Abstract:Remote health monitoring systems are used to audit implantable medical devices or patients’ health in a non-clinical setting. These systems are prone to cyberattacks exploiting their critical vulnerabilities. Thus, threatening patients’ health and confidentiality. In this paper, a pacemaker automatic remote monitoring system (PARMS) is modeled using architecture analysis and design language (AADL), formally characterized, and checked using the JKind model checker tool. The generated attack graph is visualized … Show more
“…Shen et al (2020) designed remote monitoring and auditing cloud platform. Ibrahim et al (2020) provided IoT devices security control methods for remote health monitoring and auditing. Also, Aydarov et al (2019) presented the results of the development and implementation of the remote monitoring system for audit and quality assessment of car‐service industry.…”
Business process modeling and implementation has taken researchers' attention for almost 30 years, since Hammer and Champy published in 1992 their book on business process reengineering. Process management proponents mostly focused on the system approach and workflow modeling. In this paper, we would like to emphasize the issues of business process paradigm development. This paper's aim is to confront workflow modeling with case management. These two approaches have different purposes, although, through their application, the process paradigm change is presented. This study methodology covers the literature survey (LS) and case study. The LS on the application of Case Management Model Notation (CMMN) is included to answer the question for what purposes CMMN is applied. The empirical part covers a case study on remote audit (e-audit) process modeling. Further, a discussion on the strengths and weaknesses of e-audit process is included. Final conclusions concern the transformability of process modeling methodologies. This paper contributes to process management theory with explanations of how and why specific e-audit processes are developed and how they expand process managers' practices. The e-audit activities are included in step-by-step processes as well as in the case management model to improve knowledge sharing and practice improvement.
| INTRODUCTIONBusiness processes are considered as core assets of many social entities, which focus on process identification, management, controlling, and governance. The processes should respond to the market demand and change according to the requirements of their various actors and to build and maintain the business competitive advantage. Kahloun and Ayachi-Ghannouchi (2020) argue that business process modeling is to support communication among business stakeholders. Modeling the processes for management means establishing their regulatory power and their value for the business. Business process management (BPM) consists of several phases, such as process conceptualization, design, implementation, application, evaluation, and referencing (Reif et al., 2019). By modeling a cyclical sequence of business processes, analysts integrate functionalist and social perspectives on BPM. This paper is organized as follows. Section 1 covers the introduction to process paradigm discussion and an analysis of ISO standards on process modeling. This section also includes the presentation of process modeling concepts and notations. In Section 2, the Literature Survey (LS) on Case Management Model and Notation (CMMN) is located.Section 2 includes also a LS on remote audits and presentation of remote audit case study. The e-audit guidelines are discussed, and its activities are modeled in CMMN and in Business Process Model and Notation (BPMN) in Section 3. This section evaluates the feasibility and potential gain of this approach by discussing how this approach and Camunda tool can be applied to model the internal audit processes realized in a virtual environment. In Section 4, there are resu...
“…Shen et al (2020) designed remote monitoring and auditing cloud platform. Ibrahim et al (2020) provided IoT devices security control methods for remote health monitoring and auditing. Also, Aydarov et al (2019) presented the results of the development and implementation of the remote monitoring system for audit and quality assessment of car‐service industry.…”
Business process modeling and implementation has taken researchers' attention for almost 30 years, since Hammer and Champy published in 1992 their book on business process reengineering. Process management proponents mostly focused on the system approach and workflow modeling. In this paper, we would like to emphasize the issues of business process paradigm development. This paper's aim is to confront workflow modeling with case management. These two approaches have different purposes, although, through their application, the process paradigm change is presented. This study methodology covers the literature survey (LS) and case study. The LS on the application of Case Management Model Notation (CMMN) is included to answer the question for what purposes CMMN is applied. The empirical part covers a case study on remote audit (e-audit) process modeling. Further, a discussion on the strengths and weaknesses of e-audit process is included. Final conclusions concern the transformability of process modeling methodologies. This paper contributes to process management theory with explanations of how and why specific e-audit processes are developed and how they expand process managers' practices. The e-audit activities are included in step-by-step processes as well as in the case management model to improve knowledge sharing and practice improvement.
| INTRODUCTIONBusiness processes are considered as core assets of many social entities, which focus on process identification, management, controlling, and governance. The processes should respond to the market demand and change according to the requirements of their various actors and to build and maintain the business competitive advantage. Kahloun and Ayachi-Ghannouchi (2020) argue that business process modeling is to support communication among business stakeholders. Modeling the processes for management means establishing their regulatory power and their value for the business. Business process management (BPM) consists of several phases, such as process conceptualization, design, implementation, application, evaluation, and referencing (Reif et al., 2019). By modeling a cyclical sequence of business processes, analysts integrate functionalist and social perspectives on BPM. This paper is organized as follows. Section 1 covers the introduction to process paradigm discussion and an analysis of ISO standards on process modeling. This section also includes the presentation of process modeling concepts and notations. In Section 2, the Literature Survey (LS) on Case Management Model and Notation (CMMN) is located.Section 2 includes also a LS on remote audits and presentation of remote audit case study. The e-audit guidelines are discussed, and its activities are modeled in CMMN and in Business Process Model and Notation (BPMN) in Section 3. This section evaluates the feasibility and potential gain of this approach by discussing how this approach and Camunda tool can be applied to model the internal audit processes realized in a virtual environment. In Section 4, there are resu...
“…Approaches based on graphs represent a common solution in security assessment research (see, e.g., [6], [12], [23]- [40]). Many papers customize these approaches to the specific technologies, such as smart grids [6], medical devices [29], smart infrastructures [30], web technologies [31], cloud environments [40].…”
The pervasiveness of complex technological infrastructures and services coupled with the continuously evolving threat landscape poses new sophisticated security risks. These risks are mostly associated with many diverse vulnerabilities related to software or hardware security flaws, misconfigurations and operational weaknesses. In this scenario, a timely assessment and mitigation of the security risks affecting technological environments are of paramount importance. To cope with these compelling issues, we propose an AI-assisted methodological framework aimed at evaluating whether the target environment is vulnerable or safe. The framework is based on the combined application of graph-based and machine learning techniques. More precisely, the components of the target together with their vulnerabilities are represented by graphs whose analysis identifies the attack paths associated with potential security threats. Machine learning techniques classify these paths and provide the security assessment of the target. The experimental evaluation of the proposed framework was performed on 220 artificially generated Active Directory environments, half of which injected with vulnerabilities. The results of the classification process were generally good. For example, the F1-score obtained by the Random Forest classifier for the assessment of vulnerable networks was equal to 0.91. These results suggest that our approach could be applied for automating the security assessment procedures of complex networked environments.
“…However, no thorough study has addressed IoT vulnerabilities and their evaluation using attack graphs. Although some papers capture both attack graphs and IoT [3], [34], they either do not cover certain topics, such as the parameters of the IoT network used to develop the attack graph [8], [17], [35], [48], [52], [54], [57], [68], [69] and the methods and tools used for visualizing the model, framework, or application [6], [16], [27], [30], [37], [39], [40], [62], or are no longer fully relevant due to the rapidly evolving domain. This survey paper is needed because IoT systems are becoming increasingly complex and pervasive in our daily lives, making it crucial to ensure their security.…”
Vulnerability assessment in industrial IoT networks is critical due to the evolving nature of the domain and the increasing complexity of security threats. This study aims to address the existing gaps in the literature by conducting a comprehensive survey on the use of attack graphs for vulnerability assessment in IoT networks. Attack graphs serve as a valuable cybersecurity tool for modeling and analyzing potential attack scenarios on systems, networks, or applications. The survey covers the research conducted between 2016 and 2021(34 peer-reviewed journal articles and 28 conference papers), identifying and categorizing the main methodologies and technologies employed in generating and analyzing attack graphs. In this review, core modeling techniques for IoT vulnerability assessment are highlighted, such as Markov Decision Processes (MDP), Feature Pyramid Networks (FPN), K-means clustering, and logistic regression models, along with other techniques involving genetic algorithms like fast-forward (FF), contingent fast-forwards (CFF), advanced reinforcement-learning algorithms, and HARMs models. The evaluation of the performance of these attack graph models using IoT networks or devices as case studies is also emphasized. This survey provides valuable insights into the state-of-the-art attack graph techniques for IoT network vulnerability assessment, identifying various applications, performances, research opportunities, and challenges. As a reference source, it serves to inform academicians and practitioners interested in leveraging attack graphs for IoT network vulnerability assessment and guides future research directions in this area.INDEX TERMS Attack graph, the Internet of Things, network vulnerabilities, vulnerability assessment.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.