The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
People are suffering from a range of risks in the ubiquitous networks of current world, such as rumours spreading in social networks, computer viruses propagating throughout the Internet and unexpected failures happened in Smart grids. We usually monitor only a few users of detecting various risks due to the resource constraints and privacy protection. This leads to a critical problem to detect compromised...
Cloud computing has the benefit of offering scalability and efficiency, as well as cost-effectiveness. However, the existence of security breaches exacerbates the reluctance of potential users to host their sensitive data and services on the cloud. Indeed, the intrinsic characteristics of cloud infrastructures prevent the use of traditional security policy engineering frameworks. The dynamic context...
The Internet of Things (IoT) is being deployed for a plethora of use-case scenarios. In any deployment, a number of configuration choices are available that achieve the mission goal. However, IoT security incidents have demonstrated that different configurations are vulnerable to varied risk levels. We propose the IoTRiskAnalyzer framework to formally and quantitatively analyze these risks using probabilistic...
Safety and security has been an increasing concern in container shipping over the past few decades. Risks are generally categorized by three major risk categories, namely, risks associated with information flow, risks associated with physical flow, and risks associated with payment flow. In this paper we use Le Havre port as a case study aiming to provide some insight into the management of safety...
Cloud Adoption Risk Assessment Model is designed for cloud customers to assess the risks that they face by selecting a specific cloud service provider. It is an expert system to evaluate various background information obtained from cloud customers, cloud service providers and other public external sources, and to analyze various risk scenarios. This would facilitate cloud customers in making informed...
This survey paper provides an overview of the state of the art models applied to different domains, from software security to networks and communication, and establishes the link between quantitative risk management and adaptive security models. The present paper provides a detailed and comparative state of the art of the quantitative approaches to ICT risk management, as well as the mathematical...
In the electronic commerce area, the network intrusion happens frequently, and the risk assessment model of network intrusion for the electronic commerce is researched. Currently, the complexity of electronic commerce network intrusion is increasing day by day, and all kinds of potential relevance factors are becoming more and more complicated. The traditional methods access the security of network...
This paper addresses the potential of mathematical modelling in support of the classical security risk assessment and treatment approach. Classical security risk assessment and control selection is strongly based on expert judgment. Within the context of large scale system implementation in air traffic management, there is only a limited availability of resources during the system engineering phase...
Earlier work describes computational models of critical infrastructure that allow an analyst to estimate the security of a system in terms of the impact of loss per stakeholder resulting from security breakdowns. Here, we consider how to identify, monitor and estimate risk impact and probability for different smart grid stakeholders. Our constructive method leverages currently available standards...
This article introduces a taxonomy of security risk assessment approaches. The taxonomy is based on the challenges in the information system security (IS-Security) risk assessment discipline. Traditionally, classification schemes for IS-Security risk assessment approaches are motivated by business needs. They aim at offering management an effective tool for selecting methods that meet their needs...
Voice over IP services have undergone a large-scale deployment thanks to the development of high-speed broadband access and the standardization of dedicated signaling protocols. They offer new opportunities, in particular in the context of peer-to-peer networks. However they are exposed to multiple security attacks due to a lower confinement in comparison to traditional networks. Protection mechanisms...
This paper analyses the effect of the environmental metrics on the CVSS v2, and it shows that the environmental metrics impact the CVSS base score values in more ways than can be gleaned from the CVSS calculator provided by the NVD. This paper also unveils unexpected anomalies of "negative" calculated results of the Overall CVSS score when the base score is subjected to the environmental...
We present a model for keeping track of vulnerabilities in a networked computing system and study the tradeoff between risk mitigation and keeping disruption at an acceptable level. The tradeoff is such that one can either choose to perform maintenance of the computing system very frequently and experience low risk, or disrupt the system with less frequency, but bear more risk. Formally, we suppose...
China's Growth Enterprise Market has just started, because of the characteristics of the market itself, its risk is much higher than the ordinary securities investment markets. The risk of China's Growth Enterprise Market is can be reflected in many aspects, one of which from the investors is mainly caused by the excess of retail investors. To change this situation, this article, based on the principle...
Recently, risk assessment has been considered as an essential technique in evaluating the security of network information systems. Many proposals have been made in this area in order to provide new approaches to allow administrators and engineers to analyze the impact of any attack that could target their systems. Nevertheless, there is a lack of quantitative techniques and methods which take into...
Subject matter expert assessments can include both assignment and linguistic uncertainty. This paper examines assessments containing linguistic uncertainty associated with a qualitative description of a specific state of interest and the assignment uncertainty associated with assigning the state to a particular qualitative value. A Bayesian approach is examined to simultaneously quantify both assignment...
We present a computationally efficient simulation procedure for point estimation of expected shortfall. The procedure applies tools for ranking and selection to allocate more computational resources to estimation of the largest losses, which are those that affect expected shortfall. Given a fixed computational budget, our procedure estimates expected shortfall with a much lower mean squared error...
With the rapid development of information technology revolution, technological innovation has brought increasing benefit to financial enterprises in China. However, the strategic priority and intense competition of technological innovation in China's financial business, as well as the uncertainty and dynamic of their development process, determine the high risk of technological innovation in China'...
A new index system of commercial bank liquidity stress testing is set up after cluster analysis of R type. And then the index weight is determined by entropy method. Commercial bank liquidity risk is rated. Taking 14 listed banks for example, rating liquidity risk. The innovative feature of this paper: Firstly, observable indices replace unobservable ones, it is feasible for banks to ensure liquidity...
Telephony over IP is exposed to multiple security threats. Conventional protection mechanisms do not fit into the highly dynamic, open and large-scale settings of VoIP infrastructures, and may significantly impact on the performance of such a critical service. We propose in this paper a runtime risk management strategy based on anomaly detection techniques for continuously adapting the VoIP service...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.