Risk based multi-objective security control and congestion management

Deterministic security criterion has served power system operation, congestion management quite well in last decades. It is simple to be implemented in a security control model, for example, security constrained optimal power flow (SCOPF). However, since event likelihood and violation information are not addressed, it does not provide quantitative security understanding, and so results in system inadequate awareness. Therefore, even if computation capability and information techniques have been greatly improved and widely applied in the operation support tool, operators are still not able to get rid of the security threat, especially in the market competitive environment.;Probability approach has shown its strong ability for planning purpose, and recently gets attention in operation area. Since power system security assessment needs to analyze consequence of all credible events, risk defined as multiplication of event probability and severity is well suited to give an indication to quantify the system security level, and congestion level as well. Since risk addresses extra information, its application for making BETTER online operation decision becomes an attractive research topic.;This dissertation focus on system online risk calculation, risk based multi-objective optimization model development, risk based security control design, and risk based congestion management. A regression model is proposed to predict contingency probability using weather and geography information for online risk calculation. Risk based multi-objective optimization (RBMO) model is presented, considering conflict objectives: risks and cost. Two types of method, classical methods and evolutionary algorithms, are implemented to solve RBMO problem, respectively. A risk based decision making architecture for security control is designed based on the Pareto-optimal solution understanding, visualization tool and high level information analysis. Risk based congestion management provides a market lever to uniformly expand a security VOLUME , where greater volume means more risk. Meanwhile, risk based LMP signal contracts ALL dimensions of this VOLUME in proper weights (state probabilities) at a time.;Two test systems, 6-bus and IEEE RTS 96, are used to test developed algorithms. The simulation results show that incorporating risk into security control and congestion management will evolve our understanding of security level, improve control and market efficiency, and support operator to maneuver system in an effective fashion

Information Security Analysis of Online Education Management System using Information Technology Infrastructure Library Version 3

The rapid development of information affects many aspects of human life. So that the field of information security becomes one aspect that must be considered. This study aims to measure the information security awareness and to improve daily operational activities of managing IT services effectively and efficiently. Salemba Adventist Academy has used the Wium Online Education Management System (WIOEM) online system, but in its implementation the security aspects of the system are not yet known. The Information Technology Infrastructure Library (ITIL) v3 framework which is globally recognized for managing information technology is broken down into five parts: Service Strategy, Service Design, Service Transition, Service Operation, Continual Service Improvement. This study focuses on Service Operations with 4 attributes, namely: Security, Privacy, Risk, and Trust. The data collection method used by the researcher was through observation in the form of a questionnaire in taking the number of samples to several students by taking population samples using the Lemeshow method. After the data were collected, the results of the ITIL indicator questionnaire are calculated based on the data security level. The results show that the Security indicator is Level 1, the Privacy indicator is level 3, the Risk indicator is level 3, and the Trust indicator is level 4 on the Data Security Level scale. This shows that the WIOEM system can be used properly according to user expectations and meets several levels of data security according to ITIL v3 framework.   &nbsp

Implementation of ISO Frameworks to Risk Management in IPv6 Security

The Internet of Things is a technology wave sweeping across various industries and sectors. It promises to improve productivity and efficiency by providing new services and data to users. However, the full potential of this technology is still not realized due to the transition to IPv6 as a backbone. Despite the security assurances that IPv6 provides, privacy and concerns about the Internet of Things remain. This is why it is important that organizations thoroughly understand the protocol and its migration to ensure that they are equipped to take advantage of its many benefits. Due to the lack of available IPv4 addresses, organizations are in an uncertain situation when it comes to implementing IoT technologies. The other aim is to fill in the gaps left by the ISO to identify and classify the risks that are not yet apparent. The thesis seeks to establish and implement the use of ISO to manage risks. It will also help to align security efforts with organizational goals. The proposed solution is evaluated through a survey that is designed to gather feedback from various levels of security and risk management professionals. The suggested modifications are also included in the study. A survey on the implementation of ISO frameworks to risk management in IPv6 was conducted and with results as shown in the random sampling technique that was used for conducting the research a total of 75 questionnaires were shared online, 50 respondents returned responses online through emails and social media platforms. The result of the analysis shows that system admin has the highest pooling 26% of all the overall participants, followed by network admin with 20%, then cybersecurity specialists with 16%. 14% of the respondents were network architects while senior management and risk management professionals were 4% and 2% respectively. The majority of the respondents agreed that risk treatment enhances the risk management performance of the IPv6 network resulting from the proper selection and implementation of correct risk prevention strategies

Enhancing Security of Android Phones

Use of mobile commerce for commerce for conducting commercial transactions online is increasing rapidly. A wide range of wireless devices which includes mobile phones, tablets provide an easier way for mobile payments and M-commerce. Risk associated with such devices such as loss of private information is also increasing. The basic requirement for using secure M-Commerce application is a secure mobile operating system. Without a security feature or secure application on the device, it is not possible to have secure Mobile-transaction. Among many operating system used for mobile devices, android operating systems are widely used. Though Android Systems are good in memory management they are also vulnerable to security attacks. Such security attacks make the phone unusable, cause unwanted SMS/MMS (short message service/ multimedia messaging service) billing, or expose private information. There are two doors for attacker to attack a smart phone. The first is to get users to download, install, and run software that contain unethical codes such as virus, worms etc. and the other is to attack device directly by using software vulnerabillties. This paper presents security assessment for Android with an overview of security architecture for android. The Paper also list various threats to android devices and there countermeasures

The design and evaluation of a user-centric information security risk assessment and response framework

Abstract: The risk of sensitive information disclosure and modification through the use of online services has increased considerably and may result in significant damage. As the management and assessment of such risks is a well-known discipline for organizations, it is a challenge for users from the general public. Users have difficulties in using, understanding and reacting to security-related threats. Moreover, users only try to protect themselves from risks salient to them. Motivated by the lack of risk assessment solutions and limited impact of awareness programs tailored for users of the general public, this paper aims to develop a structured approach to help in protecting users from threats and vulnerabilities and, thus, reducing the overall information security risks. By focusing on the user and that different users react differently to the same stimuli, the authors developed a user-centric risk assessment and response framework that assesses and communicates risk on both user and system level in an individualized, timely and continuous way. Three risk assessment models were proposed that depend on user-centric and behavior-related factors when calculating risk. This framework was evaluated using a scenario-based simulation of a number of users and results analyzed. The analysis demonstrated the effectiveness and feasibility of the proposed approach. Encouragingly, this analysis provided an indication that risk can be assessed differently for the same behavior based upon a number of user-centric and behavioral-related factors resulting in an individualized granular risk score/level. This granular risk assessment, provided a more insightful evaluation of both risk and response. The analysis of results was also useful in demonstrating how risk is not the same for all users and how the proposed model is effective in adapting to differences between users offering a novel approach to assessing information security risks

ANALYSIS OF BANK PERFORMANCE WITH INFORMATION TECHNOLOGY PERSPECTIVE

XYZ Bank provides several digital banking services for various segments, including the D-Bank mobile banking application, XYZ Online Banking, D-Card Mobile for credit card management, D-Financial for SMEs, D-BisMart. for the supply chain, as well as XYZ Trade Connect and Cash Connect for various customer businesses. It is known that 1) IT risk on the D-Bank application is still high. This can be seen from the number of risk events for IT system failure in its application. 2) The handling of IT problems is still not optimal, this can be seen from customer complaints that often reappear in the D-Bank application, such as failed logins, failed transactions and slow performance. 3) Lack of handling of IT Security services. This can be seen from the number of cyber-attacks that have successfully entered the D-Bank application. The final result shows that there are several domains and principles that need to be considered by management in order to improve the performance of information technolog

ANALYSIS OF UNIVERSITY HELPDESK INFORMATION TECHNOLOGY GOVERNANCE USING COBIT 2019 AND FUZZY AHP

University Helpdesk as an information system service provider provided by PTIPD University assists students, staff, and lecturers in solving problems using information systems and networks, as well as updating information online and offline. Based on the Regulation Minister of Religion of the Republic of Indonesia Number 17 of 2013 to improve the quality of university delivery and services, and GUG (Good University Governance) implementation, governance framework is needed to align the vision, mission, and objectives. IT governance framework covering management, operational, maintenance, monitoring, and evaluation processes. The analysis of IT governance with COBIT 2019 resulted in the preparation of recommendations based on the mapping of the domain (area) of the 2019 COBIT design factors. These recommendations are needed for an analysis of the maturity level of PTIPD university helpdesk information technology governance. The research data were taken from annual reports and Key Performance Indicators, observations, and interviews. Based on Design Factors 1-11 to determine domain area, the result is needing improved governance perspective APO12-Managed Risk and DSS05-Managed Security Services. The focus area is risk management and service security management in terms of data and information. The expected ability level is at level 4, while the current ability level analysis is at level 2, the gap level analysis is 2 levels different. The result is to get 12 recommendations and 2 main recommendations using the Fuzzy-AHP method based on the weighting of the criteria of Regulation number 12 of 2012 the management of information technology in university

Information System Policy of Web-based Patient Safety Incident Reporting Information System at RSJ Prof Dr. Soerojo Magelang

Abstract. To provide security to their patients, healthcare providers use a system for patient safety which includes risk reporting and analysis of incidents, identification and management of risks, and the ability to learn about events that have occurred. According to the 2017 patient safety data at Prof. Dr. Soerojo Psychiatric Hospital, 7% of patient safety incidents at the hospital required a Root Cause Analysis. To aid the process, an online information system is necessary. This research was qualitative research that used the waterfall method for the information syntax. This involved planning, analysis, design, implementation, and system. From there, the data was then evaluated based on its accessibility, completeness, accuracy, and speed. The qualitative data was gathered through questionnaires, in-depth interviews, and unstructured interviews with selected informants. 26 informants were involved in this research, this included the reporters, the Patient Safety (KPRS) Team, and the hospital management board. Results of the would then produce recommendations on how to handle the problems found. Based on the data gathered, we discovered that after the application of the information system, the hospital experienced a 53.8% increase in patient safety

Extensible Performance-Aware Runtime Integrity Measurement

Today\u27s interconnected world consists of a broad set of online activities including banking, shopping, managing health records, and social media while relying heavily on servers to manage extensive sets of data. However, stealthy rootkit attacks on this infrastructure have placed these servers at risk. Security researchers have proposed using an existing x86 CPU mode called System Management Mode (SMM) to search for rootkits from a hardware-protected, isolated, and privileged location. SMM has broad visibility into operating system resources including memory regions and CPU registers. However, the use of SMM for runtime integrity measurement mechanisms (SMM-RIMMs) would significantly expand the amount of CPU time spent away from operating system and hypervisor (host software) control, resulting in potentially serious system impacts. To be a candidate for production use, SMM RIMMs would need to be resilient, performant and extensible. We developed the EPA-RIMM architecture guided by the principles of extensibility, performance awareness, and effectiveness. EPA-RIMM incorporates a security check description mechanism that allows dynamic changes to the set of resources to be monitored. It minimizes system performance impacts by decomposing security checks into shorter tasks that can be independently scheduled over time. We present a performance methodology for SMM to quantify system impacts, as well as a simulator that allows for the evaluation of different methods of scheduling security inspections. Our SMM-based EPA-RIMM prototype leverages insights from the performance methodology to detect host software rootkits at reduced system impacts. EPA-RIMM demonstrates that SMM-based rootkit detection can be made performance-efficient and effective, providing a new tool for defense

Rancang Bangun Aplikasi Pengelolaan Data Harga Pangan Di Dinas Ketahanan Pangan Provinsi Kalimantan Tengah Berbasis Web

Technological developments greatly affect all aspects of human life, one of which is in the field of government. Currently, the food distribution sector in the food price division at the Central Kalimantan Province Food Security Service still uses excel as a medium for managing price data for reporting. This causes several problems, namely the processed data has not been integrated so that it takes time to process the price data recapitulation at the Service, slows down the performance of employees in making reports, and the risk of losing data is quite large. To overcome this problem, an application was made that can help employees/agencies to manage integrated food price data, search and make reports online through the website. The purpose of this research is to design and build a web-based food price data management application at the Food Security Service of Central Kalimantan Province. The system development method used in this research is the waterfall model, with the stages of Requirements Analysis and Definition, System and Software Design, Implementations and Unit Testing, Integration and System Testing, and Operation and Maintenance. Modeling systems and databases using Data Flow Diagrams and Entity Relationship Diagrams. This application consists of 2 (two) users, namely the provincial admin and the district admin. This application helps employees/agencies to manage food price data, search and report generation more easily and accurately