Catalogue Search | MBRL
Are you sure you want to remove the book from the shelf?
{{itemTitle}}
25,992
result(s) for
"security risk assessment"
Sort by:
Review of static risk‐based security assessment in power system
Power systems can be affected by unpredicted and unavoidable faults and failures, making security assessment an important challenge, which requires significant research works. An overview of this critical area, as presented here, shows that the security assessment has transformed from a deterministic to risk‐based methods, with two broad categories, risk assessment and risk identification. First, a detailed discussion of risk assessment is given to summarise different methods to solve the problems of equipment failure probability model, scenarios formation, and severity assessment. Further, comprehensive survey and prospect for risk identification are provided as a roadmap to determine the risk source directly. Risk identification techniques such as tracking method, sensitivity analysis, and risk source identification help operators to take effectively preventive action and restore system security.
Journal Article
Adaptive security and cyber assurance for risk-based decision making
\"This book explores adaptive security techniques through CyberAssurance for risk-based decision making in the context of software-based systems and discusses ways to achieve it. It identifies a discipline termed CyberAssurance, which considers the interactions of assurance-enhancing technology, system architecture, and the development life cycle. It looks at trust-enhancing technology in some detail, articulating a strategy based on three main prongs: building software that behaves securely (high-confidence design techniques), executing software in a protected environment (containment), and monitoring software execution for malicious behavior (detection). Applying these three prongs in combination in the proper architectural and life cycle contexts provides the best risk strategy methods for increasing our trust in software-based for Internet of Things (IoT), Cloud, and Edge systems\"-- Provided by publisher.
Book
A Comprehensive Method to Assess Work System Security Risk
This article presents a comprehensive method to assess system security risks. The method includes a cohesive set of steps to not only identify a more complete set of security risks but also assess them in a systematic manner. The method is based on the integration of two kinds of models: (1) qualitative models emphasizing security risk factors and security requirement determination and (2) quantitative models that focus on formal evaluation and assessment of system security risks. Unlike most of the existing methods, the proposed method covers the whole process of system security risk assessment spanning all three phases—ascertainment of security requirements, measurement of evidence for security requirements, and evaluation of evidence against the needed security mechanisms. The article extends existing work on system security risk methods by incorporating new ideas of multifaceted security view and work system in a coherent set of steps. The article demonstrates the application of the proposed method to a real application and discusses the major results.
Journal Article
Why don't we defend better? : data breaches, risk management, and public policy
\"The wave of data breaches raises two pressing questions : Why don't we defend our networks better? And, what practical incentives can we create to improve our defenses? Why Don't We Defend Better? : Data Breaches, Risk Management, and Public Policy answers those questions. It distinguishes three technical sources of data breaches corresponding to three types of vulnerabilities: software, human, and network. It discusses two risk management goals: business and consumer. The authors propose mandatory anonymous reporting of information as an essential step toward better defense, as well as a general reporting requirement. They also provide a systematic overview of data breach defense, combining technological and public policy considerations\"-- Provided by publisher.
Book
Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes
The Internet of Things (IoT) is an emerging paradigm focusing on the connection of devices, objects, or “things” to each other, to the Internet, and to users. IoT technology is anticipated to become an essential requirement in the development of smart homes, as it offers convenience and efficiency to home residents so that they can achieve better quality of life. Application of the IoT model to smart homes, by connecting objects to the Internet, poses new security and privacy challenges in terms of the confidentiality, authenticity, and integrity of the data sensed, collected, and exchanged by the IoT objects. These challenges make smart homes extremely vulnerable to different types of security attacks, resulting in IoT-based smart homes being insecure. Therefore, it is necessary to identify the possible security risks to develop a complete picture of the security status of smart homes. This article applies the operationally critical threat, asset, and vulnerability evaluation (OCTAVE) methodology, known as OCTAVE Allegro, to assess the security risks of smart homes. The OCTAVE Allegro method focuses on information assets and considers different information containers such as databases, physical papers, and humans. The key goals of this study are to highlight the various security vulnerabilities of IoT-based smart homes, to present the risks on home inhabitants, and to propose approaches to mitigating the identified risks. The research findings can be used as a foundation for improving the security requirements of IoT-based smart homes.
Journal Article
IT governance : an international guide to data security and ISO27001/ISO27002
\"Faced with constant and fast-evolving threats to information security and with a growing exposure to cyber risk, managers at all levels and in organizations of all sizes need a robust IT governance system. Now in its sixth edition, the bestselling IT Governance provides best-practice guidance for companies looking to protect and enhance their information security management systems and protect themselves against cyber threats. IT Governance has been fully updated to take account of current cyber security and advanced persistent threats and reflects the latest regulatory and technological developments, including the 2013 updates to ISO27001/ISO27002. Changes for this edition include:
Book
Cybersecurity Risk Management Framework for Blockchain Identity Management Systems in Health IoT
Blockchain (BC) has recently paved the way for developing Decentralized Identity Management (IdM) systems for different information systems. Researchers widely use it to develop decentralized IdM systems for the Health Internet of Things (HIoT). HIoT is considered a vulnerable system that produces and processes sensitive data. BC-based IdM systems have the potential to be more secure and privacy-aware than centralized IdM systems. However, many studies have shown potential security risks to using BC. A Systematic Literature Review (SLR) conducted by the authors on BC-based IdM systems in HIoT systems showed a lack of comprehensive security and risk management frameworks for BC-based IdM systems in HIoT. Conducting a further SLR focusing on risk management and supplemented by Grey Literature (GL), in this paper, a security taxonomy, security framework, and cybersecurity risk management framework for the HIoT BC-IdM systems are identified and proposed. The cybersecurity risk management framework will significantly assist developers, researchers, and organizations in developing a secure BC-based IdM to ensure HIoT users’ data privacy and security.
Journal Article
Dynamic Security Risk Management Using Bayesian Attack Graphs
Security risk assessment and mitigation are two vital processes that need to be executed to maintain a productive IT infrastructure. On one hand, models such as attack graphs and attack trees have been proposed to assess the cause-consequence relationships between various network states, while on the other hand, different decision problems have been explored to identify the minimum-cost hardening measures. However, these risk models do not help reason about the causal dependencies between network states. Further, the optimization formulations ignore the issue of resource availability while analyzing a risk model. In this paper, we propose a risk management framework using Bayesian networks that enable a system administrator to quantify the chances of network compromise at various levels. We show how to use this information to develop a security mitigation and management plan. In contrast to other similar models, this risk model lends itself to dynamic analysis during the deployed phase of the network. A multiobjective optimization platform provides the administrator with all trade-off information required to make decisions in a resource constrained environment.
Journal Article