In order to protect the network and evaluate the network security risks automatically, a new multi-agents risk assessment model based on attack graph (MRAMBAG) is presented. First, a network risk assessment model with master-slave agents is established, especially the functional architecture of master-slave agents and the risk association relation analysis process are designed. Then, the attack...

To solve the uncertainty and complexity problems in hazardous chemical storage risk assessment, this paper constructs the evaluation index system and proposed the risk assessment model based on AHP-fuzzy comprehensive evaluation approach, which organically integrate the quantitative and the objectively of the analytic hierarchy process (AHP) and the inclusive advantage of fuzzy comprehensive ev...

Operation risk is the primary risk to rural power company, and it is also an important part of security risk management. The paper establishes a model to assessed risks of standard operation in rural power network, based on Job Risk Analysis (LEC). The example and application of the model in rural power network security risk management system shows that it can realize the real-time assessment o...

2 Introduction 2 1.1 Is the security of quantum encryption indeed robust? 3 1.2 The KLJN secure key exchange system 4 1.1.1 The idealized KLJN scheme and its security 4 1.1.2 The security of the KLJN scheme is based on the Second Law of Thermodynamics 6 1.1.3 On active (invasive) attacks and attacks utilizing non-idealities 8 1.1.4 Foundations of the information theoretic security in practical ...

Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two eleme...

Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about attacks, and constraints on organisational resources. In our earlierwork onRISA (RIsk assessment in S...

This paper presents the main results from a qualitative risk assessment of information security aspects for a new real-time disease surveillance approach in general, and for the Snow surveillance system in particular. All possible security threats and acceptable solutions, and the implications these solutions had to the design of the system, were discussed. Approximately 30 threats were identif...

Vulnerability risk assessment is a crucial process in security management, and the CVSS score is the standard-de-facto risk metric for software vulnerabilities. In this manuscript I show that current risk assessment methodologies do not fit real “in the wild” attack data. I also present my three-steps plan to identify an Internet-scale risk assessment methodology that accounts for attacker econ...

There has been virtually no previous study discussing how external pressures impel banks to stay compliant. These external pressures could be a compelling force driving banks to comply. Hinged on the Neo-Institutional Theory (NIT), this study examines how the external pressures, namely, regulative, normative, and cognitive expectations, drive banks to comply. The research findings reveal that i...

The successful application of the unified power flow controller (UPFC) provides a new control method for the secure and economic operation of power system. In order to make the full use of UPFC and improve the economic efficiency and static security of a power system, a preventive security-constrained power flow optimization method considering UPFC control modes is proposed in this paper. First...