A methodology for cost‐benefit analysis of information security technologies

Zeng, Wen

doi:10.1002/cpe.5004

Cited by 7 publications

(4 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These studies did not consider the threats and risks of the systems. In references 19,20, it was presented a methodology that uses Petri nets to examine the nonproductive time in the organizations by implementing information security technologies. However, the general risks and threats were not discussed in these papers.…”

Section: Related Workmentioning

confidence: 99%

Model‐based risk assessment evaluation

Germanos

Zeng

2022

Security and Privacy

Self Cite

View full text Add to dashboard Cite

Risk assessment (RA) belongs to the core parts of an organizational risk management process. The primary goals of a RA are the identification, estimation and prioritization of risk(s) to organizational operations. The existing quantitative analysis of RA is focusing on the risk factors, that is, threat or vulnerability. However, the quantitative metrics of the assessment have not been formally defined and modeled yet. Consequently, it is essential to define a formal model and relevant security metrics for RA within an organization. In this study, we will use a complete lattice to analyze risk factors. Moreover, a formal model will be defined to describe the RA process. The reachability of the model will be discussed.Quantitative metrics will be defined to provide insight on the risk estimation.The model can be expressed using colored Petri nets. This study can assist chief information security officers analyze security risks in their organizations and help them balance the security budget in their organizations.

show abstract

Section: Related Workmentioning

confidence: 99%

Model‐based risk assessment evaluation

Germanos

Zeng

2022

Security and Privacy

Self Cite

View full text Add to dashboard Cite

show abstract

“…There are some existing work on role-based access control and attributed-based access control. [35,36] investigated that access control policies and technologies would affect the productivity of the organizations. [11] implemented location attribute into RBAC by assigning privileges to resources based on the attribute values of the resources, and roles to users based on user attributes.…”

Section: Access Control In Cloud Computingmentioning

confidence: 99%

How Location-Aware Access Control Affects User Privacy and Security in Cloud Computing Systems

Zeng¹,

Bashir²,

Wood³

et al. 2020

EAI Endorsed Transactions on Cloud Systems

Self Cite

View full text Add to dashboard Cite

The use of cloud computing (CC) is rapidly increasing due to the demand for internet services and communications. The large number of services and data stored in the cloud creates security risks due to the dynamic movement of data, connected devices and users between various cloud environments. In this study, we will develop an innovative prototype for location-aware access control and data privacy for CC systems. We will apply location-aware access control policies to role-based access control of Cloud Foundry, and then analyze the impact on user privacy after implementing these policies. This innovation can be used to address the security risks introduced by inter-cloud use and communication, and will have significant impact in making citizen's personal data more secure.

show abstract

“…Mitigating these risks is to reduce the impact of risks caused by undesirable things such as excess IT itself. This is reinforced by Zeng (2019), which underscores the importance of providing risk mitigation as a follow-up to IT implementation.…”

Section: Introductionmentioning

confidence: 99%

Implementation of risk management in library information system at Surabaya City Library

Santoso,

Mukhlis

2023

J. Kaji. Inf. Perpust.

View full text Add to dashboard Cite

Libraries may be at risk of data security issues. The threat of data loss or data damage is prone to occur in libraries. Information technology embedded in libraries has developed Artificial Intelligence (AI) for information retrieval systems. The application of information technology in the Surabaya City Library has potential risks to data security and force majeure aspects so that need a disaster mitigation plant. This study aimed to implement information system risk management at Surabaya City Libraries as a disaster mitigation plan. The research method was descriptive qualitative. Based on the risk analysis, the recommendations for applying risk to information technology Surabaya City Library were elimination and engineering. The manifestation of these two recommendations made the data access protocol use multiple authentications to avoid data theft attempts due to infiltration, hacking, and cracking. Study results recommended a protocol for each data access. The protocol would save every change, deletion, and system login in the log history. Implementing data authentication twice per login can avoid data theft caused by the intrusion. This activity log is used for activity tracking when the system is infiltrated. The limitation of this study lies in the scope of the research object, namely the library, which has limitations on the system or application used and does not impact the wider community. Conclusion of research, the library can implement risk management strategy with elimination and engineering models through recording system login activities, which mitigate the risk of data breaches originating from insiders.

show abstract

A methodology for cost‐benefit analysis of information security technologies

Cited by 7 publications

References 43 publications

Model‐based risk assessment evaluation

Model‐based risk assessment evaluation

How Location-Aware Access Control Affects User Privacy and Security in Cloud Computing Systems

Implementation of risk management in library information system at Surabaya City Library

Contact Info

Product

Resources

About