Visible to the public Biblio

Found 186 results

Filters: Keyword is risk management  [Clear All Filters]
He, Ruhai, Wan, Chengpeng, Jiang, Xinchen.  2021.  Risk Management of Port Operations: a Systematic Literature Review and Future Directions. 2021 6th International Conference on Transportation Information and Safety (ICTIS). :44—51.
With the continuous development of world economy, the trade and connection between countries are getting closer, in which ports are playing an increasingly important role. However, due to the inherent complexity of port operational environment, ports are exposed to various types of hazards and more likely to encounter risks with high frequency and serious consequences. Therefore, proper and effective risk management of ports is particularly essential and necessary. In this research, literature from three aspects including risk assessment of port operations and service, safety management of dangerous goods, and port supply chain risk management was collected and investigated, in order to put forward the future research direction related to the risk management of port operations. The research results show that, firstly, most of the current research mainly focuses on the operational risk of traditional ports and a lot of relevant achievements have been seen. However, few scholars have studied the risk issues of smart ports which are believed to be the trend of future with the rapid development and application of high and new technologies. Thus, it is suggested that more attention should be shifted to the identification and assessment of operational risks of smart ports considering their characteristics. Secondly, although the risk evaluation systems of port operational safety have been established and widely studied, more efforts are still needed in terms of the suitability and effectiveness of the proposed indicators, especially when dangerous goods are involved. Thirdly, risk management of port supply chain is another popular topic, in which, one of the main difficulties lies on the collection of risk related statistics data due to the fact that port supply chain systems are usually huge and complex. It is inevitably that the evaluation results will lack objectivity to some extent. Therefore, it calls for more research on the risk assessment of port supply chains in a quantitative manner. In addition, resilience, as an emerging concept in the transportation field, will provide a new angle on the risk management of port supply chains.
Kusrini, Elisa, Anggarani, Iga, Praditya, Tifa Ayu.  2021.  Analysis of Supply Chain Security Management Systems Based on ISO 28001: 2007: Case Study Leather Factory in Indonesia. 2021 IEEE 8th International Conference on Industrial Engineering and Applications (ICIEA). :471—477.
The international Supply Chains (SC) have expanded rapidly over the decades and also consist of many entities and business partners. The increasing complexity of supply chain makes it more vulnerable to a security threat. Therefore, it is necessary to evaluate security management systems to ensure the flow of goods in SC. In this paper we used international standards to assess the security of the company's supply chain compliance with ISO 28001. Supply chain security that needs to be assessed includes all inbound logistics activities to outbound logistics. The aim of this research is to analyse the security management system by identifying security threat, consequences, and likelihood to develop adequate countermeasures for the security of the company's supply chain. Security risk assessment was done using methodology compliance with ISO 28001 which are identify scope of security assessment, conduct security assessment, list applicable threat scenario, determine consequences, determine likelihood, determine risk score, risk evaluation using risk matrix, determine counter measures, and estimation of risk matrix after countermeasures. This research conducted in one of the leather factory in Indonesia. In this research we divided security threat into five category: asset security, personnel security, information security, goods and conveyance security, and closed cargo transport units. The security assessment was conducted by considering the performance review according to ISO 28001: 2007 and the results show that there are 22 security threat scenarios in the company's supply chain. Based upon a system of priorities by risk score, countermeasures are designed to reduce the threat into acceptable level.
Mostafa, Abdelrahman Ibrahim, Rashed, Abdelrahman Mostafa, Alsherif, Yasmin Ashraf, Enien, Yomna Nagah, Kaoud, Menatalla, Mohib, Ahmed.  2021.  Supply Chain Risk Assessment Using Fuzzy Logic. 2021 3rd Novel Intelligent and Leading Emerging Sciences Conference (NILES). :246—251.
Business's strength arises from the strength of its supply chain. Therefore, a proper supply chain management is vital for business continuity. One of the most challenging parts of SCM is the contract negotiation, and one main aspect of the negotiation is to know the risk associated with each range of quantity agreed on. Currently Managers assess the quantity to be supplied based on a binary way of either full or 0 supply, This paper aims to assess the corresponding quantities risks of the suppliers on a multilayer basis. The proposed approach uses fuzzy logic as an artificial intelligence tool that would develop the verbal terms of managers into numbers to be dealt with. A company that produces fresh frozen vegetables and fruits in Egypt who faces the problem of getting the required quantities from the suppliers with a fulfilment rate of 33% was chosen to apply the proposed model. The model allowed the managers to have full view of risk in their supply chain effectively and decide their needed capacity as well as the negotiation terms with both suppliers and customers. Future work should be the use of more data in the fuzzy database and implement the proposed methodology in an another industry.
Zhang, Fan, Ding, Ye.  2021.  Research on the Application of Internet of Things and Block Chain Technology in Improving Supply Chain Financial Risk Management. 2021 International Conference on Computer, Blockchain and Financial Development (CBFD). :347—350.
This article analyzes the basic concepts of supply chain finance, participating institutions, business methods, and exposure to risks. The author combined the basic content of the Internet of Things and block chain technology to carry out research. This paper studies the specific applications of the Internet of Things and block chain technology in supply chain financial risk identification, supply chain financial risk assessment, full-process logistics supervision, smart contract transaction management, corporate financial statement sorting, and risk prevention measures. The author's purpose is to improve the financial risk management level of the enterprise supply chain and promote the stable development of the enterprise economy.
Kieras, Timothy, Farooq, Muhammad Junaid, Zhu, Quanyan.  2020.  RIoTS: Risk Analysis of IoT Supply Chain Threats. 2020 IEEE 6th World Forum on Internet of Things (WF-IoT). :1—6.
Securing the supply chain of information and communications technology (ICT) has recently emerged as a critical concern for national security and integrity. With the proliferation of Internet of Things (IoT) devices and their increasing role in controlling real world infrastructure, there is a need to analyze risks in networked systems beyond established security analyses. Existing methods in literature typically leverage attack and fault trees to analyze malicious activity and its impact. In this paper, we develop RIoTS, a security risk assessment framework borrowing from system reliability theory to incorporate the supply chain. We also analyze the impact of grouping within suppliers that may pose hidden risks to the systems from malicious supply chain actors. The results show that the proposed analysis is able to reveal hidden threats posed to the IoT ecosystem from potential supplier collusion.
Xu, Rong-Zhen, He, Meng-Ke.  2020.  Application of Deep Learning Neural Network in Online Supply Chain Financial Credit Risk Assessment. 2020 International Conference on Computer Information and Big Data Applications (CIBDA). :224—232.
Under the background of "Internet +", in order to solve the problem of deeply mining credit risk behind online supply chain financial big data, this paper proposes an online supply chain financial credit risk assessment method based on deep belief network (DBN). First, a deep belief network evaluation model composed of Restricted Boltzmann Machine (RBM) and classifier SOFTMAX is established, and the performance evaluation test of three kinds of data sets is carried out by using this model. Using factor analysis to select 8 indicators from 21 indicators, and then input them into RBM for conversion to form a more scientific evaluation index, and finally input them into SOFTMAX for evaluation. This method of online supply chain financial credit risk assessment based on DBN is applied to an example for verification. The results show that the evaluation accuracy of this method is 96.04%, which has higher evaluation accuracy and better rationality compared with SVM method and Logistic method.
Benabdallah, Chaima, El-Amraoui, Adnen, Delmotte, François, Frikha, Ahmed.  2020.  An integrated rough-DEMA℡ method for sustainability risk assessment in agro-food supply chain. 2020 5th International Conference on Logistics Operations Management (GOL). :1—9.
In the recent years, sustainability has becoming an important topic in agro-food supply chain. Moreover, these supply chains are more vulnerable due to different interrelated risks from man-made and natural disasters. However, most of the previous studies consider less about interrelation in assessing sustainability risks. The purpose of this research is to develop a framework to assess supply chain sustainability risks by rnking environmental risks, economic risks, social risks and operational risks. To solve this problem, the proposed methodology is an integrated rough decision- making and trial evaluation laboratory (DEMA℡) method that consider the interrelationship between different risks and the group preference diversity. In order to evaluate the applicability of the proposed method, a real-world case study of Tunisian agro-food company is presented. The results show that the most important risks are corruption, inflation and uncertainty in supply and demand.
hong, Xue, zhifeng, Liao, yuan, Wang, ruidi, Xu, zhuoran, Xu.  2020.  Research on risk severity decision of cluster supply chain based on data flow fuzzy clustering. 2020 Chinese Control And Decision Conference (CCDC). :2810—2815.
Based on the analysis of cluster supply chain risk characteristics, starting from the analysis of technical risk dimensions, information risk dimensions, human risk dimensions, and capital risk dimensions, a cluster supply chain risk severity assessment index system is designed. The fuzzy C-means clustering algorithm based on data flow is used to cluster each supply chain, analyze the risk severity of the supply chain, and evaluate the decision of the supply chain risk severity level based on the cluster weights and cluster center range. Based on the analytic hierarchy process, the risk severity of the entire clustered supply chain is made an early warning decision, and the clustered supply chain risk severity early warning level is obtained. The results of simulation experiments verify the feasibility of the decision method for cluster supply chain risk severity, and improve the theoretical support for cluster supply chain risk severity prediction.
Hong, TingYi, Kolios, Athanasios.  2020.  A Framework for Risk Management of Large-Scale Organisation Supply Chains. 2020 International Conference on Decision Aid Sciences and Application (DASA). :948—953.
This paper establishes a novel approach to supply chain risk management (SCRM), through establishing a risk assessment framework addressing the importance of SCRM and supply chain visibility (SCV). Through a quantitative assessment and empirical evidence, the paper also discusses the specific risks within the manufacturing industry. Based on survey data collected and a case study from Asia, the paper finds that supplier delays and poor product quality can be considered as prevailing risks relevant to the manufacturing industry. However, as supply chain risks are inter-related, one must increase supply chain visibility to fully consider risk causes that ultimately lead to the risk effects. The framework established can be applied to different industries with the view to inform organisations on prevailing risks and prompt motivate improvement in supply chain visibility, thereby, modify risk management strategies. Through suggesting possible risk sources, organisations can adopt proactive risk mitigation strategies so as to more efficiently manage their exposure.
Kirillova, Elena A., Shavaev, Azamat A., Wenqi, Xi, Huiting, Guo, Suyu, Wang.  2020.  Information Security of Logistics Services. 2020 International Conference Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS). :103—106.

Information security of logistics services. Information security of logistics services is understood as a complex activity aimed at using information and means of its processing in order to increase the level of protection and normal functioning of the object's information environment. At the same time the main recommendations for ensuring information security of logistics processes include: logistics support of processes for ensuring the security of information flows of the enterprise; assessment of the quality and reliability of elements, reliability and efficiency of obtaining information about the state of logistics processes. However, it is possible to assess the level of information security within the organization's controlled part of the supply chain through levels and indicators. In this case, there are four levels and elements of information security of supply chains.

Zhang, Fan, Bu, Bing.  2021.  A Cyber Security Risk Assessment Methodology for CBTC Systems Based on Complex Network Theory and Attack Graph. 2021 7th Annual International Conference on Network and Information Systems for Computers (ICNISC). :15—20.
Cyber security risk assessment is very important to quantify the security level of communication-based train control (CBTC) systems. In this paper, a methodology is proposed to assess the cyber security risk of CBTC systems that integrates complex network theory and attack graph method. On one hand, in order to determine the impact of malicious attacks on train control, we analyze the connectivity of movement authority (MA) paths based on the working state of nodes, the connectivity of edges. On the other hand, attack graph is introduced to quantify the probabilities of potential attacks that combine multiple vulnerabilities in the cyber world of CBTC. Experiments show that our methodology can assess the security risks of CBTC systems and improve the security level after implementing reinforcement schemes.
Basumatary, Basundhara, Kumar, Chandan, Yadav, Dilip Kumar.  2021.  Security Risk Assessment of Information Systems in an Indeterminate Environment. 2021 11th International Conference on Cloud Computing, Data Science & Engineering (Confluence). :82—87.

The contemporary struggle that rests upon security risk assessment of Information Systems is its feasibility in the presence of an indeterminate environment when information is insufficient, conflicting, generic or ambiguous. But as pointed out by the security experts, most of the traditional approaches to risk assessment of information systems security are no longer practicable as they fail to deliver viable support on handling uncertainty. Therefore, to address this issue, we have anticipated a comprehensive risk assessment model based on Bayesian Belief Network (BBN) and Fuzzy Inference Scheme (FIS) process to function in an indeterminate environment. The proposed model is demonstrated and further comparisons are made on the test results to validate the reliability of the proposed model.

Başer, Melike, Güven, Ebu Yusuf, Aydın, Muhammed Ali.  2021.  SSH and Telnet Protocols Attack Analysis Using Honeypot Technique: Analysis of SSH AND ℡NET Honeypot. 2021 6th International Conference on Computer Science and Engineering (UBMK). :806–811.
Generally, the defense measures taken against new cyber-attack methods are insufficient for cybersecurity risk management. Contrary to classical attack methods, the existence of undiscovered attack types called’ zero-day attacks’ can invalidate the actions taken. It is possible with honeypot systems to implement new security measures by recording the attacker’s behavior. The purpose of the honeypot is to learn about the methods and tools used by the attacker or malicious activity. In particular, it allows us to discover zero-day attack types and develop new defense methods for them. Attackers have made protocols such as SSH (Secure Shell) and Telnet, which are widely used for remote access to devices, primary targets. In this study, SSHTelnet honeypot was established using Cowrie software. Attackers attempted to connect, and attackers record their activity after providing access. These collected attacker log records and files uploaded to the system are published on Github to other researchers1. We shared the observations and analysis results of attacks on SSH and Telnet protocols with honeypot.
Perrone, Paola, Flammini, Francesco, Setola, Roberto.  2021.  Machine Learning for Threat Recognition in Critical Cyber-Physical Systems. 2021 IEEE International Conference on Cyber Security and Resilience (CSR). :298–303.

Cybersecurity has become an emerging challenge for business information management and critical infrastructure protection in recent years. Artificial Intelligence (AI) has been widely used in different fields, but it is still relatively new in the area of Cyber-Physical Systems (CPS) security. In this paper, we provide an approach based on Machine Learning (ML) to intelligent threat recognition to enable run-time risk assessment for superior situation awareness in CPS security monitoring. With the aim of classifying malicious activity, several machine learning methods, such as k-nearest neighbours (kNN), Naïve Bayes (NB), Support Vector Machine (SVM), Decision Tree (DT) and Random Forest (RF), have been applied and compared using two different publicly available real-world testbeds. The results show that RF allowed for the best classification performance. When used in reference industrial applications, the approach allows security control room operators to get notified of threats only when classification confidence will be above a threshold, hence reducing the stress of security managers and effectively supporting their decisions.

Kriz, Danielle.  2011.  Cybersecurity principles for industry and government: A useful framework for efforts globally to improve cybersecurity. 2011 Second Worldwide Cybersecurity Summit (WCS). :1–3.
To better inform the public cybersecurity discussion, in January 2011 the Information Technology Industry Council (ITI) developed a comprehensive set of cybersecurity principles for industry and government [1]. ITI's six principles aim to provide a useful and important lens through which any efforts to improve cybersecurity should be viewed.
Ahmed-Zaid, Said, Loo, Sin Ming, Valdepena-Delgado, Andres, Beam, Theron.  2021.  Cyber-Physical Security Assessment and Resilience of a Microgrid Testbed. 2021 Resilience Week (RWS). :1–3.
In order to identify potential weakness in communication and data in transit, a microgrid testbed is being developed at Boise State University. This testbed will be used to verify microgrid models and communication methods in an effort to increase the resiliency of these systems to cyber-attacks. If vulnerabilities are found in these communication methods, then risk mitigation techniques will be developed to address them.
Rafaiani, Giulia, Battaglioni, Massimo, Baldi, Marco, Chiaraluce, Franco, Libertini, Giovanni, Spalazzi, Luca, Cancellieri, Giovanni.  2021.  A Functional Approach to Cyber Risk Assessment. 2021 AEIT International Annual Conference (AEIT). :1–6.
Information security has become a crucial issue not only from the technical standpoint, but also from the managerial standpoint. The necessity for organizations to understand and manage cyber risk has led to the rise of a plethora of risk assessment methods and tools. These approaches are often difficult to interpret and complex to manage for organizations. In this paper, we propose a simple and quantitative method for the estimation of the likelihood of occurrence of a cyber incident. Our approach uses a generalized logistic function and a cumulative geometric distribution to combine the maturity and the complexity of the technical infrastructure of an organization with its attractiveness towards cyber criminals.
Kummerow, André, Rösch, Dennis, Nicolai, Steffen, Brosinsky, Christoph, Westermann, Dirk, Naumann, é.  2021.  Attacking dynamic power system control centers - a cyber-physical threat analysis. 2021 IEEE Power Energy Society Innovative Smart Grid Technologies Conference (ISGT). :01—05.

In dynamic control centers, conventional SCADA systems are enhanced with novel assistance functionalities to increase existing monitoring and control capabilities. To achieve this, different key technologies like phasor measurement units (PMU) and Digital Twins (DT) are incorporated, which give rise to new cyber-security challenges. To address these issues, a four-stage threat analysis approach is presented to identify and assess system vulnerabilities for novel dynamic control center architectures. For this, a simplified risk assessment method is proposed, which allows a detailed analysis of the different system vulnerabilities considering various active and passive cyber-attack types. Qualitative results of the threat analysis are presented and discussed for different use cases at the control center and substation level.

Petratos, Pythagoras, Faccia, Alessio.  2021.  Securing Energy Networks: Blockchain and Accounting Systems. 2021 International Conference on Electrical, Computer and Energy Technologies (ICECET). :1–5.
The energy sector is facing increasing risks, mainly concerning fraudulent activities and cyberattacks. This paradigm shift in risks would require innovative solutions. This paper proposes an innovative architecture based on Distributed Ledger Technologies (Blockchain) and Triple Entry Accounting (X-Accounting). The proposed architecture focusing on new applications of payment and billing would improve accountability and compliance as well as security and reliability. Future research can extend this architecture to other energy technologies and systems like EMS/SCADA and associated applications.
Dax, Alexander, Künnemann, Robert.  2021.  On the Soundness of Infrastructure Adversaries. 2021 IEEE 34th Computer Security Foundations Symposium (CSF). :1–16.
Campus Companies and network operators perform risk assessment to inform policy-making, guide infrastructure investments or to comply with security standards such as ISO 27001. Due to the size and complexity of these networks, risk assessment techniques such as attack graphs or trees describe the attacker with a finite set of rules. This characterization of the attacker can easily miss attack vectors or overstate them, potentially leading to incorrect risk estimation. In this work, we propose the first methodology to justify a rule-based attacker model. Conceptually, we add another layer of abstraction on top of the symbolic model of cryptography, which reasons about protocols and abstracts cryptographic primitives. This new layer reasons about Internet-scale networks and abstracts protocols.We show, in general, how the soundness and completeness of a rule-based model can be ensured by verifying trace properties, linking soundness to safety properties and completeness to liveness properties. We then demonstrate the approach for a recently proposed threat model that quantifies the confidentiality of email communication on the Internet, including DNS, DNSSEC, and SMTP. Using off-the-shelf protocol verification tools, we discover two flaws in their threat model. After fixing them, we show that it provides symbolic soundness.
Al-Turkistani, Hilalah F., AlFaadhel, Alaa.  2021.  Cyber Resiliency in the Context of Cloud Computing Through Cyber Risk Assessment. 2021 1st International Conference on Artificial Intelligence and Data Analytics (CAIDA). :73–78.
Cyber resiliency in Cloud computing is one of the most important capability of an enterprise network that provides continues ability to withstand and quick recovery from the adversary conditions. This capability can be measured through cybersecurity risk assessment techniques. However, cybersecurity risk management studies in cloud computing resiliency approaches are deficient. This paper proposes resilient cloud cybersecurity risk assessment tailored specifically to Dropbox with two methods: technical-based solution motivated by a cybersecurity risk assessment of cloud services, and a target personnel-based solution guided by cybersecurity-related survey among employees to identify their knowledge that qualifies them withstand to any cyberattack. The proposed work attempts to identify cloud vulnerabilities, assess threats and detect high risk components, to finally propose appropriate safeguards such as failure predicting and removing, redundancy or load balancing techniques for quick recovery and return to pre-attack state if failure happens.
Gómez, Giancarlo, Espina, Enrique, Armas-Aguirre, Jimmy, Molina, Juan Manuel Madrid.  2021.  Cybersecurity architecture functional model for cyber risk reduction in IoT based wearable devices. 2021 Congreso Internacional de Innovación y Tendencias en Ingeniería (CONIITI). :1—4.
In this paper, we propose a functional model for the implementation of devices that use the Internet of Things (IoT). In recent years, the number of devices connected to the internet per person has increased from 0.08 in 2003 to a total of 6.58 in 2020, suggesting an increase of 8,225% in 7 years. The proposal includes a functional IoT model of a cybersecurity architecture by including components to ensure compliance with the proposed controls within a cybersecurity framework to detect cyber threats in IoT-based wearable devices. The proposal focuses on reducing the number of vulnerabilities present in IoT devices since, on average, 57% of these devices are vulnerable to attacks. The model has a 3-layer structure: business, applications, and technology, where components such as policies, services and nodes are described accordingly. The validation was done through a simulated environment of a system for the control and monitoring of pregnant women using wearable devices. The results show reductions of the probability index and the impact of risks by 14.95% and 6.81% respectively.
Stan, Orly, Bitton, Ron, Ezrets, Michal, Dadon, Moran, Inokuchi, Masaki, Ohta, Yoshinobu, Yagyu, Tomohiko, Elovici, Yuval, Shabtai, Asaf.  2021.  Heuristic Approach for Countermeasure Selection Using Attack Graphs. 2021 IEEE 34th Computer Security Foundations Symposium (CSF). :1–16.
Selecting the optimal set of countermeasures to secure a network is a challenging task, since it involves various considerations and trade-offs, such as prioritizing the risks to mitigate given the mitigation costs. Previously suggested approaches are based on limited and largely manual risk assessment procedures, provide recommendations for a specific event, or don't consider the organization's constraints (e.g., limited budget). In this paper, we present an improved attack graph-based risk assessment process and apply heuristic search to select an optimal countermeasure plan for a given network and budget. The risk assessment process represents the risk in the system in such a way that incorporates the quantitative risk factors and relevant countermeasures; this allows us to assess the risk in the system under different countermeasure plans during the search, without the need to regenerate the attack graph. We also provide a detailed description of countermeasure modeling and discuss how the countermeasures can be automatically matched to the security issues discovered in the network.
Ba\c ser, Melike, Güven, Ebu Yusuf, Aydın, Muhammed Ali.  2021.  SSH and Telnet Protocols Attack Analysis Using Honeypot Technique : *Analysis of SSH AND ℡NET Honeypot. 2021 6th International Conference on Computer Science and Engineering (UBMK). :806–811.
Generally, the defense measures taken against new cyber-attack methods are insufficient for cybersecurity risk management. Contrary to classical attack methods, the existence of undiscovered attack types called' zero-day attacks' can invalidate the actions taken. It is possible with honeypot systems to implement new security measures by recording the attacker's behavior. The purpose of the honeypot is to learn about the methods and tools used by the attacker or malicious activity. In particular, it allows us to discover zero-day attack types and develop new defense methods for them. Attackers have made protocols such as SSH (Secure Shell) and Telnet, which are widely used for remote access to devices, primary targets. In this study, SSHTelnet honeypot was established using Cowrie software. Attackers attempted to connect, and attackers record their activity after providing access. These collected attacker log records and files uploaded to the system are published on Github to other researchers1. We shared the observations and analysis results of attacks on SSH and Telnet protocols with honeypot.
Chandra, Nungky Awang, Putri Ratna, Anak Agung, Ramli, Kalamullah.  2020.  Development of a Cyber-Situational Awareness Model of Risk Maturity Using Fuzzy FMEA. 2020 International Workshop on Big Data and Information Security (IWBIS). :127–136.
This paper uses Endsley's situational awareness model as a starting point for creating a new cyber-security awareness model for risk maturity. This is used to model the relationship between risk management-based situational awareness and levels of maturity in making decisions to deal with potential cyber-attacks. The risk maturity related to cyber situational awareness using the fuzzy failure mode effect analysis (FMEA) method is needed as a basis for effective risk-based decision making and to measure the level of maturity in decision making using the Software Engineering Institute Capability Maturity Model Integration (SEI CMMI) approach. The novelty of this research is that it builds a model of the relationship between the level of maturity and the level of risk in cyber-situational awareness. Based on the data during the COVID-19 pandemic, there was a decrease in the number of incidents, including the following decreases: from 15-29 cases of malware attacks to 8-12 incidents, from 20-35 phishing cases to 12-15 cases and from 5-10 ransomware cases to 5-6 cases.