Security Risk Assessment Research Articles

Calculation and Comparative Analysis of Common Fault Scores for Secure Computers Based on Embedded Neural Networks

With the rapid development of computer networks and information technology, government departments, financial institutions, and enterprises are increasingly dependent on software, and software security issues have become a focus of attention. In this context, how to effectively evaluate the security of software has become an important issue for research institutions both domestically and internationally. On the basis of exploring software definition, this paper not only analyzes the security and potential threats of software in computer networks, but also introduces Embedded Neural Networks (ENNs) as an evaluation tool, and combines Fuzzy Analytic Hierarchy Process (FAHP) to deeply explore a new method for software security risk assessment. By utilizing the powerful pattern recognition capability of ENNs, software logs, system call sequences, and other data can be classified and analyzed to distinguish between normal and abnormal behavior. This ability is crucial for identifying security incidents such as malicious software and unauthorized access. ENNs are designed with resource constraints in mind, which can reduce energy consumption while ensuring performance. For software systems that require long-term operation, this means higher security and stability. Practice has proven that combining ENNs with FAHP can more scientifically and effectively evaluate software security. This method not only improves the accuracy and efficiency of evaluation, but also provides a more solid theoretical foundation and technical support for software security protection.

Development of a Flexible Information Security Risk Model Using Machine Learning Methods and Ontologies

This paper presents a significant advancement in information security risk assessment by introducing a flexible and comprehensive model. The research integrates established standards, expert knowledge, machine learning, and ontological modeling to create a multifaceted approach for understanding and managing information security risks. The combination of standards and expert insights forms a robust foundation, ensuring a holistic grasp of the intricate risk landscape. The use of cluster analysis, specifically applying k-means on information security standards, expands the data-driven approach, uncovering patterns not discernible through traditional methods. The integration of machine learning algorithms in the creation of information security risk dendrogram demonstrates effective computational techniques for enhanced risk discovery. The introduction of a heat map as a visualization tool adds innovation, facilitating an intuitive understanding of risk interconnections and prioritization for decision makers. Additionally, a thesaurus optimizes risk descriptions, ensuring comprehensiveness and relevance despite evolving terminologies in the dynamic field of information security. The development of an ontological model for structured risk classification is a significant stride forward, offering an effective means of categorizing information security risks based on ontological relationships. These collective innovations enhance understanding and management of information security risks, paving the way for more effective approaches in the ever-evolving technological landscape.

Modeling Cybersecurity Risk: The Integration of Decision Theory and Pivot Pairwise Relative Criteria Importance Assessment with Scale for Cybersecurity Threat Evaluation

This paper presents a comprehensive model for cyber security risk assessment using the PIPRECIA-S method within decision theory, which enables organizations to systematically identify, assess and prioritize key cyber threats. The study focuses on the evaluation of malware, ransomware, phishing and DDoS attacks, using criteria such as severity of impact, financial losses, ease of detection and prevention, impact on reputation and system recovery. This approach facilitates decision making, as it enables the flexible adaptation of the risk assessment to the specific needs of an organization. The PIPRECIA-S model has proven to be useful for identifying the most critical threats, with a special emphasis on ransomware and DDoS attacks, which represent the most significant risks to businesses. This model provides a framework for making informed and strategic decisions to reduce risk and strengthen cyber security, which are critical in a digital environment where threats become more and more sophisticated.

A Comprehensive Security Risk Assesment Framework SRAF_IoV for Internet of Vehicles.

The advancement in digital world have led to the development of smart vehicles that connect to the Internet of Vehicles (IoV) Infrastructure. These smart vehicle also connects and communicate with other vehicles, and their connected components. Once connected, they can share information such as speed, direction, and distance between vehicles.IoV enhances traffic infrastructure by reducing congestion and incidents, ultimately improving road safety within highways and metropolitan cities. However, when smart vehicles use IoV to share data through vehicle-to-vehicle (V2V), Vehicle to Infrastructure (V2I), and Vehicle to everything (V2X) they also introduce security risks and vulnerabilities to the IoV Infrastructure. Malicious actors can exploit these vulnerabilities to alter data within the connected units of IoV infrastructure, such as electronic control units, onboard units, control networks, and sensors. Securing data within the IoV ecosystem is crucial to prevent malicious activity that could compromise confidentiality, integrity, and availability. In this study, a security risk assessment framework for IoV (SRAF-IoV) has been developed to identify vulnerabilities within the IoV network. SRAF-IoV that assesses security risks in connected vehicles. It evaluates vulnerabilities and assigns a risk level based on different communication channels (V2V, V2I, and V2X). The proposed framework was tested against various cyber-attacks to determine risk levels associated with different attack types (low, medium, high, and critical). The performance of SRAF-IoV was then compared to existing frameworks. By comprehensively identifying potential risks, SRAF-IoV was then compared to existing frameworks. By comprehensively identifying potential risks, SRAF-IoV can push the smart vehicle industry to make critical security decisions during the development of smart vehicles.

Security Risk Assessment in Container Terminals: Empirical Evidence from Greece

Security Risk Assessment in Container Terminals: Empirical Evidence from Greece

Security risk assessment of submerged floating tunnel based on fault tree and multistate fuzzy Bayesian network

To assess the global security risks of the submerged floating tunnel (SFT) in marine environments during operation and provide a basis for risk control, a security risk assessment method using a multistate fuzzy Bayesian network (MFBN) considering complex disaster-inducing factors is proposed. A fault tree model of SFT security risk is established to analyze the causal relationships between global risk and influence factors such as structural components and environmental loads. For root nodes, fuzzy probabilities for each state are obtained through expert knowledge. An improved similarity aggregation method is proposed to integrate expert opinions, mitigating the impact of significant option discrepancies. For non-root nodes, the Leaky Noisy-Max model is used to calculate complex conditional probabilities within the SFT. The probabilities of various security risk states and key risk factors could be determined through reasoning by MFBN. Additionally, a risk prediction method that incorporates domain expert opinions and leverages the BN's ability of updating node probabilities with new information was developed to forecast the security risks of the SFT under wave and current loads.

Poverty‐Armed Conflict Nexus: Can Multidimensional Poverty Data Forecast Intrastate Armed Conflicts?

Poverty is widely acknowledged as a significant factor in the outbreak of armed conflicts, particularly fueling armed conflict within national borders. There is a compelling argument positing that poverty is a primary catalyst for intrastate armed conflicts; reciprocally, these conflicts exacerbate poverty. This article introduces a statistical model to forecast the likelihood of armed conflict within a country by scrutinizing the intricate relationship between intrastate armed conflicts and various facets of poverty. Poverty, arising from factors such as gender inequality and limited access to education and public services, profoundly affects social cohesion. Armed conflicts, a significant cause of poverty, result in migration, economic devastation, and adverse effects on social unity, particularly affecting disadvantaged and marginal groups. Forecasting and receiving early warnings for intrastate armed conflicts are crucial for international policymakers to take precautionary measures. Anticipating and proactively addressing potential conflicts can mitigate adverse consequences and prevent escalation. Hence, forecasting intrastate armed conflicts is vital, prompting policymakers to prioritize the development of effective strategies to mitigate their impact. While not guaranteeing absolute certainty in forecasting future armed conflicts, the model shows a high degree of accuracy in assessing security risks related to intrastate conflicts. It utilizes a machine‐learning algorithm and annually published fragility data to forecast future intrastate armed conflicts. Despite the widespread use of machine‐learning algorithms in engineering, their application in social sciences still needs to be improved. This article introduces an innovative approach to examining the correlation between various dimensions of poverty and armed conflict using machine‐learning algorithms.

Security Theatrics: The Role of Visual Cues in Simulated Attacker Target Selection

Visibly deterring potential adversaries is central to security risk assessment and planning operations within many agencies including the Transportation Security Administration (TSA). Many visible security elements are employed by TSA toward these goals. Questions remain whether these elements deter/displace attackers, and answers are elusive in these data-poor contexts. Using a novel adversarial exercise with a national sample, our paired conjoint experiment across visibly-changing aviation environments finds the majority of tested security infrastructure visibly deterred simulated adversaries. Canine officer presence deterred, biometric scanners induced, and queue density had no appreciable effect upon target selection. Our findings offer useful criminological insights, clear policy applications, and novel quantitative methods for assessing visible deterrent processes in limited data environments.

Vulnerability-oriented risk identification framework for IoT risk assessment

The proliferation of Internet of Things (IoT) systems across diverse applications has led to a notable increase in connected smart devices. Nevertheless, this surge in connectivity has induced a broad spectrum of vulnerabilities and threats, jeopardizing the security and safety of IoT applications. Security risk assessment methods are commonly employed to analyze risks. However, traditional IT and existing IoT-tailored security assessment methods often fail to fully address key IoT aspects: complex assets intercommunication, dynamic system changes, assets’ potential as attack platforms, safety impacts of security breaches, and assets resource constraints. Such oversights lead to significant risks being overlooked in the IoT ecosystem. In this paper, we propose a novel vulnerability-oriented risk identification framework comprising a four-step process as a core element of IoT security risk assessment, applicable to any IoT system. Our process enhances both traditional and IoT-specific security risk assessment methods by providing tailored approaches that address their crucial oversights for comprehensive IoT risk assessment. We validate our process with a case study of an IoT smart healthcare system using a proposed expert-driven approach. The results confirm that our process effectively identifies critical attack scenarios originating from the lack of proper security measures, mobility, and intercommunication processes of IoT devices in the healthcare system. Furthermore, our analysis reveals potential attacks that exploit the IoT devices as platforms to target the backend and user domains. We demonstrate the feasibility of our process for identifying realistic risks by conducting simulations of two derived attack scenarios using the Contiki Cooja network simulator.

Penetration Study of Key Technologies for Cybersecurity Risk Assessment

In recent years, with the frequent occurrence of cyber security incidents, people have paid more attention to it. Information security risk assessment is a very important research topic. This paper gives a brief overview of the theory of cybersecurity risk assessment, focuses on the description of the current mainstream cybersecurity risk assessment methods, classifies and compares the existing methods according to the nature of the methods, and analyses the advantages, disadvantages, and application scope of each method. Finally, the main factors affecting the evaluation results are summarized and refined, and future research hotspots in this field are proposed. Through the empirical analysis of the three factors, the influence of the correlation of the three factors, the uncertainty of the evaluation indexes, and the timeliness of the evaluation on the evaluation results are concluded, which provides a reference for future research on evaluation methods.

Automatic mapping of winter wheat planting structure and phenological phases using time-series sentinel data

The precise extraction of winter wheat planting structure holds significant importance for food security risk assessment, agricultural resource management, and governmental decision-making. This study proposed a method for extracting the winter wheat planting structure by taking into account the growth phenology of winter wheat. Utilizing the fitting effect index, the optimal Savitzky–Golay (S–G) filtering parameter combination was determined automatically to achieve automated filtering and reconstruction of NDVI time series data. The phenological phases of winter wheat growth was identified automatically using a threshold method, and subsequently, a model for extracting the winter wheat planting structure was constructed based on three key phenological stages, including seeding, heading, and harvesting, with the combination of hierarchical classification principles. A priori sample library was constructed using historical data on winter wheat distribution to verify the accuracy of the extracted results. The validation of fitting effect on different surfaces demonstrated that the optimal filtering parameters for S–G filtering could be obtained automatically by using the fitting effect index. The extracted winter wheat phenological phases showed good consistency with ground-based observational results and MOD12Q2 phenological products. Validation against statistical yearbook data and the proposed priori knowledge base exhibited high statistical accuracy and spatial precision, with an extracting accuracy of 94.92%, a spatial positioning accuracy of 93.26%, and a kappa coefficient of 0.9228. The results indicated that the proposed method for winter wheat planting structure extracting can identify winter wheat areas rapidly and significantly. Furthermore, this method does not require training samples or manual experience, and exhibits strong transferability.

Ecological and geological security risk assessment of underground space development in cold and arid canyon cities-Taking Ping'an District, Haidong City, Qinghai Province, as an example.

The ecological and geological problems caused by the rise of groundwater level due to the development of underground space in cold and arid canyon cities are particularly typical. Reasonably assessing the ecological and geological security risks of utilizing underground space is conducive to reducing the occurrence of ecological and geological problems during the construction and operation of underground engineering projects. Taking Ping'an District of Haidong City as an example, the topography and geomorphology of the research area were investigated in the field, and the distribution of topography and geomorphology in the research area was understood; through geological drilling and geotechnical engineering testing, the distribution of different strata in the research area was obtained; through pumping and seepage experiments, the recharge, runoff, and discharge relationship between surface water and groundwater in the research area and the water abundance of different strata are obtained, and the causes and mechanisms of geological safety risks in forest and grassland ecosystems, farmland ecosystems, and human settlements ecosystems were analyzed based on literature. Corresponding ecological geological safety risk assessment index systems and methods were established, and the ecological geological safety risks before and after the development of underground rail transit projects along both banks of the Huangshui River in the study area were evaluated. PRACTITIONER POINTS: The development of underground space in canyon type cities can easily lead to ecological and geological problems. Taking Haidong City, Qinghai Province, as an example, this study investigates the causes of ecological and geological problems caused by the development of underground spaces in canyon type cities. An ecological geological security risk assessment index system and method for canyon-type cities were established. An evaluation was conducted on the ecological and geological safety risks before and after the development of the underground rail transit projects on both sides of the research area.

Security Risk Assessment of IoT for Remote Patient Monitoring System

Remote Patient Monitoring (RPM), an essential component of telehealth, is among the biggest changes marked in healthcare. It facilitates patients’ treatment, remotely at home or in some distant location, without traditional clinical settings. The RPM plays a key role in data acquisition, data analysis and insights, and improved healthcare management. It collects real-time data using wearable sensors and mobile apps, and furnish crucial health metrics. Advanced algorithms and prognostic modelling than process the data, pattern and likely health risks to predict any disease more precisely and accurately for early action. RPM provides real-time watch and remote consultation that help in improved disease control and better patients’ care. Improved accuracy, reduced cost, real time interaction, and refined patient well-being are the significant healthcare benefits of RPM. Prognosis Health & Management (PHM) system is used for predicting the remaining useful life (RUL) of healthcare assets such as sensors, pacemakers, defibrillators and other medical equipment. The PHM leads to pre-emptive maintenance, lowers downtime, and tracks the life span of such healthcare equipment. The IoT enables PHM to monitor remote assets and gather instant data to foresee the RUL of such equipment. Providing the facilitations, PHM also creates potential vulnerabilities of exposure of device, network and data, and poses data security and privacy challenges. Therefore, strong security controls are required to keep patients’ data confidential and safe from uneven approaches to technology and data breaches. This paper evaluates risk associated with RPM using OCTAVE ALLGERO, a risk assessment framework, to mitigate the data security concerns.

RiskTree: Decision Trees for Asset and Process Risk Assessment Quantification in Big Data Platforms

The inherent characteristics of big data lies in its voluminous scale, varied data formats, and swift processing velocity. The intrinsic characteristics of big data undermine the efficacy of conventional data security techniques and data management standards, consequently compromising the security of big data. As a consequence, big data possesses susceptibilities to security incidents, including unauthorized data access, data manipulation, and data compromise throughout the transmission, storage, and processing stages. Conventional information system security risk assessment methodologies are constrained by human resources and computational techniques, rendering them unsuitable for direct application to big data platforms. Consequently, there is an urgent necessity to develop a risk assessment framework tailored specifically for big data environments, capable of quantifying potential risks and losses. In response to this need, we have devised an automated risk assessment theory that assimilates the unique characteristics of big data with traditional quantitative methods, introducing a risk metric system suited to the big data context. Utilizing the risk-related data generated during operations on the big data platform, we train a decision tree model to derive the weights for each risk indicator. These weights are then employed to conduct a weighted summation of the operational risk indicators, thereby achieving a quantitative evaluation of the platform's risk profile. To substantiate the proposed framework, experiments were conducted on a simulated big data platform. The experimental outcomes demonstrate that, compared to existing quantitative risk assessment methodologies, our approach enables an automatic, objective, and efficient assessment and quantification of the risks associated with tangible assets and data processing operations within the big data platform.

Overview of deltamethrin residues and toxic effects in the global environment.

Pyrethroids are synthetic organic insecticides. Deltamethrin, as one of the pyrethroids, has high insecticidal activity against pests and parasites and is less toxic to mammals, and is widely used in cities and urban areas worldwide. After entering the natural environment, deltamethrin circulates between solid, liquid and gas phases and enters organisms through the food chain, posing significant health risks. Increasing evidence has shown that deltamethrin has varying degrees of toxicity to a variety of organisms. This review summarized worldwide studies of deltamethrin residues in different media and found that deltamethrin is widely detected in a range of environments (including soil, water, sediment, and air) and organisms. In addition, the metabolism of deltamethrin, including metabolites and enzymes, was discussed. This review shed the mechanism of toxicity of deltamethrin and its metabolites, including neurotoxicity, immunotoxicity, endocrine disruption toxicity, reproductive toxicity, hepatorenal toxicity. This review is aim to provide reference for the ecological security and human health risk assessment of deltamethrin.

A neuro-fuzzy security risk assessment system for software development life cycle

This study aims to protect software development by creating a Software Risk Assessment (SRA) model for each phase of the Software Development Life Cycle (SDLC) using an Adaptive Neuro-Fuzzy Inference System (ANFIS) model. Software developers discovered and validated the risk variables affecting each SDLC phase, following which relevant data about risk factors and associated SRA for each SDLC phase were collected. To create the SRA model for SDLC phases, risk factors were used as inputs, and SRA was used as an output. The formulated model was simulated using 70 % and 80 % of the data for training, while 30 % and 20 % were used for testing the model. The performance of the SRA models using the test datasets was evaluated based on accuracy. According to the study findings, many risk variables were discovered and confirmed for the requirement, design, implementation, integration, and operation phases of SDLC 11, 8, 9, 4, and 6, respectively. The SRA model was formulated using the risk factors using 2048, 256, 512, 16, and 64 inference rules for the requirement, design, implementation, integration, and operation phases, respectively. The study concluded that using the SRA model to assess security risk at each SDLC phase provided a secured software development process.

A Review of IoMT Security and Privacy related Frameworks

The Internet of Medical Things (IoMT) integrates smart connectivity with healthcare, improving services but imposing cybersecurity and privacy concerns. Frameworks (such as EMRI, SaYo-Pillow, HL7, FHIR, HIMSS) and regulations (such as EU MDR) are in existence but need regular reviewing for enhancement. A crucial requirement to ensure assuring the security and privacy of the IoMT ecosystem is acceptable, standardized frameworks with effective mechanisms, regulations, and policies. The paper reviews recent IoMT frameworks, architectures, standards, and regulations, analysing deployed and proposed systems with the aim of identifying research areas to improve the realm of IoMT security and privacy. The paper assesses security and data privacy in healthcare through case studies by comparing attributes and discussing benefits and limitations. The analysis extends to geographic scopes that adopt these frameworks. Furthermore, it explores emerging technologies (such as using blockchain) in securing IoMT within specific frameworks. IoMT ecosystems faces significant security and privacy challenges due to inherent complexities, leading to evolving cyber threats. The vulnerabilities expose medical devices and patient data, risking patient safety and scrutinizing reputations of healthcare institutions. Despite promising technologies, the lack of tailored security measures, guidelines, and policies, coupled with adoption barriers, contributes to these concerns. There is a crucial need to develop specific research, standards, and policies for ensuring cybersecurity and data privacy in the IoMT. Collaboration among healthcare, government, and technology stakeholders is essential to establish effective regulations and best practices. The vulnerability of the healthcare sector, attributed to legacy devices and disjointed data systems, emphasizes the necessity for robust security risk assessment models to address challenges imposed within the rapidly evolving IoMT.

Architecture Framework for Cyber Security Management

The smooth operation of contemporary society relies on the collaborative functioning of multiple essential infrastructures, with their collective effectiveness increasingly hinging on a dependable national system of systems construction. The central focus within the realm of cyberspace revolves around safeguarding this critical infrastructure (CI), which includes both physical and electronic components essential for societal operations. The recent surge in cyber-attacks targeting CI, critical information infrastructures, and the Internet, characterized by heightened frequency and increased sophistication, presents substantial threats. As perpetrators become more adept, they can digitally infiltrate and disrupt physical infrastructure, causing harm to equipment and services without the need for a physical assault. The operational uncertainty of CI in these cases is obvious. The linchpin of cyber security lies in a well-executed architecture, a fundamental requirement for effective measures. The framework of this paper emphasizes organizational guidance in cyber security management by integrating the cyber security risks assessment and the cyber resilience process into overall continuity management of organizations business processes.

Developing a security risk management model for commercial private game reserves in the Limpopo Province of South Africa

ABSTRACT This article explores the potential contribution that security risk assessments and a security programme on commercial private game reserves in the Limpopo Province of South Africa can make to ensure the safety and security, not only of their visitors, but also of the wildlife and natural assets of a game reserve. Not all commercial private game reserves can afford an extensive security programme and the person in charge may not be a security and/or a risk management expert, therefore the need arises for the development of a fundamental and straightforward security programme.

Analysis of Cybersecurity Vulnerabilities in Mobile Payment Applications

Skepticism about security of mobile payment applications has plagued user adoption of such platforms in some countries. Software developers have generally de-emphasized core principles guiding delivering safe mobile applications since for mobile payment applications, movement of monetary value is their priority. We find in surveyed literature that this situation is prevalent in low economy/low financial inclusion countries. Selected were 50 Fintech and traditional banks m-payment applications in both high and lower economic and technological advancement (high E&T apps and lower E&T apps respectively) countries in Africa. This work may have significance in finance or economy, but it is mainly to unravel cybersecurity concerns. The analyses (static and dynamic) of the applications targeted top ten vulnerabilities on 2023 Common Weakness Enumeration (CWE) and Open Worldwide Application Security Project (OWASP) lists. The study employed Mobile Security Framework (MobSF) as the primary tool for both Android and iOS application while Automated Security Risk Assessment (AUSERA) tool was used to validate the vulnerabilities reported by MobSF. Results show that traditional m-payment apps were generally more secure than Fintech m-payment apps. In the later category, vulnerabilities under information leakage and cryptography category were the most prevalent. On the average, no marked difference was observed in security performance between high E&T apps and lower E&T apps. Incorrect default permission, cleartext storage of sensitive information, use of risky cryptographic algorithm, use of insufficiently random values and information exposure were the most prevalent vulnerabilities. Conversely, insecure implementation of SSL and trusting all certificates or accepting self-signed certificates had fewest occurrences. Poor code quality was the highest source of security vulnerabilities in the study. Declining statistics of SMS leakage in recent studies was confirmed in this work. The most implemented security measure was certificate pinning for preventing or detecting man-in-the-middle attack.