SHA Hailiang,ZHENG Guizhou,WANG Shengyuan,CHEN Zhong

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.10.061

2011-01-01

Computer Engineering and Applications Journal

Abstract:In order to accurately evaluate the impact to business,which is from the risk of information security,this paper provides a method based on the state changes of business activities.This method explains the impact that the state transition of information system makes the delay of business procedure when this risk is being solved,and makes the delay as a benchmark to evaluate the impact of risk to business.The business procedure delay is one of the most critical indicators.In the end,this paper proves the accuracy of this method by the analysis of example.

Yu Zhiwei,Tang Rengzhong,Jia Dongjiao,Ye Fanbo

DOI: https://doi.org/10.3321/j.issn:1004-132X.2007.04.021

2007-01-01

Abstract:To identify the security requirements of information systems, a business process-based security requirement analysis method was presented. Focused on the business process security, the related assets which affect the business process security were identified by security tree model. The security requirements of assets were identified by risk packet and risk transferring model, and then the security requirements list was formed after coverage analysis. Finally, a case was studied to illustrate the proposed method.

Zhi-wei YU,Ren-zhong TANG

DOI: https://doi.org/10.3785/j.issn.1008-973X.2007.08.003

2007-01-01

Abstract:A method of analyzing security objectives of business process elements (BPEs) was presented to determine the security requirements of business processes. According to the business process model, the initial security objectives of BPEs were identified based on a general classification. And the weighting coefficients of the security objectives of activities were affirmed by calculating the in-degree and out-degree of activities. The consistency checking rules and revising principles were brought forward to check and modify the security objectives, the final security objectives of BPEs were obtained. A case study showed that the proposed method could be used to get the security objectives of BPEs objectively.

Shi Jian,Guo Shanqing,Xie Li

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.01.034

2006-01-01

Abstract:Risk assessment is critical to establishing an effective Information Security Management System and it is the foundation of information system security systematism.After introducing information security risk assessment briefly,this paper provides a real-time risk assessment method using qualitative and quantitative assessment synthetically.By analyzing the assets,vulnerabilities and threats of information system,this method can evaluate the risk of the system in real time with the events produced by security devices.

CHEN Wei-hua,JIANG Quan-yuan,CAO Yi-jia,HAN Zhen-xiang

DOI: https://doi.org/10.3321/j.issn:1000-3673.2005.04.004

2005-01-01

Abstract:Based on probability theory the risk theory was applied to the vulnerability assessment of power system. Here, the power system was defined as a vulnerable system and a set of risk indices to assess the power system vulnerability and corresponding algorithm were built, thus the defects of traditional determinsistic security assessment method, which cannot satisfy the requirement of electricity market and complicated power grid, could be overcome. On this basis, a risk theory and risk indices based power system vulnerability assessment software was developed. Taking the New England test system for example, the effectiveness and advanced property of the presented method were proved.

Jing-chang WANG,Gen-cai CHEN

DOI: https://doi.org/10.3969/j.issn.1671-7147.2005.02.008

2005-01-01

Abstract:There are a lot of risks in the software developing process. To control the risk, the sorts of risk are defined from the software development and project management. The paper presents four main parts of risk identification and risk analysis. The risks during software development process and possible solutions are analyzed while the risk quantity method, parameter model and experience data are presented. According to these risk identification methods and every phase situation of software development, the strategy of risk control is proposed. About eighty percent risk can be identified and controlled in the statistic application.

DING Li-jie,CHEN Wei-hua,BAO Zhe-jing

2009-01-01

Abstract:To ensure the static security of the power system,which is one of the key factors in power system operation,a method of risk assessment and preventive control was proposed based on the risk of line overload and voltage exceeding.In this method,the probabilistic power flow(PPT) and cumulant method were used to analyze the randomness of system statuses,and the severity function was applied to describing the impact and outcome of line overhead and voltage exceeding.Moreover,the product of probability and severity of line overload and voltage exceeding was defined as the risk index of the system.Finally,a preventive control model for static security,based on optimal power flow and particle swarm optimization method,was developed and used to optimize the outputs of the system active and reactive resources,which reduced the risks of overload and voltage exceeding and increased system security.The method was proved effective through testing.

Zhengong Cai,Xiaohu Yang,Xinyu Wang

DOI: https://doi.org/10.1109/ICSM.2009.5306291

2009-01-01

Abstract:Understanding business processes is an important step for software maintenance. The approaches for recovering business processes are mostly based on source code analysis, including static analysis and dynamic analysis. All these methods are proved to be effective in some specific situations. However, they are challenged when facing enterprise legacy systems which implement complex business processes triggered by the external actors. In this paper, we introduce a new business process recovery approach that combines the requirement reacquisition with dynamic and static program analysis methods. The approach has been applied to the maintenance of an equity trading system to prove its efficiency.

LIU Sen-sen,CHEN Wei-hua,JIANG Quan-yuan

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.03.036

2009-01-01

Abstract:The risk theory was applied to static security analysis of power system,and a power system risk model with obvious parallel processing was built.A novel parallel processing approach of risk assessment of power system was presented based on the parallel model.The approach was implemented by PC cluster.In the implementation of specific parallel computing,the PC cluster technology was used.The New England 10-machine 39-node system was used to verify power system static security risk assessment methodology based on parallel computing.System's N-1 breaking accidents were used as the system's expected accident set.The risk of line power overload and that of bus low voltage were used as the two risk indicators to describe static security.The performance of parallel computing algorithm based on indicators and that of parallel computing algorithm based on static incidents allocation were compared.

刘新东,江全元,曹一家,陈为化

DOI: https://doi.org/10.3969/j.issn.1006-6047.2009.02.004

2009-01-01

Abstract:Based on probability theory,risk theory and fuzzy reasoning are applied to the transient security risk assessment of power system.Quantified risk indices are achieved by using specified severity function to quantify the maximal offsets of frequency and voltage and the margins of angle rotor stability and fault clearing time.The quantified frequency and voltage risk index are used to calculate the steady index by the steady fuzzy controller while the quantified margins of angle rotor stability and fault clearing time are used to calculate the transient index by the transient fuzzy controller.The system transient stability index is calculated by the weighted integration of steady index and transient index.Based on it,the software of transient security risk assessment is developed.Case study of risk indices calculation for a permanent three-phase grounding fault of New England 39-bus test system shows its effectiveness and rationality.

Hui Guan,Weiru Chen,Lin Liu,Hongji Yang

2012-01-01

Abstract:Risk assessment has been getting increased attention as the new vulnerabilities and threats are emerging on daily basis. The popularity and complexity of web application present challenges to the security implementation for web engineering. It is well known that the earlier to perform risk assessment for software, the less cost needed to mitigate the security risks. However, quantitative estimation of security in the earlier stage of software development life cycle is largely missing. In this paper, we propose a quantitative approach to perform risk assessment at design stage for web application which is based on multiple security vectors of asset, threat and vulnerability. An environment-driven method is proposed to elicit threats to the system. In the end, the risk assessment methodology is applied on a customer goods case study.

Xuesong Huo,Ming Zhang,Hongqin Zhu,Wei Li

DOI: https://doi.org/10.1109/cbd54617.2021.00052

2021-01-01

Abstract:At present, most of the security situation assessment methods for the power monitoring system only consider the network factors, ignore the security factors inside the system, and the weight distribution of assessment indicators is subjective. This paper analyzes the security factors affecting the power monitoring system, and gives the security situation assessment indicator system of the power monitoring system. On this basis, the security situation of each equipment is assessed based on Support Vector Regression, and the weight is calculated according to the importance of the security area division of the power monitoring system where different equipment is located. Finally, the overall security situation of the power monitoring system is comprehensively evaluated through weighted summation. On the one hand, it can improve the accuracy, the flexibility and the expansibility of the security situation assessment for the power monitoring system. On the other hand, it can also trace the source of security problems in the power monitoring system, which is convenient for managers to isolate risks quickly and efficiently or take defense strategies.

Luo Cong,Yunsheng Zhao,Ke Xu

DOI: https://doi.org/10.1016/j.cjche.2023.12.014

IF: 3.8

2024-01-01

Chinese Journal of Chemical Engineering

Abstract:The technological revolution has spawned a new generation of industrial systems, but it has also put forward higher requirements for safety management accuracy, timeliness, and systematicness. Risk assessment needs to evolve to address the existing and future challenges by considering the new demands and advancements in safety management. The study aims to propose a systematic and comprehensive risk assessment method to meet the needs of process system safety management. The methodology first incorporates possibility, severity, and dynamicity (PSD) to structure the “51X” evaluation indicator system, including the inherent, management, and disturbance risk factors. Subsequently, the four-tier (risk point-unit-enterprise-region) risk assessment (RA) mathematical model has been established to consider supervision needs. And in final, the application of the PSD-RA method in ammonia refrigeration workshop cases and safety risk monitoring systems is presented to illustrate the feasibility and effectiveness of the proposed PSD-RA method in safety management. The findings show that the PSD-RA method can be well integrated with the needs of safety work informatization, which is also helpful for implementing the enterprise’s safety work responsibility and the government’s safety supervision responsibility.

engineering, chemical

CUI Jianlei,WEN Yunfeng,GUO Chuangxin,WANG Yue,SHENG Kun,HUANG Lianggang

DOI: https://doi.org/10.7500/aeps201206265

2013-01-01

Abstract:This paper presents a detailed description of implementing the risk assessment function module for the power system security risk management system(SRMS).First,a risk index hierarchy for violation driven risk indexes and event driven risk indexes combined is proposed.Then the calculating process of risk indexes and their application strategies for time dimension and spatial dimension are elaborated,respectively.Finally,numerical results of risk assessment in Hunan power system are given.

WANG Wei,LI Chun-ping,LI Jian-bin

DOI: https://doi.org/10.16208/j.issn1000-7024.2007.14.060

2007-01-01

Abstract:Safe field in the information,the risk assessment is foundation and premises that builds up the safe system of the information system,but the risk assessment method rises to the usefulness of the assessment prominent function.The risk assessment method contain a lot of kinds,each method have it the place of the shortage.The risk assessment method adopted threat tree model and analytical hierarchy process that method combine together,made use of two kinds of vantages that assessment method,made up the shortage of the one risk assessment method,the aim is search into a kind of more valid,more reasonable and more accurate risk assessment method.

Qi Wang,Bangfeng Zong,Yong Lin,Zhuangzhuang Li,Xv Luo

DOI: https://doi.org/10.4018/joeuc.326934

2023-07-28

Journal of Organizational and End User Computing

Abstract:With the development of digitalization and Internet technology, enterprise information security is facing more and more challenges. Many enterprises have begun to adopt big data (BD) and artificial intelligence (AI) technology for risk assessment (RA) and prediction to effectively manage information security risks. This article discusses the application of BD and AI technology in enterprise information security management (ISM) and RA from two aspects. Firstly, the mobile payment signature scheme based on number theory research unit is used to improve the security of the mobile payment system. This scheme uses lattice algorithms to achieve fast key generation, signing, and verification and can resist traditional cryptographic attacks. Secondly, a set of enterprise ISM and RA system is established, including risk identification, RA, monitoring and early warning, emergency response, and other links. BD and AI technology is used to analyze internal and external data to provide accurate RA results to achieve automated RA.

information science & library science,management,computer science, information systems

Huifeng Li,Tiecheng Li,Qigui Yao,Weixun Li,Libo Yang,Guanghui Sun

DOI: https://doi.org/10.1088/1742-6596/2137/1/012023

2021-01-01

Journal of Physics Conference Series

Abstract:The security threat of power monitoring system is increasing, it is valuable to carry out effective risk assessment, which helps to find the security threats of the system in time, then carry out security management and avoid disasters. This paper presents a risk assessment method of power monitoring system based on Fuzzy Analytic Hierarchy Process (FAHP) and CVSS. Firstly, Considering the structure and security requirements of power monitoring system, the analytic hierarchy process (AHP) model is established, and CVSS is used to quantify the evaluation indicators. Then, the fuzzy consistent judgment matrix is constructed by using the results of index quantification by using AHP and fuzzy comprehensive evaluation theory, and the power monitoring system is comprehensively evaluated from the bottom to the top. Finally, the risk evaluation value and safety level of the system are obtained. The example shows that the method can effectively overcome the difficulty of AHP in checking the consistency of judgment matrix, and can effectively quantify the system risk, and provide reference and basis for risk management decision-making of power monitoring system.

Yong Zhang,Xiaobin Tan,Hongsheng Xi,Xin Zhao

DOI: https://doi.org/10.1109/wcica.2008.4593320

2008-01-01

Abstract:Real-time risk assessment, forecasting risk trend and dynamic risk management are main contents of the real-time risk management. It is a new research field of information security technology. This paper proposes a novel approach to real-time risk management framework. The framework consists of real-time risk assessment, risk prediction and dynamic risk management. The real-time risk assessment module adopts a multi-perspective evaluation model and it uses the description of system assets, security attacks, vulnerabilities and security services to assess the current risk. The risk prediction module studies the changes of risk and forecasts the future risk with time series model. Risk monitor and security strategy implement dynamic risk management. Risk monitor module monitors the system current risk and its trend. According to the relationship between future risk and risk threshold, it supervises security strategy module to dynamically adjust system security strategy. Security strategy module implements various security strategies and schemas. Simulation results show that the framework is suitable and efficient

Joachim Draeger,Stefan Hahndel

DOI: https://doi.org/10.48550/arXiv.1709.00567

2017-09-02

Systems and Control

Abstract:The manifold interactions between safety and security aspects makes it plausible to handle safety and security risks in an unified way. The paper develops a corresponding approach based on the discrete event systems (DEVS) paradigm. The simulation-based calculation of an individual system evolution path provides the contribution of this special path of dynamics to the overall risk of running the system. Accidentally and intentionally caused failures are distinguished by the way, in which the risk contributions of the various evolution paths are aggregated to the overall risk. The consistency of the proposed risk assessment method with 'traditional' notions of risk shows its plausibility. Its non-computability, on the other hand, makes the proposed risk assessment better suitable to the IT security domain than other concepts of risk developed for both safety and security. Power grids are discussed as an application example and demonstrates some of the advantages of the proposed method.

Wenmin Zhu,Yuanhua Jia

DOI: https://doi.org/10.1088/1755-1315/108/4/042067

2018-01-01

IOP Conference Series: Earth and Environmental Science

Abstract:Based on the risk management theory and the PDCA cycle model, requirements of the railway passenger transport safety production is analyzed, and the establishment of the security risk assessment team is proposed to manage risk by FTA with Delphi from both qualitative and quantitative aspects. The safety production committee is also established to accomplish performance appraisal, which is for further ensuring the correctness of risk management results, optimizing the safety management business processes and improving risk management capabilities. The basic framework and risk information database of risk management information system of railway passenger transport safety are designed by Ajax, Web Services and SQL technologies. The system realizes functions about risk management, performance appraisal and data management, and provides an efficient and convenient information management platform for railway passenger safety manager.