A framework for risk assessment based on analysis of historical information of workflow execution in IT systems

The idea of the ‘wicked problem’ (Churchman, 1967), which advocates a pragmatic oscillation between problem and solution, rather than an attempt to reduce the problem to a series of steps to be followed sequentially, has been particularly helpful to us in conceptualising the relationships between people, organisations and information technology (IT). This conceptualisation was tested in the RAMESES project (Risk Assessment Model: Evaluation Strategy for Existing Systems), using grounded theory (Strauss and Corbin, 1997) as the basis for the methodology. The overall objective of RAMESES is ‘to provide a strategic model for the risk assessment of legacy software systems within SMEs (small-to-medium enterprises) considering business process change.’ Thus the relationship between the organisation, the way its staff carried out its processes, and their legacy IT systems was at the centre of our concerns. This chapter describes how the broad conceptualisation of the problem led to a detailed method to address it and the results available to date.

Download Full-text

Risk Assessment for Cloud-Based IT Systems

Applications and Developments in Grid, Cloud, and High Performance Computing ◽

10.4018/978-1-4666-2065-0.ch001 ◽

2013 ◽

pp. 1-14

Author(s):

Yuyu Chou ◽

Jan Oetting

Keyword(s):

Risk Assessment ◽

Cloud Computing ◽

Full Range ◽

Economic Benefits ◽

Computing Services ◽

It Systems ◽

Attractive Option ◽

Cloud Computing Services ◽

Study Case ◽

Iec 27002

The use of Cloud Computing services is an attractive option to improve IT systems to achieve rapidly and elastically provisioned capability, and also to offer economic benefits. However, companies see security as a major concern in migrating to the Cloud. To bring clarity in Cloud security, this paper presents a systematic approach to manage the risks and analyzes the full range of risk in Cloud Computing solutions. Furthermore, as a study case, Google App Engine Platform is assessed based on ISO/IEC 27002 and OWASP Top 10 Risk List in this paper. Knowing the risks of Cloud solutions, companies can execute well-informed decisions on going into the Cloud and build their Cloud solutions in a secure way, relying on a robust e-trust relationship.

Download Full-text

A concept of standard-based vulnerability management automation for IT systems

Computer Science and Mathematical Modelling ◽

10.5604/01.3001.0009.4500 ◽

2016 ◽

Vol 0 (0) ◽

pp. 33-38 ◽

Cited By ~ 4

Author(s):

Rafał Kasprzyk ◽

Artur Stachurski

Keyword(s):

Risk Assessment ◽

Security Analysis ◽

Enterprise Systems ◽

Quantitative Risk Assessment ◽

Scoring Methods ◽

Security Vulnerabilities ◽

It Systems ◽

Vulnerability Management

The paper focuses on the attempt to show a way of automating IT vulnerability management across enterprise systems with the use of the Security Content Automation Protocol. SCAP offers a set of components which provide, among others, adjustable security checklists, standardised dictionaries of security vulnerabilities and vulnerability scoring methods that may prove valuable for organisations in terms of security analysis activities and quantitative risk assessment.

Download Full-text

Improving Cyber Security with Resilience

Annals of Disaster Risk Sciences ◽

10.51381/adrs.v3i1.43 ◽

2020 ◽

Vol 3 (1) ◽

Author(s):

Dejan Škanata

Keyword(s):

Risk Assessment ◽

Cyber Security ◽

Malicious Attacks ◽

Unauthorized Access ◽

Cyber Threats ◽

It Systems ◽

Management Procedures ◽

New Perspective ◽

Risk Assessment And Management

Cyber security is commonly defined as the practice of protecting computers, networks, programs and data from unauthorized access or malicious attacks that are aimed for exploitation. Hence, cyber security is focused primary on malicious activities prevention and protection from occurring. Prevention and protection objectives have been usually achieved by applying traditional risk assessment and management procedures. Despite these efforts it has been shown that complete security of IT systems and data is almost impossible to achieve. Namely, by increasing number and type of different cyber threats the cyber incidents are becoming inevitable. Thus, even the strong cyber security is not enough anymore. Because of that organizations need to build the cyber resilience which mainly deals with system respond and recovery after disruptive event occurring. Cyber security combined with cyber resilience opens a new perspective towards better overall security of IT systems.

Download Full-text

Applying historical information to flood risk assessment in northeast England – matching methodology to availability and reliability of data

Role of hydrology in managing consequences of a changing global environment ◽

10.7558/bhs.2010.ic01 ◽

2010 ◽

Cited By ~ 1

Author(s):

David Archer

Keyword(s):

Risk Assessment ◽

Flood Risk ◽

Flood Risk Assessment ◽

Historical Information

Download Full-text

Risk Assessment for Cloud-Based IT Systems

Grid and Cloud Computing ◽

10.4018/978-1-4666-0879-5.ch113 ◽

2012 ◽

pp. 272-285

Author(s):

Yuyu Chou ◽

Jan Oetting

Keyword(s):

Risk Assessment ◽

Cloud Computing ◽

Full Range ◽

Economic Benefits ◽

Computing Services ◽

It Systems ◽

Attractive Option ◽

Cloud Computing Services ◽

Study Case ◽

Iec 27002

The use of Cloud Computing services is an attractive option to improve IT systems to achieve rapidly and elastically provisioned capability, and also to offer economic benefits. However, companies see security as a major concern in migrating to the Cloud. To bring clarity in Cloud security, this paper presents a systematic approach to manage the risks and analyzes the full range of risk in Cloud Computing solutions. Furthermore, as a study case, Google App Engine Platform is assessed based on ISO/IEC 27002 and OWASP Top 10 Risk List in this paper. Knowing the risks of Cloud solutions, companies can execute well-informed decisions on going into the Cloud and build their Cloud solutions in a secure way, relying on a robust e-trust relationship.

Download Full-text

A graph-based risk assessment and prediction in IT systems

PRZEGLĄD ELEKTROTECHNICZNY ◽

10.15199/48.2017.01.22 ◽

2017 ◽

Vol 1 (1) ◽

pp. 93-97

Author(s):

Imed FRAY

Keyword(s):

Risk Assessment ◽

It Systems

Download Full-text

A quantitative CVSS-based cyber security risk assessment methodology for IT systems

2017 International Carnahan Conference on Security Technology (ICCST) ◽

10.1109/ccst.2017.8167819 ◽

2017 ◽

Cited By ~ 9

Author(s):

M. Ugur Aksu ◽

M. Hadi Dilek ◽

E. Islam Tatli ◽

Kemal Bicakci ◽

H. Ibrahim Dirik ◽

...

Keyword(s):

Risk Assessment ◽

Cyber Security ◽

Assessment Methodology ◽

Security Risk ◽

It Systems ◽

Security Risk Assessment ◽

Risk Assessment Methodology

Download Full-text

Risk assessment in dentistry

Journal of Dental Education ◽

10.1002/j.0022-0337.1998.62.10.tb03243.x ◽

1998 ◽

Vol 62 (10) ◽

pp. 756-761 ◽

Cited By ~ 2

Author(s):

CW Douglass

Keyword(s):

Risk Assessment

Download Full-text

An overview of caries risk assessment, and its potential utility

Journal of Dental Education ◽

10.1002/j.0022-0337.1995.59.10.tb02976.x ◽

1995 ◽

Vol 59 (10) ◽

pp. 932-940 ◽

Cited By ~ 5

Author(s):

ME Moss ◽

DT Zero

Keyword(s):

Risk Assessment ◽

Potential Utility ◽

Caries Risk ◽

Caries Risk Assessment

Download Full-text