5 research outputs found

    Risk management for port management information systems

    Get PDF
    Port Management Information Systems (Port MIS) are systems that support port managers in the facilitation of port activities. However, little is known about the system and the risk that it presents. Much information is exposed, and security needs to be strengthened. Port MIS helps managers to make decisions relating to the activities that enable effective management and leadership of the port. Inadequate and poor risk management would lead to loss of business and potential loss of human life. This research study focused on the subsystems that make up Port MIS. There is limited research on port management, and more specifically the risks involved in such national assets. The study explored the purpose of such systems and how they contribute to the whole system. The findings and recommendations would benefit port managers both nationally and internationally as globalisation becomes the basis of world trade and economies

    Risk Forecast Using Hidden Markov Models

    Get PDF
    ABSTRACT Today's fast moving technologies create innovative ideas, products, and services, but they also bring with them new security risks. The gap between new technologies and the security needed to keep them from opening up new risks in information systems (ISs) can be difficult to close completely. Changes in ISs are inevitable because computing environments, intentionally or unintentionally, are always changing. These changes bring with them vulnerabilities on new or existing ISs, which cause security states to move between mitigated, vulnerable, and compromised states. In previous work, we introduced the near real-time risk assessment using hidden Markov models (HMMs). This paper applies that theory to a prototype MatLab™ environment

    System Health Monitoring Using a Novel Method: Security Unified Process

    Get PDF

    System health monitoring using a novel method : security unified process

    Get PDF
    Iterative and incremental mechanisms are not usually considered in existing approaches for information security management System (ISMS). In this paper, we propose SUP (security unified process) as a unified process to implement a successful and highquality ISMS. A disciplined approach can be provided by SUP to assign tasks and responsibilities within an organization. The SUP architecture comprises static and dynamic dimensions; the static dimension, or disciplines, includes business modeling, assets, security policy, implementation, configuration and change management, and project management. The dynamic dimension, or phases, contains inception, analysis and design, construction, and monitoring. Risk assessment is a major part of the ISMS process. In SUP, we present a risk assessment model, which uses a fuzzy expert system to assess risks in organization. Since, the classification of assets is an important aspect of risk management and ensures that effective protection occurs, a Security Cube is proposed to identify organization assets as an asset classification model. The proposed model leads us to have an offline system health monitoring tool that is really a critical need in any organization

    A Novel Approach to Determining Real-Time Risk Probabilities in Critical Infrastructure Industrial Control Systems

    Get PDF
    Critical Infrastructure Industrial Control Systems are substantially different from their more common and ubiquitous information technology system counterparts. Industrial control systems, such as distributed control systems and supervisory control and data acquisition systems that are used for controlling the power grid, were not originally designed with security in mind. Geographically dispersed distribution, an unfortunate reliance on legacy systems and stringent availability requirements raise significant cybersecurity concerns regarding electric reliability while constricting the feasibility of many security controls. Recent North American Electric Reliability Corporation Critical Infrastructure Protection standards heavily emphasize cybersecurity concerns and specifically require entities to categorize and identify their Bulk Electric System cyber systems; and, have periodic vulnerability assessments performed on those systems. These concerns have produced an increase in the need for more Critical Infrastructure Industrial Control Systems specific cybersecurity research. Industry stakeholders have embraced the development of a large-scale test environment through the Department of Energy’s National Supervisory Control and Data Acquisition Test-bed program; however, few individuals have access to this program. This research developed a physical industrial control system test-bed on a smaller-scale that provided an environment for modeling a simulated critical infrastructure sector performing a set of automated processes for the purpose of exploring solutions and studying concepts related to compromising control systems by way of process-tampering through code exploitation, as well as, the ability to passively and subsequently identify any risks resulting from such an event. Relative to the specific step being performed within a production cycle, at a moment in time when sensory data samples were captured and analyzed, it was possible to determine the probability of a real-time risk to a mock Critical Infrastructure Industrial Control System by comparing the sample values to those derived from a previously established baseline. This research achieved such a goal by implementing a passive, spatial and task-based segregated sensor network, running in parallel to the active control system process for monitoring and detecting risk, and effectively identified a real-time risk probability within a Critical Infrastructure Industrial Control System Test-bed. The practicality of this research ranges from determining on-demand real-time risk probabilities during an automated process, to employing baseline monitoring techniques for discovering systems, or components thereof, exploited along the supply chain
    corecore