Security risk mitigation for information systems

Information Security Risk Assessment, Aggregation, and Mitigation

As part of their compliance process with the Basel 2 operational risk management requirements, banks must define how they deal with information security risk management. In this paper we describe work in progress on a new quantitative model to assess and aggregate information security risks that is currently under development for deployment. We show how to find a risk mitigation strategy that i...

Software Safety and Security Risk Mitigation in Cyber-physical Systems

A collusion mitigation scheme for reputation systems

Reputation management systems are in wide-spread use to regulate collaborations in cooperative systems. Collusion is one of the most destructive malicious behaviors in which colluders seek to affect a reputation management system in an unfair manner. Many reputation systems are vulnerable to collusion, and some model-specific mitigation methods are proposed to combat collusion. Detection of col...

Identifying Information Security Risk Components in Military Hospitals in Iran

Background and Aim: Information systems are always at risk of information theft, information change, and interruptions in service delivery. Therefore, the present study was conducted to develop a model for identifying information security risk in military hospitals in Iran. Methods: This study was a qualitative content analysis conducted in military hospitals in Iran in 2019. The sample consist...

Security Requirements Driven Risk Assessment for Critical Infrastructure Information Systems

Major information processing and associated value-added services provided by information systems in critical infrastructures are being increasingly used for various purposes irrespective of their security posture. Although several infrastructure-wide standard security Certification and Accreditation (C&A) processes exist, their effectiveness in the real world is challenged by the complexity of ...