Information Security Risk Assessment

Kuzminykh, Ievgeniia; Ghita, Bogdan; Sokolov, Volodymyr; Bakhshi, Taimur

doi:10.3390/encyclopedia1030050

Cited by 29 publications

(30 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The main focus of the qualitative risk assessment is the likelihood of an event rather than its statistical probability. These likelihoods are derived from analyzing the threats and vulnerabilities and then generating a qualitative value for the asset or assets that may be affected [25]. In this research, we chose OWASP risk rating methodology to provide a risk-based level challenge by determining the severity rating of each challenge that is classified into 3 levels which are medium, high, and critical.…”

Section: Originalitymentioning

confidence: 99%

Web Application Security Education Platform Based on OWASP API Security Project

Idris

Syarif

Winarno

2022

EMITTER Int'l J. of Engin. Technol.

View full text Add to dashboard Cite

The trend of API-based systems in web applications in the last few years keeps steadily growing. API allows web applications to interact with external systems to enable business-to-business or system-to-system integration which leads to multiple application innovations. However, this trend also comes with a different surface of security problems that can harm not only web applications, but also mobile and IoT applications. This research proposed a web application security education platform which is focused on the OWASP API security project. This platform provides different security risks such as excessive data exposure, lack of resources and rate-limiting, mass assignment, and improper asset management which cannot be found in monolithic security learning application like DVWA, WebGoat, and Multillidae II. The development also applies several methodologies such as Capture-The-Flag (CTF) learning model, vulnerability assessment, and container virtualization. Based on our experiment, we are successfully providing 10 API vulnerability challenges to the platform with 3 different levels of severity risk rating which can be exploited using tools like Burp Suite, SQLMap, and JWTCat. In the end, based on our performance experiment, all of the containers on the platform can be deployed in approximately 16 seconds with minimum storage resource and able to serve up to 1000 concurrent users with the average throughput of 50.58 requests per second, 96.35% successful requests, and 15.94s response time.

show abstract

Section: Originalitymentioning

confidence: 99%

Web Application Security Education Platform Based on OWASP API Security Project

Idris

Syarif

Winarno

2022

EMITTER Int'l J. of Engin. Technol.

View full text Add to dashboard Cite

show abstract

“…In most cases, the assessment input data are utilized to acquire information concerning undesirable or unexpected occurrences that might threaten information security. Nevertheless, a common absence of sufficient statistics diminishes the relevance and precision of the outcome [1].…”

Section: Dmentioning

confidence: 99%

“…The qualitative technique is popular since it uses a simple scale with three risk assessment levels (low, medium, and high). Interviews with experts might be used for assessment [1]. Large companies and cities benefit the most from qualitative risk analysis using scenario models.…”

Section: Dmentioning

confidence: 99%

“…In addition to comparing quantitative and qualitative-qualitative models, previous studies have been conducted to compare professional organisation frameworks [38]. In these comparative studies, researchers considered vulnerabilities, threats, assets, and countermeasures for security hazards [1]. For future research, qualitative models are the potential to be compared.…”

Section: Bmentioning

confidence: 99%

“…The aim is to assess the severity of a particular threat and its possible consequences. A hazard needs immediate precautionary measures because this poses the highest risk [1].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Information Security Risk Assessment (ISRA): A Systematic Literature Review

Devi

Sensuse

Kautsarina

et al. 2022

J. Inf. Syst. Eng. Bus. Intell.

View full text Add to dashboard Cite

Background: Information security is essential for organisations, hence the risk assessment. Information security risk assessment (ISRA) identifies, assesses, and prioritizes risks according to organisational goals. Previous studies have analysed and discussed information security risk assessment. Therefore, it is necessary to understand the models more systematically. Objective: This study aims to determine types of ISRA and fill a gap in literature review research by categorizing existing frameworks, models, and methods. Methods: The systematic literature review (SLR) approach developed by Kitchenham is applied in this research. A total of 25 studies were selected, classified, and analysed according to defined criteria. Results: Most selected studies focus on implementing and developing new models for risk assessment. In addition, most are related to information systems in general. Conclusion: The findings show that there is no single best framework or model because the best framework needs to be tailored according to organisational goals. Previous researchers have developed several new ISRA models, but empirical evaluation research is needed. Future research needs to develop more robust models for risk assessments for cloud computing systems. Keywords: Information Security Risk Assessment, ISRA, Security Risk

show abstract

Adaptive Neural Network Filtering for Operational Assessment of Critical Resource Security

Kotenko,

Parashchuk

2024

Studies in Systems, Decision and Control

View full text Add to dashboard Cite

Information Security Risk Assessment

Cited by 29 publications

References 29 publications

Web Application Security Education Platform Based on OWASP API Security Project

Web Application Security Education Platform Based on OWASP API Security Project

Information Security Risk Assessment (ISRA): A Systematic Literature Review

Adaptive Neural Network Filtering for Operational Assessment of Critical Resource Security

Contact Info

Product

Resources

About