Information Security Risk Research Articles

Research on Information Security of Communication Network between Electric Vehicle and Charge Point

In view of the information security issues in the communication network between electric vehicles and charging piles, this study analyzes the information security risks existing in the communication network between electric vehicles and charging piles, expounds the charging process between electric vehicles and charging piles, and assesses the risks existing in the charging piles.

FRAMB: A man-machine cooperation risk assessment method for intelligent network information systems

The intelligent network information systems, such as smart grid systems, face many security problems in the aspects of sensing, communication and computing. Information security risk assessment is an important way to assess the threats faced by information systems before risk events occur and ensure the security of assets. However, a comprehensive risk assessment of the system is a very resource-consuming process. Many existing risk assessment methods rely on a large number of experts and computing resources. Their assessment results are vulnerable to the differences in experts’ subjective judgments. Therefore, we propose FRAMB, a novel man-machine collaborative risk assessment method based on fitting upper and lower bounds. Firstly, we present a risk assessment criterion including four categories and sixteen risk factors following the ISO/IEC 27005:2018 standard. On this basis, we present the DFAHP and CM-NN assessment models to obtain the upper and lower bounds of the risk assessment value, which provides a reference for expert assessment. FRAMB integrates the experts’ assessment value and the values of upper and lower bounds, and adjusts the weights of these values to give the final risk assessment value. We introduce the risk assessment process of FRAMB in detail through a case study of the smart grid system risk assessment. We evaluate the effectiveness and accuracy of FRAMB through experiments. The experimental results show that FRAMB can effectively and accurately assess the security risks of the intelligent network information systems.

ВЫЯВЛЕНИЕ ПРОБЛЕМ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ МЕТОДОМ СИСТЕМАТИЧЕСКОГО ОБЗОРА ЛИТЕРАТУРЫ

The field of information security covers a wide range of technical, organizational and social aspects, requiring information security specialists to take a unique and comprehensive approach to the development, support, operation, evaluation and improvement of information security management systems. An important element of successful information protection is the accurate identification and assessment of risks and vulnerabilities that may become a source of threats. In existing publications, as a rule, it is assumed that specialists have the necessary experience and knowledge to conduct risk analysis. However, in the dynamic world of information technology and threats, an information security specialist faces a huge amount of information and potential risks that are constantly evolving. Because of this, it is an impossible task to keep in mind all kinds of threats to information security. 
 The purpose is to identify actual problems of information security, potentially acting as sources of information security risk, based on the method of systematic review of the literature. Results: 73 actual problems of information security have been identified, which an information security specialist should take into account in his activities. Understanding these issues makes it possible to develop more effective protection strategies, as well as to make informed and informed decisions when developing and applying security measures.

The intention of continual use of dockless bike sharing connecting with metro: A perspective based on loyal users

The aim of this study is to explore the factors influencing the intention to continually use dockless bike sharing connecting with metro in the context of various new convenient modes of transportation. Firstly, based on the questionnaires collected in Nanjing, China, basic attributes and travel characteristics of users who use dockless bike sharing to connect with the metro are compared and analyzed. Secondly, an ordered logit model is established to investigate the influencing factors of the continuous usage intention of the dockless bike sharing connecting with metro. The model results indicate that: (1) the increase in the monthly income and the education level has a restraining effect on the intention to continue using dockless bike sharing connecting with the metro, although this trend of reduced usage intention is less pronounced among users with higher education levels. (2) Travel duration and travel time also negatively affect the intention to continue using this mode. Interestingly, during peak hours on weekdays, users exhibit a higher willingness to use dockless bike sharing connecting with the metro. (3) Factors such as saving time, solving taxi availability issues, improving accessibility in remote areas, and users' environmental consciousness encourage the continued use of this travel mode. In contrast, high accessibility, network congestion, difficulties in finding parking lots, personal information security risks, high costs, imbalances in supply and demand during peak periods, traffic congestion, and bad weather discourage users to continuously use this mode. Finally, based on these findings, several policies and suggestions to promote the continuous use of dockless bike sharing connecting with the metro are proposed.

How Does the Internet Impact the Public’s Perception of Information Security Risk?

Clarifying the relationship between internet use and public information security risk perception helps us gain a better understanding of the factors influencing public risk perception. However, the relationship is still under-explored. This paper empirically examines the relationship between internet use and information security risk perception based on data from the 2021 Chinese Social Survey. It was found that whether to use the internet and the frequency of use are both significantly positively correlated with the perception of information security risk. On this basis, the mechanism by which internet use affects public information security risk perceptions is verified from the perspective of interpersonal trust. The mechanism analysis found that interpersonal trust exerts an indirect effect between internet use and perceived information security risk. The findings of this study provide new insights for our further understanding of how internet use affects residents’ perceptions of security risk.

A Study on Contributing Factors of IT Outsourcing Satisfaction Financial Service Industry in Hong Kong

This paper aims to identify the critical success factors in Hong Kong Financial Service Industry IT outsourcing satisfaction and propose possible satisfaction rate boosts. A hybrid methodology (qualitative and quantitative) was adopted to analyze the variables and their relationship thoroughly. The six members focus group was formed to discuss IT outsourcing, and the survey was conducted to collect 447 valid responses for data analysis. The six critical success factors were Perceived Information Security Risk, Quality of Service Provider, Contract Management, Internal Contract Experience, Communication and Regulatory Policy, identified to support satisfaction of Hong Kong FSI IT outsourcing after conducting the analysis. Three recommendations are proposed to improve IT outsourcing satisfaction based on the findings of critical success factors: (1) A Build-up of Vendor Evaluation Framework, (2) Enhancement for Knowledge Management, and (3) Enhance Performance Monitoring. The snowball sampling method might have introduced biased information. In future research, a more extensive research scale would be required to understand the whole population, which would be more appropriate for the industry to understand the need and construct any policy. This paper is a holistic approach to identifying factors that affect Hong Kong FSI IT outsourcing satisfaction. In addition, practical recommendations were proposed to improve those factors, thereby increasing the satisfaction rate of IT outsourcing.

Research on Archival Data Management in Local Universities under the Context of Educational Informatization 2.0

This study aims to explore the theoretical and practical issues of archival data management in local universities under the context of Educational Informatization 2.0. Initially, the concept of Educational Informatization 2.0 and its impact on higher education are defined. Subsequently, the challenges and opportunities faced by local universities in archival data management are analyzed. Through literature review and theoretical analysis, the study identifies issues such as inadequate digitalization, information security risks, and non-standardized management processes in current local university archival data management, and proposes corresponding optimization strategies. The research methods include theoretical framework construction, literature analysis, comparative research, and logical reasoning. The research process follows a scientific design, ensuring systematicity and depth. The conclusion suggests that local universities should enhance digital transformation in archival data management, improve information security protection, optimize management processes, and introduce intelligent technologies to increase efficiency and quality in archival data management. This research provides theoretical support and practical guidance for archival data management in local universities under the context of Educational Informatization 2.0, contributing to the modernization of university archival management.

Investigating information security risk management in Yemeni banks: An CILOS-TOPSIS approach

In today's digital age, the banking sector faces increasing challenges in ensuring operational resilience, protecting customer assets, and maintaining a competitive edge. Prioritizing information security risk management (ISRM) practices is crucial to effectively address these challenges. This paper aims to demonstrate the effectiveness of the multi-criteria decision-making (MCDM) method in evaluating and improving ISRM practices in Yemeni banks. The study employs an integrated CILOS-TOPSIS model, considering two criteria and five sub-criteria, with criteria weights determined using the CILOS method. The results highlight the significance of specific criteria in ISRM, with the existence of a comprehensive business continuity and disaster recovery plan (C2.1) standing out as a top priority (weight: 0.266). Additionally, the frequency of data backups and the presence of an active backup policy (C2.2) and the adequacy of physical security measures (C1.1) are identified as crucial factors (weights: 0.228 and 0.203, respectively). Furthermore, the TOPSIS method is employed to rank 13 banks based on these criteria, revealing the top-performing banks as B10, B4, B13, B1, and B12. Conversely, the 7th, 5th, and 6th ranked banks require attention for improvement. The paper provides comprehensive details on criteria weighting, bank ranking, and recommendations for enhancements. The findings presented in this paper offer valuable insights to decision-makers in the banking sector, enabling them to effectively guide their efforts and allocate resources to areas, controls, and banks that require greater attention.

SECURITY AND PROTECTION OF EDUCATIONAL LMC SYSTEMS

Information technologies play a significant role in the educational process and ensuring quality learning outcomes in the context of distance education. A modern trend is the development of interactive systems, which include elements of audio and video materials, graphics, presentations, internet links, materials from various sources, and in different formats. The addition of interactive content to educational systems increases the risks of information security in modern LMC systems. Emphasis is placed on the need to ensure the protection of software in systems, educational content hosted within them, learning outcomes, and participants' personal data. When building protection, attention should be paid to potential threats such as unauthorized access, flawed software, poor plugin updates, material copying, fraud, and cyber-attacks. Vulnerabilities of the most widespread modern LMC systems are analyzed. Attention is given to the possibilities of using cloud technologies to host system modules, educational materials, or learning outcomes on cloud services. Cloud application guarantees constant access to the learning system, reliable storage of materials, additional protection of confidential and personal information. Therefore, to ensure effective and safe learning considering modern interactive approaches to presenting educational materials, it is important to develop systems and implement technologies that provide constant access to educational content, reliable data protection (including personal data), information integrity, and compliance with confidentiality principles.

Оценка рисков информационной безопасности в отраслевой информационной системе на основе теории нечетких множеств и искусственной нейронной сети

Information security risk assessment is a crucial component of industrial management techniques that aids in identifying, quantifying, and evaluating risks in comparison to criteria for risk acceptance and organizationally pertinent objectives. Due to its capacity to combine several parameters to determine an overall risk, the traditional fuzzy-rule-based risk assessment technique has been used in numerous industries. The technique has a drawback because it is used in situations where there are several parameters that need to be evaluated, and each parameter is expressed by a different set of linguistic phrases. In this paper, fuzzy set theory and an artificial neural network (ANN) risk prediction model that can solve the issue at hand are provided. Also developed is an algorithm that may change the risk-related factors and the overall risk level from a fuzzy property to a crisp-valued attribute is developed. The system was trained by using twelve samples representing 70%, 15%, and 15% of the dataset for training, testing, and validation, respectively. In addition, a stepwise regression model has also been designed, and its results are compared with the results of ANN. In terms of overall efficiency, the ANN model (R2= 0.99981, RMSE=0.00288, and MSE=0.00001,) performed better, though both models are satisfactory enough. It is concluded that a risk-predicting ANN model can produce accurate results as long as the training data accounts for all conceivable conditions.

Некоторые вопросы управления рисками реализации угроз безопасности информации

The article proposes an approach to assessing the risks of information security of automated technological process control systems, state information systems, municipal information systems, personal data information systems and critical information infrastructure facilities based on the requirements of the legislation of the Russian Federation in the field of protection of these types of information systems, the draft of State Standard R ISO/IEC 27005, planned to be adopted in the near future, and standards for risk assessment within the framework of processes in the life cycle State Standards 59329-59357 published in 2021. These standards are based on State Standard R 57193-2016, which describes the life cycle processes of human-made systems. The problem of processing residual risk in relation to unacceptable risks was considered, after the analysis of which another principle of safety management was proposed. A methodology for assessing confidence in the risk management system was obtained, with the help of which it is necessary to build a risk management system at the objects of critical information infrastructure.

The advantage of artificial intelligence application in financial risk assessment and management

The increasing perfection of artificial intelligence technology has brought subversive changes to the field of financial risk management. The application of artificial models such as neural networks, support vector machines, and mixed intelligence in financial risk management can improve the speed of data processing, provide deep insight into data analysis, reduce human labour costs, and hence improve the efficiency of financial risk control. Meanwhile, the increasing amount of data and the application of AI also bring new challenges to financial risk management, such as the risk of program error and information security. This paper introduces in detail the application status of three models, including Support Vector Machine, Support Vector Machine, and Large Language Model in risk management Based on this, this paper analyses the advantages of AI applications in promoting and reforming the financial industry. The goal is to provide an in-depth examination of present implementations and their respective benefits, as well as to investigate potential future advances in this sector.

ЭФФЕКТИВНОСТЬ АВТОМАТИЗИРОВАННОГО УПРАВЛЕНИЯ ТРАНСПОРТНЫМИ СРЕДСТВАМИ В ТРАМВАЙНЫХ СИСТЕМАХ

The intellectualization of water transport is accompanied by an expansion of the landscape of threats to transport security, caused by the characteristics and weaknesses of the technologies being introduced, which are the convergence of information and telecommunication technologies, automated and automatic control technologies and artificial intelligence. The peculiarity of these technologies is working with large volumes of information. Violation of the security of information processed in intelligent systems of water transport (illegal access, modification, deletion and similar unauthorized influence) causes a violation of transport security and, as a consequence, the security of critical information infrastructure and the country’s critical infrastructure, national security. Convergent technologies used in intelligent transport systems are characterized by multiple and poorly formalized manifestations of the consequences of threats. The article presents a model for assessing the risks of information security of intelligent water transport systems, based on the methods of the theory of fuzzy sets and fuzzy logic, the use of which makes it possible to take into account the above-mentioned features of the technologies being implemented. The hierarchical structure of the model and the use of fuzzy set theory and fuzzy logic methods make it possible to adapt the model to various risk criteria, types of input data and the level of detail of risk analysis. For the presented model, a methodology for assessing information security risks has been developed and an example of risk calculation is given. The developed model and methodology are intended to build an information security risk management system for autonomous shipping, implementing technologies of hybrid (augmented, extended) intelligence, providing for the use of artificial intelligence controlled by people.

НЕЧЕТКАЯ СИСТЕМА ОЦЕНКИ РИСКОВ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ ИНТЕЛЛЕКТУАЛЬНЫХ СИСТЕМ ВОДНОГО ТРАНСПОРТА

The intellectualization of water transport is accompanied by an expansion of the landscape of threats to transport security, caused by the characteristics and weaknesses of the technologies being introduced, which are the convergence of information and telecommunication technologies, automated and automatic control technologies and artificial intelligence. The peculiarity of these technologies is working with large volumes of information. Violation of the security of information processed in intelligent systems of water transport (illegal access, modification, deletion and similar unauthorized influence) causes a violation of transport security and, as a consequence, the security of critical information infrastructure and the country’s critical infrastructure, national security. Convergent technologies used in intelligent transport systems are characterized by multiple and poorly formalized manifestations of the consequences of threats. The article presents a model for assessing the risks of information security of intelligent water transport systems, based on the methods of the theory of fuzzy sets and fuzzy logic, the use of which makes it possible to take into account the above-mentioned features of the technologies being implemented. The hierarchical structure of the model and the use of fuzzy set theory and fuzzy logic methods make it possible to adapt the model to various risk criteria, types of input data and the level of detail of risk analysis. For the presented model, a methodology for assessing information security risks has been developed and an example of risk calculation is given. The developed model and methodology are intended to build an information security risk management system for autonomous shipping, implementing technologies of hybrid (augmented, extended) intelligence, providing for the use of artificial intelligence controlled by people.

Information Security Risk Measurement Using Information Security Index (KAMI) at Information Technology And Database Center (PTIPD)

UIN Sunan Gunung Djati Bandung, as a rapidly growing higher education institution, faces great challenges in ensuring information security. This research aims to improve information security at UIN Sunan Gunung Djati Bandung by applying the Information Security Index (KAMI). This method is used to analyze information security risks with the aim of identifying potential threats, vulnerabilities, and possible impacts. The results of the analysis revealed that there are security measures already in place, but also highlighted areas that require further attention. By achieving a final score of 415, signifying category II (Basic Framework Fulfillment), this research made a significant contribution to the understanding of information security in higher education. Through the application of WE, this research not only provides a comprehensive overview of the status of information security at UIN Sunan Gunung Djati Bandung, but also opens up opportunities to identify and address potential threats more effectively. Thus, the results of this study have important implications in improving information security and protection in higher education institutions, and can be a valuable guide for similar institutions in their efforts to mitigate information security risks.

Internet Financial Information Security Risk and Prevention in the Age of Artificial Intelligence

With the progress and development of science and technology, artificial intelligence technology and its convenient, fast, and efficient performance characteristics have been widely applied in various fields, which has brought great changes to the financial industry and unprecedented breakthroughs and development. Although artificial intelligence brings huge development opportunities for the Internet financial industry, it also brings some potential risks and challenges, causing Internet financial information to face severe security risks. How to use artificial intelligence technology to effectively prevent and control financial information security risks is a major problem facing the financial industry. This paper analyzes the security risks of Internet financial information in the era of artificial intelligence and puts forward relevant preventive measures to effectively deal with various security risks, ensure the information security management of financial cloud platforms, and promote the healthy and stable development of the financial industry.

Development of a mechanism for information security risk management of transport service provision systems

The object of the study is the process of analysis, assessment, and management of information security risks in transport service provision systems. The problem of applying the information security risk management approach in the activities of transport business entities was investigated. As a result of the application of effective forms, methods, and means of information security risk management based on international standards, a risk management mechanism was developed. The risk assessment process of transport systems has been systematized. This allows business entities in the transport sector to determine ways to prevent and counter information threats and challenges in their activities, both when designing and operating systems for providing transport services. Verification of the devised methodical approach to information security risk management was carried out on an example of the taxi company «Taxifay N». Threats and challenges of the company’s information system were evaluated by an expert method. Based on the results of the analysis of expert risk assessment, it was found that the concordance coefficient (0.86) confirms the high level of agreement of experts’ opinions. As a result, the company’s information security risk management program was developed. The effectiveness of the program was assessed by the efficiency ratio, which was 0.64. This testifies to the effectiveness of the implemented program of measures to manage information security risks. The scope of application may be the activity of business entities that provide transport services to the population, aimed at data storage and processing. The prospect of this study is to expand the list of threats and categories of vulnerabilities depending on the characteristics of the economic activity of various enterprises

Exploration of Legal Issues in the Judicial Practice of Smart Contracts

The process of smart contracts, from conceptualization to actual landing applications, is accompanied by the continuous development of blockchain technology. China attaches great importance to the application of blockchain technology represented by smart contracts in judicial practice, with the background of the construction of smart courts, relying on the construction of judicial blockchain, according to the unique automated execution characteristics of smart contracts, the mediation and execution of civil disputes filed as an entry point, to explore the high-quality development of the judicial trial and execution business. In the current judicial practice, smart contracts face a lack of legal norms, technical construction loopholes, and information security risks. To guarantee the reasonable and compliant stable operation of smart contracts within the legal framework, it is necessary to clarify the legal positioning of smart contracts, strengthen the construction of the rule system for the judicial application of smart contracts, introduce the ODR to broaden the rights' relief channels, and at the same time, encourage the participation of diversified subjects in the construction of the judicial blockchain, and establish the legalized review mechanism of smart contracts.

Modeling the Process of Evaluation of Information Security Risks and its Methodology by the Application of Computer Systems

The main aim of the article is to study modeling the process of evaluation of information security risks by the application of computer systems. Thus, information security risk assessment and analysis of existing methods of information security risk assessment had been also studied in the article. The term "risk of information security" (IS) applies to the damage that can attack the information technology systems. IS risk is a wide range of potential threats, especially includes data violations, control measures, financial costs, reputation damage, etc. cover issues such as. IS risks include the failure of hardware and software, human errors, spams, viruses and harmful attacks, as well as natural disasters such as fires, cyclones or floods. Security risk assessment determines, assesses and implements key security controls in applications. It also focuses on prevention of software security defects and vulnerabilities. Information security risk is the potential probability of using vulnerabilities of an asset or group of assets as a specific threat to damage the organization.

Operational Risk Management in Banks: A Bibliometric Analysis and Opportunities for Future Research

The last few years have witnessed tremendous challenges in the management of operational risks faced by banks and the emergence of newer risks. The working models for bank staff are now different; additionally, there has been a massive increase in the digitization level. All these aspects make operational risk management in banks an attractive field of study. There is a need to perform systematic bibliometric analysis in this research area, providing the various trends and highlighting areas for further research analysis. This research paper has examined the various aspects of operational risk management in Banks by performing a thorough bibliometric analysis of 676 articles extracted from two data databases, i.e., Scopus and Web of Science, from 2010 until March 2023. These were analyzed using the tools Biblioshiny and VOSviewer. Various bibliometric techniques like analysis of trends, citations, contributing authors, keywords, and bibliographic coupling have been performed. This research paper has significant theoretical and practical implications which can assist future researchers. Operational risks are ever-dynamic, and five themes, i.e., climate risk, information security risks, geopolitical risks, third-party risks and compliance risks, have been identified in this research paper as key focus areas for conducting research in the future. The findings of this study and suggestions for future research will be useful to academicians, policymakers, and operational risk management professionals for identifying potential areas of collaboration in the future to strengthen the operational risk management framework.