System Security Risk Management Research Articles

ЭФФЕКТИВНОСТЬ АВТОМАТИЗИРОВАННОГО УПРАВЛЕНИЯ ТРАНСПОРТНЫМИ СРЕДСТВАМИ В ТРАМВАЙНЫХ СИСТЕМАХ

The intellectualization of water transport is accompanied by an expansion of the landscape of threats to transport security, caused by the characteristics and weaknesses of the technologies being introduced, which are the convergence of information and telecommunication technologies, automated and automatic control technologies and artificial intelligence. The peculiarity of these technologies is working with large volumes of information. Violation of the security of information processed in intelligent systems of water transport (illegal access, modification, deletion and similar unauthorized influence) causes a violation of transport security and, as a consequence, the security of critical information infrastructure and the country’s critical infrastructure, national security. Convergent technologies used in intelligent transport systems are characterized by multiple and poorly formalized manifestations of the consequences of threats. The article presents a model for assessing the risks of information security of intelligent water transport systems, based on the methods of the theory of fuzzy sets and fuzzy logic, the use of which makes it possible to take into account the above-mentioned features of the technologies being implemented. The hierarchical structure of the model and the use of fuzzy set theory and fuzzy logic methods make it possible to adapt the model to various risk criteria, types of input data and the level of detail of risk analysis. For the presented model, a methodology for assessing information security risks has been developed and an example of risk calculation is given. The developed model and methodology are intended to build an information security risk management system for autonomous shipping, implementing technologies of hybrid (augmented, extended) intelligence, providing for the use of artificial intelligence controlled by people.

НЕЧЕТКАЯ СИСТЕМА ОЦЕНКИ РИСКОВ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ ИНТЕЛЛЕКТУАЛЬНЫХ СИСТЕМ ВОДНОГО ТРАНСПОРТА

The intellectualization of water transport is accompanied by an expansion of the landscape of threats to transport security, caused by the characteristics and weaknesses of the technologies being introduced, which are the convergence of information and telecommunication technologies, automated and automatic control technologies and artificial intelligence. The peculiarity of these technologies is working with large volumes of information. Violation of the security of information processed in intelligent systems of water transport (illegal access, modification, deletion and similar unauthorized influence) causes a violation of transport security and, as a consequence, the security of critical information infrastructure and the country’s critical infrastructure, national security. Convergent technologies used in intelligent transport systems are characterized by multiple and poorly formalized manifestations of the consequences of threats. The article presents a model for assessing the risks of information security of intelligent water transport systems, based on the methods of the theory of fuzzy sets and fuzzy logic, the use of which makes it possible to take into account the above-mentioned features of the technologies being implemented. The hierarchical structure of the model and the use of fuzzy set theory and fuzzy logic methods make it possible to adapt the model to various risk criteria, types of input data and the level of detail of risk analysis. For the presented model, a methodology for assessing information security risks has been developed and an example of risk calculation is given. The developed model and methodology are intended to build an information security risk management system for autonomous shipping, implementing technologies of hybrid (augmented, extended) intelligence, providing for the use of artificial intelligence controlled by people.

Security Risk Management System for the Construction and Operation of Smart Port Area Based on BP Neural Network Algorithm

With the construction of smart cities, smart ports are developing rapidly, providing favorable conditions for enhancing port competitiveness, promoting industrial upgrading, and economic transformation. With the continuous progress of society and science and technology, the safety risks of intelligent ports are also increasing. In order to better address these risks, it is necessary to establish a stable and efficient management system. This paper applies data mining and fuzzy control theory technologies for large-volume, high-precision real-time information collection, based on the research of the BP neural network algorithm. By establishing and analyzing a safety risk management system model based on the BP multilayer neuron network, it provides a rationality evaluation method and design concept. After designing the safety risk management system, this paper conducts a performance test on the system. The test results show that through optimization, the accuracy, generalization ability, and reliability of the model can be improved. Its accuracy is as high as 92% or more, fully demonstrating the system's reliability and superiority!

Module for expected losses assessing in the information security risk management system of a construction company

The article examines the problem of the expected losses effective assessment in a construction company upon materialization of information security threats. One of the ways to partially solve this problem is proposed. It is suggested to improve the capabilities of the respective module of the risk management system, which provides the user with a human-machine toolkit for expert assessment of expected losses. This toolkit consists of several stages. The toolkit considers the most effective evaluation scenario given the existing situational decision-making conditions. In order to ensure the operation of the module, the informational and logical connections between the evaluation stages are also defined and the apparatus for the formation of various evaluation scenarios is designed. In addition, to increase the accuracy of the results and increase the flexibility of the proposed algorithm, the possibility of selecting the evaluation scenario by the user with the appropriate role is provided. Since the paper considers the problem of multi-criteria evaluation, the hierarchy of criteria is formalized, and the weight of their influence on the calculation results is also taken into account. When building a logical-mathematical apparatus, the possibility of realizing various types of threats to various information assets (IA) of the enterprise is also considered. The assessment of the consequences of information security threats can be carried out at different levels: general and distributed, taking into account various indicators such as violations of confidentiality, integrity and availability of information. The methods of direct expert evaluation, analytic hierarchy process (AHP), Delphi, linear convolution of criteria, probabilistic modeling are used in the development of the logico-mathematical apparatus. A qualitative-quantitative scale is used to formalize expert judgments. The necessary roles of experts for effective evaluation have been defined. Summarization of experts' assessments is carried out with control of the adequacy of the degree of logic and dispersion of the opinions of each expert, in accordance with the established requirements for the degree of agreement of the opinions of a group of experts. Competence of the experts is also taken into account during assessment.

Introduction of a Corporate Security Risk Management System: The Experience of Poland

To ensure the economic security of companies, it is necessary to introduce a risk management system based on the use of various tools, especially financial ones. The purpose of the article is to scientifically substantiate the paradigm of integration of the risk management mechanism into the system of economic security in companies on the basis of risk-oriented management. The main study method was an online survey of 50 Polish companies in January–April 2021 using a developed questionnaire consisting of 40 questions. According to the results of the expert survey, it is determined that regardless of the type of economic activity of the enterprise, the main goal of introducing risk-oriented management is to preserve assets and increase the efficiency of financial and economic processes. The introduction of risk-oriented management is perceived as a tool to increase the value of the company and ensure the achievement of strategic goals. Fraud is a significant risk to the state of economic security for modern enterprises. To prevent the fact of fraud, taking into account the specifics of the operation of companies, it is suggested to conduct an annual examination. As a result, the suggested procedure should include an audit (audit of financial statements, forensics, transition to international financial reporting standards, audit of systems and processes), assessment (assessment for audit and reporting in accordance with international financial reporting standards, risk management assessment in accordance with international standards, assessment of the effectiveness of economic security), tax analytics (identification of tax risks, analysis of compliance with tax legislation, tax audit), and a due diligence procedure for investment objects.

A Fog-based Cyber Security Risk Management System using Bayesian Games

A Fog-based Cyber Security Risk Management System using Bayesian Games

Information Technology Development Risks in the Banking Sector

The relevance of the article is because in parallel with the processes of introduction of innovations in the field of automation and computerization of the banking system, the number of types of banking risks associated with innovations in the field of on-line customer service and internal Bank reporting, as well as information systems. As a result of this article, we have studied the latest legislative acts of the Central Bank of Russia as a mega-regulator and summarized the practice of both individual credit institutions and the banking sector in the field of information technology development risks in the banking sector. To strengthen the development of new financial technologies in the digital economy, it is necessary to regularly discuss the emergence of new phenomena and innovations; to consider the possibility of further analysis of existing methodological developments to exchange best practices of banks. Building an effective it security risk management system is not a one-time project. Still, a complex process is important, focused on minimizing external and internal threats and taking into account the limitations on resources and time factor

Improving Chemical Security with Material Control and Accountability and Inventory Management

Chemical risk management is a process to control safety and security risks associated with hazardous chemicals. Chemical risk management includes the management of both chemical safety and chemical security. It is generally accepted that there are five pillars that make up chemical security management. Each of the five pillars are key components to the implementation of a chemical security risk management system. In this work, we will review the “Material Control and Accountability” pillar and how an academic institution can implement this principle using a chemical inventory management system (CIMS). A robust CIMS will improve the quality and efficiency of research, reduce time and resources associated with laboratory management, and reduce both the safety and security risks associated with chemicals.

Задачі з керування ризиками інформаційної безпеки апарата прийняття рішень

The author has submitted and tried to perform the number of tasks helping in modeling multi-factors information security risk management system. The author has prioritized financing different vulnerabilities by combining two approaches: processing approach in building events tree and mathematical formalizing the connections and affections levels of different events (vulnerabilities and threats) on information resource. Problems in programming 2017; 4: 089-097

Functional modeling of information security risk management system

Preservation of confidentiality, integrity and availability of information in organization is achieved by risk management system designing and implementation. For these purposes, a generic approach described in the international standard ISO/IEC 27005: 2011 is used. In view of above-mentioned, it is specified by the principles and recommendations of the ISO 31000:2009, ISO/TR 31004:2013, IEC 31010:2009. Therefore, the definitions from these legal documents are used for information security risk management system design and implementation. The system is developing by identifying her functional boundaries, functions and terms of their performance. This will be possible by the way of its functional simulation. Thus, resulting functional model will be presented in IDEF0 graphical diagram notation. According to this view, information security risk management activities are formalized by defining objectives, terms of model and set of functions. At last, such approach has given us the possibility to visualize the conditions and results of their execution by the system was simulated, within the prescribed limits.