96,478 research outputs found
Estimating ToE Risk Level using CVSS
Security management is about calculated risk and requires continuous evaluation to ensure cost, time and resource effectiveness. Parts of which is to make future-oriented, cost-benefit investments in security. Security investments must adhere to healthy business principles where both security and financial aspects play an important role. Information on the current and potential risk level is essential to successfully trade-off security and financial aspects. Risk level is the combination of the frequency and impact of a potential unwanted event, often referred to as a security threat or misuse. The paper presents a risk level estimation model that derives risk level as a conditional probability over frequency and impact estimates. The frequency and impact estimates are derived from a set of attributes specified in the Common Vulnerability Scoring System (CVSS). The model works on the level of vulnerabilities (just as the CVSS) and is able to compose vulnerabilities into service levels. The service levels define the potential risk levels and are modelled as a Markov process, which are then used to predict the risk level at a particular time
Recommended from our members
Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems
Evaluating cost taxonomies for information systems management
The consideration of costs, benefits and risks underpin many Information System (IS) evaluation decisions. Yet, vendors
and project-champions alike tend to identify and focus much of their effort on the benefits achievable from the
adoption of new technology, as it is often not in the interest of key stakeholders to spend too much time considering
the wider cost and risk implications of enterprise-wide technology adoptions. In identifying a void in the literature, the
authors of the paper present a critical analysis of IS-cost taxonomies. In doing so, the authors establish that such cost
taxonomies tend to be esoteric and difficult to operationalize, as they lack specifics in detail. Therefore, in developing a
deeper understanding of IS-related costs, the authors position the need to identify, control and reduce IS-related costs
within the information systems evaluation domain, through culminating and then synthesizing the literature into a
frame of reference that supports the evaluation of information systems through a deeper understanding of IS-cost taxonomies.
The paper then concludes by emphasizing that the total costs associated with IS-adoption can only be determined
after having considered the multi-faceted dimensions of information system investments
Recommended from our members
Business model requirements and challenges in the mobile telecommunication sector
The telecommunications business is undergoing a critical revolution, driven by innovative technologies, globalization, and deregulation. Cellular networks and telecommunications bring radical changes to the way telecom businesses are conducted. Globalization, on the other hand, is tearing down legacy barriers and forcing monopolistic national carriers to compete internationally. Moreover, the noticeable progress of many countries towards deregulation coupled with liberalization is significantly increasing telecom market power and allowing severe competition. The implications of this transition have changed the business rules of the telecom industry. In addition, entrants into the cellular industry have had severe difficulties due to inexistent or weak Business Models (BMs). Designing a BM for a mobile network operator is complex and requires multiple actors to balance different and often conflicting design requirements. Hence, there is a need to enhance operatorsâ ability in determining what constitutes the most viable business model to meet their strategic objectives within this turbulent environment. In this paper, the authors identify the main mobile BM dimensions along with their interdependencies and further analysis provides mobile network operators with insights to improve their business models in this new âboundary-lessâ landscape
Recommended from our members
Energy Information Systems: From the Basement to the Boardroom
A significant buildings energy reduction opportunity exists in the office sector, given that this market segment typically is an early adopter of new technology. There is a rising trend towards smart and connected offices through the internet of things (IoT) that provides new opportunities for operational efficiency and environmental sustainability practices. Leading commercial real estate companies have begun to shift from individual building automation systems (BAS) to partially integrated and automated systems such as energy information systems (EIS). In both the United States and India, organizations are seeking operational excellence, enhanced tenant relationships, and topline growth. Hence it is imperative to engage the executives with decision-making power, by tapping into their interest in sustainability, corporate social responsibility, and innovation. This expansion of interest can enable data-driven decisions, strong energy investments, and deeper energy benefits, and would drive innovation in this field. However, none of this would be possible without robust, consistent building energy information to provide visibility across all the levels of decision making, i.e. from the basement where the facilities staff take operational action to the boardroom where the executives make investment decisions.
Price, security, and ease of use remain barriers to the adoption and pervasive use of promising EIS technologies in commercial office buildings. We believe that these barriers can be addressed through the development of ready, simplified, consistent, commercially available, low-cost EIS-in-a-box packages, that have a pre-defined set of hardware components and software features and functionality that are pertinent to a particular building sector. These simplified, sector-specific EIS packages can help to obviate the need for customization, and enhance ease of use, thereby enabling scale-up, in order to facilitate building energy savings. The EIS-in-a-box are adaptable in both U.S. and Indian office buildings, and potentially beyond these two countries
Big Data and the Internet of Things
Advances in sensing and computing capabilities are making it possible to
embed increasing computing power in small devices. This has enabled the sensing
devices not just to passively capture data at very high resolution but also to
take sophisticated actions in response. Combined with advances in
communication, this is resulting in an ecosystem of highly interconnected
devices referred to as the Internet of Things - IoT. In conjunction, the
advances in machine learning have allowed building models on this ever
increasing amounts of data. Consequently, devices all the way from heavy assets
such as aircraft engines to wearables such as health monitors can all now not
only generate massive amounts of data but can draw back on aggregate analytics
to "improve" their performance over time. Big data analytics has been
identified as a key enabler for the IoT. In this chapter, we discuss various
avenues of the IoT where big data analytics either is already making a
significant impact or is on the cusp of doing so. We also discuss social
implications and areas of concern.Comment: 33 pages. draft of upcoming book chapter in Japkowicz and Stefanowski
(eds.) Big Data Analysis: New algorithms for a new society, Springer Series
on Studies in Big Data, to appea
Virtual Integration Platforms (VIP) âA Concept for Integrated and Interdisciplinary Air Transportation Research and Assessment
The paper descibes a new methodology for a holistic development of air transportation concepts. The Virtual Integration Plattform (VIP) concept is based on an IT tool chain as well as human collaborative methods to deal with complex systems. As a result the definitions of future air transportation concepts for short range "Quiet and Clean", long range "Comfortable and Clean" and individual transport "Fast and Flexible" are presente
- âŚ