A Weighted Monte Carlo Simulation Approach to Risk Assessment of Information Security Management System

Dehghanimohammadabadi, Mohammad; Bamakan, Seyed Mojtaba Hosseini

doi:10.4018/ijeis.2015100103

Cited by 18 publications

(6 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…, then" rules. The method for assessing the critical threats, assets and vulnerabilities OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) is a methodology based on strategic risk assessment (Bamakan and Dehghanimohammadabadi, 2015).…”

Section: Literature Review Of Methods For Risk Assessmentmentioning

confidence: 99%

Information Security Risk Assessment in Critical Infrastructure: A Hybrid MCDM Approach

et al. 2019

View full text Add to dashboard Cite

The risk analysis has always been one of the essential procedures for any areas. The majority of security incidents occur because of ignoring risks or their inaccurate assessment. It is especially dangerous for critical infrastructures. Thus, the article is devoted to the description of the developed model of risk assessment for the essential infrastructures. The goal of the model is to provide a reliable method for multifaceted risk assessment of information infrastructure. The purpose of the article is to present a developed model based on integrated MCDM approaches that allow to correctly assess the risks of the critical information infrastructures.

show abstract

Section: Literature Review Of Methods For Risk Assessmentmentioning

confidence: 99%

Information Security Risk Assessment in Critical Infrastructure: A Hybrid MCDM Approach

et al. 2019

View full text Add to dashboard Cite

show abstract

“…These parameters play a central role in the generic TVC methodology (Washington, 2009), which underlies many existing security risk assessment frameworks, and is used to manage risks in a wide range of organizations. Security risk assessment is also done by methods based on game theory (Brown, Sinha, Schlenker, & Tambe, 2016;Farraj, Hammad, Al Daoud, & Kundur, 2016;Pita et al, 2008), graph theory (Schneier, 1999), the bowtie method (de Ruijter & Guldenmund, 2016), probabilistic tools (Bamakan & Dehghanimohammadabadi, 2015;Chawdhry, 2009) and red-teaming, i.e., real-life simulation of a threat scenario.…”

Section: Measuring Airport Security Checkpoint Performancementioning

confidence: 99%

Analyzing airport security checkpoint performance using cognitive agent models

Knol

Sharpanskykh

Janssen

2019

Journal of Air Transport Management

View full text Add to dashboard Cite

Modern airports operate under high demands and pressures, and strive to satisfy many diverse, interrelated, sometimes conflicting performance goals. Airport performance areas, such as security, safety, and efficiency are usually studied separately from each other. However, operational decisions made by airport managers often impact several areas simultaneously. Current knowledge on how different performance areas are related to each other is limited. This paper contributes to filling this gap by identifying and quantifying relations and trade-offs between the detection performance of illegal items and the average queuing time at airport security checkpoints. These relations and trade-offs were analyzed by simulations with a cognitive agent model of airport security checkpoint operations. By simulation analysis a security checkpoint performance curve with three different regions was identified. Furthermore, the importance of focus on accuracy for a security operator is shown. The results of the simulation studies were related to empirical research at an existing regional airport.

show abstract

“…The tool utilises Monte Carlo method to support evidence-based risk assessment and management, in furtherance of justifying appropriate countermeasures. The work in [35] presents a different approach to information security assessment based on analytic hierarchy process (AHP) and Monte Carlo simulation. In particular, the approach applies weight elements to the confidentiality, integrity and availability of information assets in order to improve the accuracy of results.…”

Section: Related Workmentioning

confidence: 99%

Towards effective cybersecurity resource allocation: the Monte Carlo predictive modelling approach

Fagade

Maraslis

Tryfonas

2017

IJCIS

View full text Add to dashboard Cite

Organisations invest in technical and procedural capabilities to ensure the confidentiality, integrity and availability of information assets and sustain business continuity at all times. However, given growing productive assets and limited protective security budgets, there is a need for deliberate evaluation of information security investment. Optimal resource allocation to security is often affected by intrinsically uncertain variables and associated factors like technical, economical and psychological; therefore, security expenditure is a crucial resource allocation decision. In spite of that, security managers and business owners are often incentivised by different drivers on whether to allocate optimal resources to cyber-specific security protective assets or other business productive assets. Hence, there is a disparity of opinion in resource allocation decisions. We explored how Monte Carlo predictive simulation model can be used within the context of Information Technology to reduce these disparities. Using a conceptual enterprise as a case study and verifiable historical cost of security breaches as parametric values, our model shows why using conventional risk assessment approach as budgeting process can result in significant over/under allocation of resources for cyber capabilities. Our model can serve as a benchmark for policy and decision support to aid stakeholders in optimising resource allocation for cyber security investments.

show abstract

A Weighted Monte Carlo Simulation Approach to Risk Assessment of Information Security Management System

Cited by 18 publications

References 25 publications

Information Security Risk Assessment in Critical Infrastructure: A Hybrid MCDM Approach

Information Security Risk Assessment in Critical Infrastructure: A Hybrid MCDM Approach

Analyzing airport security checkpoint performance using cognitive agent models

Towards effective cybersecurity resource allocation: the Monte Carlo predictive modelling approach

Contact Info

Product

Resources

About