Risk Assessment Model of Information Security for Transportation Industry System Based on Risk Matrix

Zhao, Xiangmo; Ming, Dai; Ren, Shan; Li, Luyao; Duan, Zhenhai

doi:10.12785/amis/080345

Cited by 3 publications

(9 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Borda method is also developed to improve risk matrix precision, although this effort cannot eliminate risk ties completely [13]. There are also some proposed risk calculation algorithm to improve objectivity of assessment process [14]. All of these developments are relied on the original published risk matrix where matrix dimension is limited to two dimension and for many cases this limitation create inflexibility in risk assessment problem and requirements [10].…”

Section: Related Workmentioning

confidence: 99%

“…In Bayesian conditional probability, a prior opportunity represents a trust distribution reflecting the amount of initial trust of agents contributing to the hypothesis of an event [23]. In general, to calculate this probability value we refer to GB/T 20984-2007 [14,24]. The detail of calculation of probability of risk factor and risk profile can be derived in the following steps.…”

Section: Probability Modelmentioning

confidence: 99%

“…To calculate each likelihood and impact of each threat, we refer to [14]. Likelihood of threat risk (𝑓 1 ) is a function of threat and vulnerability, while impact of threat risk (𝑓 2 ) is a function of asset and vulnerability [14]. To calculate (𝑓 1 ), we are using formula and weight (notation 𝛼 and 𝛽) from [14] as in (7).…”

Section: ) Probability Of Threat Risk Calculationmentioning

confidence: 99%

See 2 more Smart Citations

Risk assessment of information production using extended risk matrix approach

Sembiring¹,

Wiharni²

2019

TELKOMNIKA

View full text Add to dashboard Cite

In many cases poor information quality appears mainly due to in-effectiveness of information management including information production and delivery. Where this situation poses a certain risk. A holistic information risk management model has been previously proposed. But the model has some limitations especially on risk calculation and risk priority ranking as the model does not consider existing control effectiveness. In this paper, a new risk assessment method is proposed in order to improve the model of total impact of risks and to improve the accuracy of risk priority ranking by modifying the extended risk matrix approach (RMA) where we take into account the existing control effectiveness. Using our approach by adding a new dimension on extended RMA. We are able to improve the accuracy (7.15%) and reduced the ambiguity (1.34) of assessment results on real cases illustration.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Probability Modelmentioning

confidence: 99%

Section: ) Probability Of Threat Risk Calculationmentioning

confidence: 99%

See 1 more Smart Citation

Risk assessment of information production using extended risk matrix approach

Sembiring¹,

Wiharni²

2019

TELKOMNIKA

View full text Add to dashboard Cite

show abstract

“…For instance, E-government [14], supply chain management [15], E-health [16], E-science [17], student performance [18], chlorine processing system [19], transportation industry [20], power systems [21], cloud computing [22][23][24][25], mobile applications [26] and so on. The development of ISRA in these industries illustrates that ISRA is becoming increasingly important not only traditional industries, but also other emerging domains such as mobile and cloud computing.…”

Section: General Statistical Descriptionsmentioning

confidence: 99%

“…For instance, Karaba-cak and Sogukpinar apply the real-life statistical data of a survey as input data to analyse risks properly [38]. Moreover, three papers [20,36,42] adopt the expert's assessment as the input data and then use the AHP or fuzzy theory to reduce the subjectivity of these input data.…”

Section: Risk Analysis-improvementmentioning

confidence: 99%

A systematic review of information security risk assessment

Pan¹,

Tomlinson²

2016

Int. J. SAFE

View full text Add to dashboard Cite

Many standards exist to guide the process of risk assessment, particularly in the field of information security. This leads to many, subtly different, definitions of risk analysis, evaluation and assessment. Consequently, researchers often confuse these terms and disciplines, which leads to further confusion within the community. In this sense, it is important to come to a common understanding of the processes and terminology to clarify research in this area. A common approach to achieve this goal is to carry out a literature review. This paper takes a formal approach to the literature review based on the ideas of the Cochrane group. The result is a systematic review of risk assessment in the field of information security. We present a systematic review of over 80 research papers published between 2004 and 2014. The main contribution of our paper is to construct a classification of these published papers into seven types. This classification aims to help researchers obtain a clear and unbiased picture of the terminology, developments and trends of information security risk assessment in the academic sector. [6] present a conceptual framework of comparisons among well-documented ISRA guidelines including NIST 800-30, OCTAVE and ISRAM. Other authors are interested in the improvement of current risk analysis approaches by applying fuzzy theory [7,8] and AHP (Analytic Hierarchy Process) theory [9,10].However, to our knowledge, there has been no systematic overview of the ISRA research to analyse the emphasis of the work and the direction of future research. Consequently, this paper will apply the methodology of systematic review not only to summarize the related research papers, but also to present a classified framework of these papers. In order to not to confuse the phrases of risk analysis, risk assessment and risk evaluation, we will use their definitions from ISO 27005 in our systematic review. The aim of the classification framework is to help researchers obtain a clear picture about the research areas. According to this classification, researchers can find some study entry points in this sector. Researchers may also learn the advanced ISRA methods and find the connections between organizational level and academic level from this systematic review.

show abstract

A risk assessment tool for improving safety standards and emergency management in Italian onshore wind farms

Garcia

Bruschi

2016

Sustainable Energy Technologies and Assessments

View full text Add to dashboard Cite

Risk Assessment Model of Information Security for Transportation Industry System Based on Risk Matrix

Cited by 3 publications

References 9 publications

Risk assessment of information production using extended risk matrix approach

Risk assessment of information production using extended risk matrix approach

A systematic review of information security risk assessment

A risk assessment tool for improving safety standards and emergency management in Italian onshore wind farms

Contact Info

Product

Resources

About