Knowledge-based information security risk assessment method

Guan, Ji-zheng; Lei, Mingtao; Xiao-lu, Zhu

doi:10.1016/s1005-8885(13)60220-4

Cited by 5 publications

(3 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Shedden et al 26 utilized the structure of security risk for qualitative assessment of security risk of healthcare web application. Guan et al 27 proposed a fuzzy-based procedure for security risk evaluation and have used drawings for designing the security risk models.…”

Section: Related Workmentioning

confidence: 99%

<p>Security Risk Assessment of Healthcare Web Application Through Adaptive Neuro-Fuzzy Inference System: A Design Perspective</p>

Kaur¹,

Khan²,

Abushark³

et al. 2020

RMHP

View full text Add to dashboard Cite

Introduction:The imperative need for ensuring optimal security of healthcare web applications cannot be overstated. Security practitioners are consistently working at improvising on techniques to maximise security along with the longevity of healthcare web applications. In this league, it has been observed that assessment of security risks through soft computing techniques during the development of web application can enhance the security of healthcare web applications to a great extent. Methods: This study proposes the identification of security risks and their assessment during the development of the web application through adaptive neuro-fuzzy inference system (ANFIS). In this article, firstly, the security risk factors involved during healthcare web application development have been identified. Thereafter, these security risks have been evaluated by using the ANFIS technique. This research also proposes a fuzzy regression model. Results:The results have been compared with those of ANFIS, and the ANFIS model is found to be more acceptable for the estimation of security risks during the healthcare web application development. Conclusion:The proposed approach can be applied by the healthcare web application developers and experts to avoid the security risk factors during healthcare web application development for enhancing the healthcare data security.

show abstract

Section: Related Workmentioning

confidence: 99%

<p>Security Risk Assessment of Healthcare Web Application Through Adaptive Neuro-Fuzzy Inference System: A Design Perspective</p>

Kaur¹,

Khan²,

Abushark³

et al. 2020

RMHP

View full text Add to dashboard Cite

show abstract

“…Moreover, for the sake of the non-specialist users who have lack of knowledge of information security, Ya-chi Chu et al classify assets into five types: hardware, software, information, people and services and present very detailed content for each type [30]. In addition, knowledge-based methods [32] are also an effective means of risk identification. Finally, Padyab et al present a genre-based method for identifying risk named GBM-OA (Genre based method-OCTAVE Allegro) [33].…”

Section: Risk Identificationmentioning

confidence: 99%

A systematic review of information security risk assessment

Pan¹,

Tomlinson²

2016

Int. J. SAFE

View full text Add to dashboard Cite

Many standards exist to guide the process of risk assessment, particularly in the field of information security. This leads to many, subtly different, definitions of risk analysis, evaluation and assessment. Consequently, researchers often confuse these terms and disciplines, which leads to further confusion within the community. In this sense, it is important to come to a common understanding of the processes and terminology to clarify research in this area. A common approach to achieve this goal is to carry out a literature review. This paper takes a formal approach to the literature review based on the ideas of the Cochrane group. The result is a systematic review of risk assessment in the field of information security. We present a systematic review of over 80 research papers published between 2004 and 2014. The main contribution of our paper is to construct a classification of these published papers into seven types. This classification aims to help researchers obtain a clear and unbiased picture of the terminology, developments and trends of information security risk assessment in the academic sector. [6] present a conceptual framework of comparisons among well-documented ISRA guidelines including NIST 800-30, OCTAVE and ISRAM. Other authors are interested in the improvement of current risk analysis approaches by applying fuzzy theory [7,8] and AHP (Analytic Hierarchy Process) theory [9,10].However, to our knowledge, there has been no systematic overview of the ISRA research to analyse the emphasis of the work and the direction of future research. Consequently, this paper will apply the methodology of systematic review not only to summarize the related research papers, but also to present a classified framework of these papers. In order to not to confuse the phrases of risk analysis, risk assessment and risk evaluation, we will use their definitions from ISO 27005 in our systematic review. The aim of the classification framework is to help researchers obtain a clear picture about the research areas. According to this classification, researchers can find some study entry points in this sector. Researchers may also learn the advanced ISRA methods and find the connections between organizational level and academic level from this systematic review.

show abstract

“…Current risk evaluation methods can be divided into knowledge-based methods [1], probabilistic based methods [2], AHP methods [3,4], model-based methods [5,6], fuzzy logic-based methods [7], attack graphs based methods [8,9]. However, these methods are usually limited to the information security evaluation technology, which only evaluate the risk of system components, rarely based on business risk perspective.…”

Section: Introductionmentioning

confidence: 99%