A process-based dependency risk analysis methodology for critical infrastructures

Stergiopoulos, George; Kouktzoglou, Vasilis; Theocharidou, Marianthi; Gritzalis, Dimitris

doi:10.1504/ijcis.2017.10009258

Cited by 3 publications

(1 citation statement)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The continued growth of reports on information security crimes demonstrates this need for further research [7], [8]. ISRA should consider asset dependencies [9], [10]. Asset dependency is the failure of information assets in an organization that can affect other assets that depend on that asset and causes a greater system failure.…”

Section: Introductionmentioning

confidence: 99%

Asset Identification in Information Security Risk Assessment Using Process Mining

Yunizal¹,

Santoso²,

Surendro³

2022

International Journal on Advanced Science, Engineering and Information Technology

View full text Add to dashboard Cite

Information security risk assessment (ISRA) currently has gaps in inadequate asset identification. This activity is still manual, depending on the approach adopted and used, thus leading to subjectivity and inaccuracies. Whereas incorrect identification will lead to inaccurate results. The need to consider the dependency of assets within ISRA, which is still not resolved by ISRA, complicates this. A process perspective that can view assets based on their role in organizational processes rather than physical connections should be able to bridge this gap. Unfortunately, Small and Medium Enterprises (SME) find it difficult to take advantage of this opportunity due to time and cost constraints. This research bridges this gap by providing a process-oriented perspective that uses process mining. It automates asset identification based on historically derived organizational workflows using Legacy Information Systems (LIS) triggers. For rigor and relevance, this research uses a series of design research evaluation stages: problem, design, construct, and usage. Problem evaluation is through the study of related literature. For design evaluation, it made comparisons with asset and process-oriented ISRA and preprocessing of process mining. The construct evaluation by testing the system before and after method implementation. It also considers the method's maximum capability. Meanwhile, usage evaluation through a case study on an inventory system. The contribution offered: (1) integrating process mining with ISRA, (2) making the process-aware LIS without disturbing the running process, (3) preparing an artifact to generate an event log using database trigger, and (4) automating ISRA's asset identification which also considers asset dependency.

show abstract

Section: Introductionmentioning

confidence: 99%

Asset Identification in Information Security Risk Assessment Using Process Mining

Yunizal¹,

Santoso²,

Surendro³

2022

International Journal on Advanced Science, Engineering and Information Technology

View full text Add to dashboard Cite

show abstract

A Security-Aware Framework for Designing Industrial Engineering Processes

et al. 2021

View full text Add to dashboard Cite

Risk Evaluation Using Nominal Group Technique for Cloud Computing Risk Assessment in Healthcare

Zainuddin¹,

Yusuff²,

Samy³

2020

Int. J. Adv. Sci. Eng. Inf. Technol.

View full text Add to dashboard Cite

Emerging of cloud computing with flexibility, improve accessing data, and cost-saving makes this technology accessible and growing fast. As a result of the emergence of cloud computing bring interest to industries to used cloud computing. Although cloud computing brings so many benefits to customers, the previous study reveals that cloud computing penetration in the Healthcare area is still low. With effective cloud risk assessment methodology will gain the confidence to cloud users in this technology. Study in cloud risk assessment methodology still infant and the complexity in identifying security risk still debating. This paper explores the risk assessment process by highlighting the method in the risk evaluation process. Risk evaluation is an essential phase in the risk assessment process. It compares the result from the risk analysis process and determines whether to accept or tolerate the risk criteria to decide on the risk analysis. In this study, the Nominal Group Technique (NGT) is introduced to compare risk analysis results in the earlier phase. Since risk evaluation based on organizational objectives, external and internal context and stakeholders' views, NGT is promising for effective results. This study not only contributing to the prioritizing list of risks and threats in a systematical manner but indirectly NGT process makes stakeholders aware of the current cloud security risk situation in the organization. Equal opportunity expressing views in this focus group discussion is hope can generate a brilliant solution in risk assessment results.

show abstract

A process-based dependency risk analysis methodology for critical infrastructures

Cited by 3 publications

References 26 publications

Asset Identification in Information Security Risk Assessment Using Process Mining

Asset Identification in Information Security Risk Assessment Using Process Mining

A Security-Aware Framework for Designing Industrial Engineering Processes

Risk Evaluation Using Nominal Group Technique for Cloud Computing Risk Assessment in Healthcare

Contact Info

Product

Resources

About