecture and 3GPP requirements and considering the actual application of 5G private industrial networks,a comparative analysis is used to plan and design a private network security construction scheme.The network security construction model,network organization,and key processes of 5G private industrial networks at the current stage are investigated.In addition,the key direction for the next stage of construction is discussed.

Resource Allocation for Network Security Risk Assessment：A Non-Cooperative Differential Game Based Approach

In this paper, we propose a non-cooperative differential game theory based resource allocation approach for the network security risk assessment. For the risk assessment, the resource will be used for risk assess, including response cost and response negative cost. The whole assessment process is considered as a differential game for optimal resource control. The proposed scheme can be obtained through the Nash Equilibrium. It is proved that the game theory based algorithm is applicable and the optimal resource level can be achieved based on the proposed algorithm.

Estimating Security Risk of Healthcare Web Applications: A Design Perspective

In the recent years,the booming web-based applications have attracted the hackers’community.The security risk of the web-based hospital management system(WBHMS)has been increasing rapidly.In the given context,the main goal of all security professionals and website developers is to maintain security divisions and improve on the user’s confidence and satisfaction.At this point,the different WBHMS tackle different types of security risks.In WBHMS,the security of the patients’medical information is of utmost importance.All in all,there is an inherent security risk of data and assets in the field of the medical industry as a whole.The objective of this study is to estimate the security risk assessment of WBHMS.The risks assessment pertains to securing the integrity of the information in alignment with the Health Insurance Portability and Accountability Act.This includes protecting the relevant financial records,as well as the identification,evaluation,and prevention of a data breach.In the past few years,according to the US-based cyber-security firm Fire-eye,6.8 million data thefts have been recorded in the healthcare sector in India.The breach barometer report mentions that in the year 2019,the data breaches found were up to 48.6%as compared to the year 2018.Therefore,it is very important to assess the security risk in WBHMS.In this research,we have followed the hybrid technique fuzzy analytic hierarchy process-technique for order of preference by similarity to ideal solution(F-AHPTOPSIS)approach to assess the security risk in WBHMS.The place of this empirical database is at the local hospital of Varanasi,U.P.,India.Given the affectability of WBHMS for its board framework,this work has used diverse types of web applications.The outcomes obtained and the procedure used in this assessment would support future researchers and specialists in organizing web applications through advanced support of safety and security.

Construction of Public Security Risk Governance System under the View of Risk Society Theory

With the development of economy,China has to fight against the increasing public security risk. The theory of risk society points out that the traditional system of hierarchical management should be transformed into the governance system led by government and participated in by multiple parties to avoid and reduce risk in modern society. In order to achieve modernization of the national governance system and capacity,we have to deal with these two important subjects,that is,what can we learn from the Western risk society theory and how to establish a scientific and efficient public security risk management system based on the characteristics of modern public security risk.

Security Risk Analysis Model for Identification and Resolution System of Industrial Internet

Identification and resolution system of the industrial Internet is the“neural hub”of the industrial Internet for coordination.Catastrophic damage to the whole industrial Internet industry ecology may be caused if the identification and resolution system is attacked.Moreover,it may become a threat to national security.Therefore,security plays an important role in identification and resolution system of the industrial Internet.In this paper,an innovative security risk analysis model is proposed for the first time,which can help control risks from the root at the initial stage of industrial Internet construction,provide guidance for related enterprises in the early design stage of identification and resolution system of the industrial Internet,and promote the healthy and sustainable development of the industrial identification and resolution system.

A Website Security Risk Assessment Method Based on the I-BAG Model

In order to protect the website and assess the security risk of website, a novel website security risk assessment method is proposed based on the improved Bayesian attack graph(I-BAG) model. First, the Improved Bayesian attack graph model is established, which takes attack benefits and threat factors into consideration. Compared with the existing attack graph models, it can better describe the website's security risk. Then, the improved Bayesian attack graph is constructed with optimized website attack graph, attack benefit nodes, threat factor nodes and the local conditional probability distribution of each node, which is calculated accordingly. Finally, website's attack probability and risk value are calculated on the level of nodes, hosts and the whole website separately. The experimental results demonstrate that the risk evaluating method based on I-BAG model proposed is a effective way for assessing the website security risk.

Fuzzy Risk Assessment Method for Airborne Network Security Based on AHP-TOPSIS

With the exponential increase in information security risks,ensuring the safety of aircraft heavily relies on the accurate performance of risk assessment.However,experts possess a limited understanding of fundamental security elements,such as assets,threats,and vulnerabilities,due to the confidentiality of airborne networks,resulting in cognitive uncertainty.Therefore,the Pythagorean fuzzy Analytic Hierarchy Process(AHP)Technique for Order Preference by Similarity to an Ideal Solution(TOPSIS)is proposed to address the expert cognitive uncertainty during information security risk assessment for airborne networks.First,Pythagorean fuzzy AHP is employed to construct an index system and quantify the pairwise comparison matrix for determining the index weights,which is used to solve the expert cognitive uncertainty in the process of evaluating the index system weight of airborne networks.Second,Pythagorean fuzzy the TOPSIS to an Ideal Solution is utilized to assess the risk prioritization of airborne networks using the Pythagorean fuzzy weighted distance measure,which is used to address the cognitive uncertainty in the evaluation process of various indicators in airborne network threat scenarios.Finally,a comparative analysis was conducted.The proposed method demonstrated the highest Kendall coordination coefficient of 0.952.This finding indicates superior consistency and confirms the efficacy of the method in addressing expert cognition during information security risk assessment for airborne networks.

How Does the Internet Impact the Public's Perception of Information Security Risk?

Clarifying the relationship between internet use and public information security risk perception helps us gain a better understanding of the factors influencing public risk perception.However,the relationship is still under-explored.This paper empirically examines the relationship between internet use and information security risk perception based on data from the 2021 Chinese Social Survey.It was found that whether to use the internet and the frequency of use are both significantly positively correlated with the perception of information security risk.On this basis,the mechanism by which internet use affects public information security risk perceptions is verified from the perspective of interpersonal trust.The mechanism analysis found that interpersonal trust exerts an indirect effect between internet use and perceived information security risk.The findings of this study provide new insights for our further understanding of how internet use affects residents'perceptions of securityrisk.

Stochastic Dynamic Economic Dispatch of Wind-integrated Electricity and Natural Gas Systems Considering Security Risk Constraints

As the proportion of wind power generation increases in power systems,it is necessary to develop new ways for wind power accommodation and improve the existing power dispatch model.The power-to-gas technology,which offers a new approach to accommodate surplus wind power,is an excellent way to solve the former.Hence,this paper proposes to involve power-to-gas technology in the integrated electricity and natural gas systems(IEGSs).To solve the latter,on one hand,a new indicator,the scale factor of wind power integration,is introduced into the wind power stochastic model to better describe the uncertainty of grid-connected wind power;on the other hand,for quantizing and minimizing the impact of the uncertainties of wind power and system loads on system security,security risk constraints are established for the IEGS by the conditional value-at-risk method.By considering these two aspects,an MILP formulation of a security-risk based stochastic dynamic economic dispatch model for an IEGS is established,and GUROBI obtained from GAMS is used for the solution.Case studies are conducted on an IEGS consisting of a modified IEEE 39-bus system and the Belgium 20-node natural gas system to examine the effectiveness of the proposed dispatch model.

Conceivable Security Risks and Authentication Techniques for Smart Devices: A Comparative Evaluation of Security Practices

With the rapidly escalating use of smart devices and fraudulent transaction of users＇ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques.

The Development Trend,Security Risk Prevention,and Top-Level System Design of Blockchain

It will be an important task to improve the ability to use and manage the blockchain and facilitate the development of China’s cyber and digital economy in a safe and benign way during the 14th Five-Year Plan period(2021–2025).The synchronous“shock reduction”of the top-level system is needed to escort the safe and benign development of blockchain as the driving force and potential energy of blockchain development is released at a high speed.As an important prerequisite for exploring the design ideas of the top-level system of blockchain,it is necessary to grasp the international and domestic development opportunity of blockchain and identify its internal and external security risks.During the 14th Five-Year Plan period,China should establish the legislative concept of the organic integration of legal governance and technological governance,establish an effective market competition mechanism driven by the coupling of incentives and regulations,and realize the management synergy between government plans and enterprise strategies.For the sake of promoting the safe and benign development of blockchain,it is the fundamental policy to accelerate blockchain technology development by developing key technologies,advancing the industrial innovation process and strengthening the construction of talent pool.Meanwhile,it is the safeguarding policy to strengthen the top-level system design of blockchain through advancing legislation timely,improving market mechanisms and optimizing governance system.

Security Model for Cloud Computing: Case Report of Organizational Vulnerability

Cloud computing services have quickly become a mainstay in business, leading to success as a business model and numerous advantages from the client’s point of view. Ease and amount of storage and computational services provisions were not previously accessible or affordable. However, parallel to this explosion has been significant security risk concerns. Thus, it is important to understand and define these security risks in a cybersecurity framework. This paper will take a case study approach to approach past security risks and propose a model that can be followed by organizations to eliminate the risk of Cloud-related cyberattacks. The main aims of this systematic literature review (SLR) are to (1) address security risks/vulnerabilities that can target cloud environments, (2) define tools that can be used by organizations to defend their cloud environment against those security risks/vulnerabilities, and (3) analyze case studies of significant cyberattacks and provide recommendations for organizations to mitigate such cyberattacks. This paper will propose a novel cloud cybersecurity model from a two-pronged offensive and defensive perspective for implementation by organizations to enhance their security infrastructure.

Risk assessment of agricultural green water security in Northeast China under climate change

Northeast China is an important base for grain production,dominated by rain-fed agriculture that relies on green water.However,in the context of global climate change,rising regional temperatures,changing precipitation patterns,and increasing drought frequency pose threats and challenges to agricultural green water security.This study provides a detailed assessment of the spatiotemporal characteristics and development trends of green water security risks in the Northeast region under the base period(2001-2020)and the future(2031-2090)climate change scenarios(SSP245 and SSP585)using the green water scarcity(GWS)index based on raster-scale crop spatial distribution data,Delta downscaling bias-corrected ERA5 data,and CMIP6 multimodal data.During the base period,the green water risk-free zone for dry crops is mainly distributed in the center and east of the Northeast region(72.4% of the total area),the low-risk zone is primarily located in the center(14.0%),and the medium-risk(8.3%)and high-risk(5.3%)zones are mostly in the west.Under SSP245 and SSP585 future climate change scenarios,the green water security risk shows an overall expansion from the west to the center and east,with the low-risk zone increasing to 21.6% and 23.8%,the medium-risk zone increasing to 16.0% and 17.9%,and the high-risk zone increasing to 6.9% and 6.8%,respectively.Considering dry crops with GWS greater than 0.1 as in need of irrigation,the irrigated area increases from 27.6%(base period)to 44.5%(SSP245)and 48.6%(SSP585),with corresponding increases in irrigation water requirement(IWR)of 4.64 and 5.92 billion m~3,respectively,which further exacerbates conflicts between supply and demand of agricultural water resources.In response to agricultural green water security risks,coping strategies such as evapotranspiration(ET)-based water resource management for dry crops and deficit irrigation are proposed.The results of this study can provide scientific basis and decision support for the development of Northeast irrigated agriculture and the construction planning of the national water network.

Towards an integrated risk analysis security framework according to a systematic analysis of existing proposals

The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets.The availability of these systems is now vital for the protection and evolution of companies.However,several factors have led to an increasing need for more accurate risk analysis approaches.These are:the speed at which technologies evolve,their global impact and the growing requirement for companies to collaborate.Risk analysis processes must consequently adapt to these new circumstances and new technological paradigms.The objective of this paper is,therefore,to present the results of an exhaustive analysis of the techniques and methods offered by the scientific community with the aim of identifying their main weaknesses and providing a new risk assessment and management process.This analysis was carried out using the systematic review protocol and found that these proposals do not fully meet these new needs.The paper also presents a summary of MARISMA,the risk analysis and management framework designed by our research group.The basis of our framework is the main existing risk standards and proposals,and it seeks to address the weaknesses found in these proposals.MARISMA is in a process of continuous improvement,as is being applied by customers in several European and American countries.It consists of a risk data management module,a methodology for its systematic application and a tool that automates the process.

Impact of Human Vulnerabilities on Cybersecurity

Today,security is a major challenge linked with computer network companies that cannot defend against cyber-attacks.Numerous vulnerable factors increase security risks and cyber-attacks,including viruses,the internet,communications,and hackers.Internets of Things(IoT)devices are more effective,and the number of devices connected to the internet is constantly increasing,and governments and businesses are also using these technologies to perform business activities effectively.However,the increasing uses of technologies also increase risks,such as password attacks,social engineering,and phishing attacks.Humans play a major role in the field of cybersecurity.It is observed that more than 39%of security risks are related to the human factor,and 95%of successful cyber-attacks are caused by human error,with most of them being insider threats.The major human factor issue in cybersecurity is a lack of user awareness of cyber threats.This study focuses on the human factor by surveying the vulnerabilities and reducing the risk by focusing on human nature and reacting to different situations.This study highlighted that most of the participants are not experienced with cybersecurity threats and how to protect their personal information.Moreover,the lack of awareness of the top three vulnerabilities related to the human factor in cybersecurity,such as phishing attacks,passwords,attacks,and social engineering,are major problems that need to be addressed and reduced through proper awareness and training.

Flaws in the Field of Digital Security in the Workplace: Case of Companies in Burkina Faso

Digital in the daily life of companies undeniably leads them to use services and applications of all kinds. Companies in their permanent quest for the exchange of information devote themselves to the use of the Internet which nowadays constitutes an open door for the birth of several types of faults, some of which are unknown to certain digital professionals in the field. Corporate. The purpose of this research is to show the probable existence of digital security flaws in the daily activities carried out by companies in Burkina Faso. In companies in Burkina Faso, we seem to see a way of working that does not respect the standards and safety standards prescribed by ISO 27001. We seem to see a way of working based on the result of the gain and not on the securities measures and integrity of critical data, data confidentiality, management and prevention of possible security risks related to their activities. We seem to be witnessing in companies the immanent presence of faults which could be the work of the users of the system, of the infrastructure used which is outdated or badly configured, of software anomalies linked to programming errors, and to poor implementation of the security policy within the companies. This research is important because it exposes the handicaps that companies have in terms of digital security. The expected result is to bring out existing flaws that are not taken seriously by IT staff and propose possible solutions to overcome these security risks.

Optimization of Secure Coding Practices in SDLC as Part of Cybersecurity Framework

Cybersecurity is a global goal that is central to national security planning in many countries.One of the most active research fields is design of practices for the development of so-called highly secure software as a kind of protection and reduction of the risks from cyber threats.The use of a secure software product in a real environment enables the reduction of the vulnerability of the system as a whole.It would be logical to find the most optimal solution for the integration of secure coding in the classic SDLC(software development life cycle).This paper aims to suggest practices and tips that should be followed for secure coding,in order to avoid cost and time overruns because of untimely identification of security issues.It presents the implementation of secure coding practices in software development,and showcases several real-world scenarios from different phases of the SDLC,as well as mitigation strategies.The paper covers techniques for SQL injection mitigation,authentication management for staging environments,and access control verification using JSON Web Tokens.