Applying Real Options Thinking to Information Security in Networked Organizations

An information security strategy of an organization participating in a networked business sets out the plans for designing a variety of actions that ensure confidentiality, availability, and integrity of company’s key information assets. The actions are concerned with authentication and nonrepudiation of authorized users of these assets. We assume that the primary objective of security efforts in a company is improving and sustaining resiliency, which means security contributes to the ability of an organization to withstand discontinuities and disruptive events, to get back to its normal operating state, and to adapt to ever changing risk environments. When companies collaborating in a value web view security as a business issue, risk assessment and cost-benefit analysis techniques are necessary and explicit part of their process of resource allocation and budgeting, no matter if security spendings are treated as capital investment or operating expenditures. This paper contributes to the application of quantitative approaches to assessing risks, costs, and benefits associated with the various components making up the security strategy of a company participating in value networks. We take a risk-based approach to determining what types of security a strategy should include and how much of each type is enough. We adopt a real-options-based perspective of security and make a proposal to value the extent to which alternative components in a security strategy contribute to organizational resiliency and protect key information assets from being impeded, disrupted, or destroyed

Cybersecurity Risk Analysis of Industrial Automation Systems on the Basis of Cognitive Modeling Technology

The issues of procuring the cybersecurity of modern industrial systems and networks acquire special urgency because of imperfection of their protection tools and presence of vulnerabilities. International standards ISA/IEC 62443 offer the system risk-oriented approach to solve the tasks of providing the security of industrial control systems (ICS) at all stages of life cycle. But in view of high uncertainty and complexity of procedure of formalizing the factors affecting the final indices of system security, the problem of cybersecurity risk assessment remains open and requires applying new approaches based on the technology of data mining and cognitive modeling. Cognitive modeling of risk assessment using fuzzy grey cognitive maps (FGCM) allows us to take into account the uncertainty factor arising in the process of vulnerability probability assessment for each of security nodes. The interval estimates of FGCM connection weights can reflect the scatter of expert group opinions that allows us to take into account more completely the data available for risk analysis. The main stages of ICS security assessment with use of FGCM are analyzed in the chapter on the example of distributed industrial automation network. The recommendations concerning the choice of the necessary countermeasures improving the level of network security in the conditions of possible external and internal threats are considered

Increasing Distributed IT&C Application Security

The development of distributed IT & C applications – DIA is presented alongside their main characteristics and the actors involved in activities through-out their lifecycle are identified in the before-mentioned scope. Aspects pertaining security risks, as well as methods of enhancing security, are detailed by DIA architectural features. The analysis includes risk elements, vulnerabilities, means of enhancing the behavior of the system, as well as a hierarchical feature dependency model based on a qualitative assessment of DIA security features, obtained through an inquiry in the common means of protection used by Romanian professionals, as well as their prioritization in the context of limited resources. A graph-based model of feature interactions is built. The last section deals with the ways of improving risk detection methods, as derived from the answers and features presented

An Energy Community for Territorial Resilience: Measurement of the Risk of an Energy Supply Blackout

The Clean Energy Package is aimed at making the energy transition recommended by the European Union more competitive. Such an energy transition can be achieved through a variety of measures aimed at improving the security, sustainability and competitiveness of energy supply systems. These measures include the introduction of physical and regulatory infrastructures that are adequate to satisfy the energy market requirements, integrate renewable energies and ensure security of the energy supply. A risk-based approach is generally suggested for the electricity sector to prevent and manage electricity problems. A risk-based methodology is proposed in this work, and an assessment has been made of the first “oil free zone” in North-West of Italy, which is located in the Pinerolo area (near Turin). A quantitative risk analysis method was conducted considering the risk of blackouts on the national electricity grid, the probability of such occurrences, the extent of damage and the risk of exposure. The risk assessment was applied through a place-based approach, considering different types of stakeholders: private and public consumers, producers and prosumers. The risks of the analysed case study were then compared with their tolerability limits and assessed for different scenarios to reduce the risk of energy supply blackouts, including: a reduced energy consumption, an increased energy production, and an optimised energy supply and demand. The possibility of establishing an energy community was considered in the latter scenario. The results show that all the actions taken to reduce the risk of energy supply blackouts produce different results, depending on the considered user. All the stakeholders can benefit from participation in the energy community, not only from an environmental point of view, through the production of energy from renewable sources, but also from an economic one. These results are in line with what the European Community and the Italian “Integrated National Plan for Energy and Climate” currently require, in terms of energy transition, pertaining to the sustainable development of a territory

Pareto improving social security reform when financial markets are incomplete!?

This paper studies an overlapping generations model with stochastic production and incomplete markets to assess whether the introduction of an unfunded social security system leads to a Pareto improvement. When returns to capital and wages are imperfectly correlated a system that endows retired households with claims to labor income enhances the sharing of aggregate risk between generations. Our quantitative analysis shows that, abstracting from the capital crowding-out effect, the introduction of social security represents a Pareto improving reform, even when the economy is dynamically effcient. However, the severity of the crowding-out effect in general equilibrium tends to overturn these gains. Klassifikation: E62, H55, H31, D91, D58 . April 2005