Security Risk Assessment Model Research Articles

Modeling Cybersecurity Risk: The Integration of Decision Theory and Pivot Pairwise Relative Criteria Importance Assessment with Scale for Cybersecurity Threat Evaluation

This paper presents a comprehensive model for cyber security risk assessment using the PIPRECIA-S method within decision theory, which enables organizations to systematically identify, assess and prioritize key cyber threats. The study focuses on the evaluation of malware, ransomware, phishing and DDoS attacks, using criteria such as severity of impact, financial losses, ease of detection and prevention, impact on reputation and system recovery. This approach facilitates decision making, as it enables the flexible adaptation of the risk assessment to the specific needs of an organization. The PIPRECIA-S model has proven to be useful for identifying the most critical threats, with a special emphasis on ransomware and DDoS attacks, which represent the most significant risks to businesses. This model provides a framework for making informed and strategic decisions to reduce risk and strengthen cyber security, which are critical in a digital environment where threats become more and more sophisticated.

A Review of IoMT Security and Privacy related Frameworks

The Internet of Medical Things (IoMT) integrates smart connectivity with healthcare, improving services but imposing cybersecurity and privacy concerns. Frameworks (such as EMRI, SaYo-Pillow, HL7, FHIR, HIMSS) and regulations (such as EU MDR) are in existence but need regular reviewing for enhancement. A crucial requirement to ensure assuring the security and privacy of the IoMT ecosystem is acceptable, standardized frameworks with effective mechanisms, regulations, and policies. The paper reviews recent IoMT frameworks, architectures, standards, and regulations, analysing deployed and proposed systems with the aim of identifying research areas to improve the realm of IoMT security and privacy. The paper assesses security and data privacy in healthcare through case studies by comparing attributes and discussing benefits and limitations. The analysis extends to geographic scopes that adopt these frameworks. Furthermore, it explores emerging technologies (such as using blockchain) in securing IoMT within specific frameworks. IoMT ecosystems faces significant security and privacy challenges due to inherent complexities, leading to evolving cyber threats. The vulnerabilities expose medical devices and patient data, risking patient safety and scrutinizing reputations of healthcare institutions. Despite promising technologies, the lack of tailored security measures, guidelines, and policies, coupled with adoption barriers, contributes to these concerns. There is a crucial need to develop specific research, standards, and policies for ensuring cybersecurity and data privacy in the IoMT. Collaboration among healthcare, government, and technology stakeholders is essential to establish effective regulations and best practices. The vulnerability of the healthcare sector, attributed to legacy devices and disjointed data systems, emphasizes the necessity for robust security risk assessment models to address challenges imposed within the rapidly evolving IoMT.

Algorithm for community security risk assessment and influencing factors analysis by back propagation neural network

This paper aims to accurately assess and effectively manage various security risks in the community and overcome the challenges faced by traditional models in handling large amounts of features and high-dimensional data. Hence, this paper utilizes the back propagation neural network (BPNN) to optimize the security risk assessment model. A key challenge of researching community security risk assessment lies in accurately identifying and predicting a range of potential security threats. These threats may encompass natural disasters, public health crises, accidents, and social security issues. The intricate interplay of these risk factors, combined with the dynamic nature of community environments, presents difficulties for traditional risk assessment methodologies to address effectively. Initially, this paper delves into the factors influencing safety incidents within communities and establishes a comprehensive system of safety risk assessment indicators. Leveraging the adaptable and generalizable nature of the BPNN model, the paper proceeds to optimize the BPNN model, enhancing the security risk assessment model through this optimization. Subsequent comparison experiments with traditional models validate the rationality and effectiveness of the proposed model, with hidden layer nodes set at various levels like 10, 15, 20, 25, 30, and 35. These traditional models include Convolutional Neural Network (CNN), Long Short-Term Memory Network (LSTM), Bidirectional Encoder Representations from Transformers (BERT), Generative Pre-trained Transformer (GPT), and eXtreme Gradient Boosting (XGBOOST). Experimental findings demonstrate that with 20 hidden layer nodes, the optimized model achieves a remarkable final recognition accuracy of 99.1 %. Moreover, the optimized model exhibits significantly lower final function loss compared to models with different node numbers. Increasing the number of hidden layer nodes may diminish the optimized model's fit and accuracy. Comparison with traditional models reveals that the average accuracy of the optimized model in community risk identification reaches 98.5 %, with a maximum accuracy of 99.6 %. This marks an improvement of 9%–11 % in recognition accuracy across various risk factors compared to traditional models. Regarding system response time and resource utilization, the optimized model exhibits a response time ranging from 100 ms to 120 ms and consistently lower resource utilization rates across all scenarios, underscoring its efficiency in community security risk assessment. In conclusion, this experiment sheds light on the underlying mechanisms and patterns of community safety risk formation, offering novel perspectives and methodologies for researching community safety risk assessment. The paper concludes by presenting recommendations and strategies for addressing community safety risks based on experimental analysis.

Construction of power network security risk assessment model based on LSA-SVM algorithm in the background of smart grid

Due to theintricate and interdependent nature of the smart grid, it has encountered an increasing number of security threats in recent years. Currently, conventional security measures such as firewalls, intrusion detection, and malicious detection technologies offer specific protection based on their unique perspectives. However, as the types and concealment of attacksincrease, these measures struggle to detect them promptly and respond accordingly. In order to meet the social demand for the accuracy and computation speed of the power network security risk evaluation model, the study develops a fusion power network security risk evaluation algorithm by fusing the flash search algorithm with the support vector machine. This algorithm is then used as the foundation for building an improved power network security risk evaluation model based on the fusion algorithm.The study's improved algorithm's accuracy is 96.2%, which is higher than the accuracy of the other comparative algorithms; its error rate is 3.8%, which is lower than the error rate of the other comparative algorithms; and its loss function curve convergence is quicker than that of the other algorithms.The risk evaluation model's accuracy is 97.8%, which is higher than the accuracy of other comparative models; the error rate is 1.9%, which is lower than the error rate of other comparative models; the computing time of the improved power network security risk evaluation model is 4.4 s, which is lower than the computing time of other comparative models; and its expert score is high. These findings are supported by empirical analysis of the improved power network security risk evaluation model proposed in the study. According to the study's findings, the fusion algorithm and the upgraded power network security risk evaluation model outperform other approaches in terms of accuracy and processing speed. This allows the study's maintenance staff to better meet the needs of the community by assisting them in identifying potential security hazards early on and taking the necessary preventative and remedial action to ensure the power system's continued safe operation.

Assessing supply security risk of renewable‐dominated power system via entropy‐based analytic hierarchy method

AbstractAmid escalating geopolitical conflicts and extreme weather, the transformation to a renewable‐dominated power system faces increasing supply security risks. The current literature lacks comprehensive multidimensional assessment index systems to quantify these risks. This paper first identifies the key factors influencing supply security in renewable‐dominated power system. Subsequently, it constructs a supply security risk assessment model based on a comprehensive evaluation method combining the analytic hierarchy process method and the entropy weight method. The effectiveness of the approach is then evaluated through simulations of supply security risks across 11 provinces, including Inner Mongolia and Sichuan. Finally, the analysis of supply security risks in the Sichuan power system is conducted at different stages, focusing on changes in supply security risk levels and risk transmission mechanisms during Sichuan power crunch events in 2022. The results show that during Sichuan's 2022 high‐temperature power rationing event, the comprehensive supply security risk score of the Sichuan power system dropped from 88.7 to 76.91. This decline was mainly due to a significant reduction in hydropower output, which lowered scores of the source‐side risk and consequently increased the system's supply security risk.

Side-Channel Attack Security Risk Assessment Model Based on Mutual Information Game

The process of attack and defence of side channel attack can be regarded as the process of mutual information game, the two sides of the game are the cryptographic device designer (defence) and the enemy. The game goal of the defender is to reduce the local and global risks caused by side channel leakage by formulating relevant defence strategies; For the enemy, the goal of the game is just the opposite. From the perspective of making security strategy and reducing security risk, the mutual information game theory is introduced into the decision-making process of crypto chip designers (defenders) and enemies, and the influence of the choice of offensive and defensive strategy on security risk is investigated.

Improving Risk Assessment Model for Cyber Security Using Robust Aggregation Operators for Bipolar Complex Fuzzy Soft Inference Systems

Improving a risk assessment technique for the problem of cyber security is required to modify the technique’s capability to identify, evaluate, assess, and mitigate potential cyber threats and ambiguities. The major theme of this paper is to find the best strategy to improve and refine the cyber security risk assessment model. For this, we compute some operational laws for bipolar complex fuzzy soft (BCFS) sets and then propose the BCFS weighted averaging (BCFSWA) operator, BCFS ordered weighted averaging (BCFSOWA) operator, BCFS weighted geometric (BCFSWG) operator, and BCFS ordered weighted geometric (BCFSOWG) operator. Furthermore, we give their properties, such as idempotency, monotonicity, and boundedness. Additionally, we improve the risk assessment technique for the cyber security model based on the proposed operators. We illustrate the technique of multi-attribute decision-making (MADM) problems for the derived operators based on BCFS information. Finally, we compare our ranking results with those of some existing operators for evaluating and addressing the supremacy, validity, and efficiency of these operators under BCFS information.

Hierarchical-Based Dynamic Scenario-Adaptive Risk Assessment for Power Data Lifecycle

In an era marked by rapid advancements in information technology, the task of risk assessment for data security within the complex infrastructure of the power grid has become increasingly vital. This paper introduces a novel methodology for dynamic, scenario-adaptive risk assessment, specifically designed to address the entire lifecycle of power data. Integrating hierarchical analysis with fuzzy comprehensive evaluation, our approach provides a flexible and robust framework for assessing and managing risks in various scenarios. This method enables the generation of adaptive weight matrices and precise risk level determinations, ensuring a detailed and responsive analysis of data security at each lifecycle stage. In our study, we applied predictive analytics and anomaly detection to conduct a thorough examination of diverse data scenarios within the power grid, aiming to proactively identify and mitigate potential security threats. The results of this research demonstrate a significant enhancement in the effectiveness of risk detection and management, leading to improved data protection and operational efficiency. This study contributes a scalable, adaptable model for data security risk assessment, meeting the challenges of big data and complex information systems in the power sector.

Educational Sovereignty and Cultural Security in International Exchange of Higher Education in the Information Age

Abstract With the development of the information age, international teaching cooperation and exchanges have become increasingly frequent, and educational sovereignty and cultural security in higher education international exchanges have gradually become the focus of attention. This paper constructs a multiple regression model of educational sovereignty related to international exchanges, and designs a cultural security risk assessment model in international exchanges by combining fault tree and Bayesian network to prevent cultural invasion. Empirical Analysis is carried out on this basis to explore the factors and preventive measures affecting educational sovereignty and cultural security in higher education international exchanges. In the regression results, the standard regression coefficient of national comprehensive strength is the highest at 0.272, in which the significance of intellectual property rights, educational legislation, educational administration, state authority and national total strength are all less than 0.001. The accuracy rate is more than 90% for identifying cultural security risks. In the research of this paper, the cultural security risk problems can be effectively identified, and the cultural security problems in the international exchange of university education can be improved with practical guarantee.

Unleashing the Power of Big Data: Designing a Robust Business Intelligence Framework for E-commerce Data Analytics

E-commerce companies are struggling to make use of the enormous amounts of data collected from diverse sources in the big data era. Designing and implementing a strong business intelligence (BI) framework that makes use of big data analytics is essential to overcoming this difficulty. The study examines how cloud computing affects mobile e-commerce, stressing its benefits for real-time data processing, scalability, and analysis. which boosts the competitiveness of Chinese e-commerce businesses. This study's goal is to deploy a comprehensive BI platform designed especially for e-commerce research to unleash the power of big data. Furthermore, the deployment of precision marketing techniques based on the RFM model and historical data analysis increases client segmentation, leading to targeted marketing efforts, greater customer happiness, and higher conversion rates. The major goal of this research is to equip e-commerce companies with the tools they need to take advantage of big data's potential and make decisions that will give them a competitive edge. Data storage, retrieval, and data mining are made possible by the integration of big data technologies, such as relational and distributed databases, along with parallelization via MapReduce. Ordinary, the findings of this newsletter spotlight the importance of embracing massive information technologies and methodologies in the e-trade sector. Leveraging cloud computing, records mining, and enterprise intelligence strategies can free up the capability of tremendous records assets, permitting enterprises to make informed choices, drive innovation, and gain a competitive facet. The paper highlights the value of security safeguards and risk assessment models in e-commerce systems, offering suggestions for spotting and reducing potential dangers and preserving the integrity of the system.

Security risk assessment of projects in high-risk areas based on attack-defense game model

Assessing the security risk of projects in high-risk areas is particularly important. This paper develops a security risk assessment model for projects in high-risk areas based on the target loss probability model and Bayesian game model. This model is modeled from the perspective of attack-defense confrontation and addresses the issue that traditional risk assessment focuses on the analysis of the attacker yet neglects to analyze the defender—the defender’s optimum defensive information is not quantitatively determined. The risk level, optimum defensive resource value, and optimum defensive strategy of the project are determined through the analysis of a project in the high-risk area. This enables the project’s risk manager to adjust the defensive resources reasonably and optimally, confirming the objectivity and feasibility of the model and offering a new benchmark for security risk assessment, which has significant practical implications.

Comparative Study of Information Security Risk Assessment Model

Comparative Study of Information Security Risk Assessment Model

Establishment and Countermeasures of Smart City Security Risk Assessment Model

Establishment and Countermeasures of Smart City Security Risk Assessment Model

Towards Development of a Security Risk Assessment Model for Saudi Arabian Business Environment Based on the ISO/IEC 27005 ISRM Standard

Towards Development of a Security Risk Assessment Model for Saudi Arabian Business Environment Based on the ISO/IEC 27005 ISRM Standard

Changing multi-scale spatiotemporal patterns in food security risk in China

Food security was not only an important cornerstone of China's national rejuvenation, but also a matter of achieving the UN's Sustainable Development Goals. The spatial explicit and multi-scale comparative study of China's food security risk pattern was insufficient. Therefore, this study explored the spatio-temporal evolution and scale differences of food security risk pattern in China at micro- (pixel: 1km × 1 km), meso- (county) and macro (provincial) scales by constructing Food Security Risk Assessment models and Food Security Indexes (FSI) that were applicable to various scales, and provided theoretical basis and data support for the country and governments at all levels to formulate food security guarantee strategies. The results showed that the food security risk is quite different on different sides of Ejina-Longhai Line in 2018 at micro-scale. The food security situation in the area east of the Ejina-Longhai Line was generally good, while the area west of the Ejina-Longhai Line had higher food security risks. From 1990 to 2018, China's food security risks were spatially positively correlated and have significant global spatial agglomeration characteristics. In 1990, 2000 and 2018, the local spatial autocorrelation of food security risk at micro- and meso-level was similar. In the last decade of the 20th century, the food security situation in China showed a deteriorating trend due to the difference in the growth rate of total grain output and total population. Since the beginning of the 21st century, rapid increase in grain yields significantly reduced food security risks in China. The changes in food security index at micro- and meso-scales had a high similarity, however, the evaluation results at the meso-scale would underestimate the national food security risks. In addition, the larger the range (scale) of the evaluation unit, the more drastic the temporal variation in food security index, that is, the lower the stability. Scale differences and lower stability lead to evaluation results at the macro-scale that underestimate food security risks in the year of good harvest and overestimate food security risks in the year of poor harvest.

Identification of Risk Factors Using ANFIS-Based Security Risk Assessment Model for SDLC Phases

In the field of software development, the efficient prioritizing of software risks was essential and play significant roles. However, finding a viable solution to this issue is a difficult challenge. The software developers have to adhere strictly to risk management practice because each phase of SDLC is faced with its individual type of risk rather than considering it as a general risk. Therefore, this study proposes an adaptive neuro-fuzzy inference system (ANFIS) for selection of appropriate risk factors in each stages of software development process. Existing studies viewed the SDLC’s Security risk assessment (SRA) as a single integrated process that did not offer a thorough SRA at each stage of the SDLC process, which resulted in unsecure software development. Hence, this study identify and validate the risk factors needed for assessing security risk at each phase of SDLC. For each phase, an SRA model based on an ANFIS was suggested, using the identified risk factors as inputs. For the logical representation of the fuzzification as an input and output variables of the SRA risk factors for the ANFIS-based model employing the triangular membership functions. The proposed model utilized two triangular membership functions to represent each risk factor’s label, while four membership functions were used to represent the labels of the target SRA value. Software developers chose the SRA risk factors that were pertinent in their situation from the proposed taxonomy for each level of the SDLC process as revealed by the results. As revealed from the study’s findings, knowledge of the identified risk factors may be valuable for evaluating the security risk throughout the SDLC process.

A Security Risk Assessment Method Based on Improved FTA-IAHP for Train Position System

The positioning system based on satellite navigation can meet the requirements of CTCS-4 train control, improve the transportation efficiency, reduce the operation and maintenance costs, which is the trend of train positioning system in the future, and the security risk assessment is of great significance to the future application of this system. In this paper, combined with the self-developed train positioning system based on satellite navigation, and an improved fault tree-interval analytic hierarchy process (FTA-IAHP) method for evaluating the safety risk of train positioning system is proposed. Firstly, a security risk assessment model based on FTA-IAHP is established by combining FTA and IAHP. Secondly, two judgment matrices are constructed by using the basic events and structural importance based on FTA, and the IAHP model based on expert scoring, the difference between FTA and IAHP is adjusted by combining the weighting factor. The new method of trial of weighting can determine the degree of each factor in the system fault. This method has great significance to the safety design and protection of the new train positioning system based on satellite navigation.

Computer network security evaluation method based on improved attack graph

ABSTRACT The traditional security detection and defense methods are relatively backward, and there are many problems, such as high false alarm and missed alarm rate, and detection lag, which have been difficult to meet the requirements of computer security defense. In order to strengthen the active defense of computer network security and improve the classification and prediction performance of computer network security events, a computer network security risk assessment model based on mrmr Ig feature selection model and attack graph model is proposed. The mrmr Ig feature selection model is used to classify the characteristics of security events, and the hidden Markov chain model and attack graph model are used to predict the attack intention. The experimental results show that the classification accuracy rate of the model is 99.79%, the false alarm rate and the false alarm rate are 0.11% and 0.18%, respectively. The model can accurately predict attacks in real time, and can provide reference for timely taking targeted computer network security reinforcement and active defense measures.

Computer Network Information System Security Prevention Methods under the Background of Big Data

With the rapid development of modern society, the administrative information content rapid growth of e-government information resource sharing becomes the key of the government departments for effective social management. The cloud technology Internet big data are widely used and popular, which enable information resources to be shared among government data and are both an opportunity and challenge for effective e-government information resource sharing. It is of great significance to enhance government credibility. Information security risk assessment is a comprehensive evaluation of the potential risk of an uncertain stochastic process, traditional evaluation methods are deterministic models, and it is difficult to measure the security risk of uncertainty. On the other hand, with the opening and complexity of information system business functions, the nonlinearity and complexity of evaluation calculation also increase. By studying the relatively mature assessment criteria and methods in the field of information security, this study analyzes the information security status of small Internet of Things system based on the characteristics of Internet of Things information security. Combining the latest research results of information entropy neural network and other fields with the original risk assessment methods, the improved AHP information security risk assessment model is verified by simulation examples.

Security Risk Level Prediction of Carbofuran Pesticide Residues in Chinese Vegetables Based on Deep Learning.

The supervision of security risk level of carbofuran pesticide residues can guarantee the food quality and security of residents effectively. In order to predict the potential key risk vegetables and regions, this paper constructs a security risk assessment model, combined with the k-means++ algorithm, to establish the risk security level. Then the evaluation index value of the security risk model is predicted to determine the security risk level based on the deep learning model. The model consists of a convolutional neural network (CNN) and a long short-term memory network (LSTM) optimized by an arithmetic optimization algorithm (AOA), namely, CNN-AOA-LSTM. In this paper, a comparative experiment is conducted on a small sample data set of independently constructed security risk assessment indicators. Experimental results show that the accuracy of the CNN-AOA-LSTM prediction model based on attention mechanism is 6.12% to 18.99% higher than several commonly used deep neural network models (gated recurrent unit, LSTM, and recurrent neural networks). The prediction model proposed in this paper provides scientific reference to establish the priority order of supervision, and provides forward-looking supervision for the government.