Risk assessment in fleet management system  using OCTAVE allegro

Alfarisi, Salman; Surantha, Nico

doi:10.11591/eei.v11i1.3241

Cited by 9 publications

(5 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Current security practices. As reported by the author [14] regarding digitalization and the new and major types of cyberattack in Peru's commercial sector, the current security practices are preventive measures against any type of cyberattacks and when this happens, the IT manager should be prepared to face them.…”

Section: Figure 2 Identify Business Knowledgementioning

confidence: 99%

Leveraging Security Modeling and Information Systems Audits to Mitigate Network Vulnerabilities

Arenas,

Yactayo-Arias,

Quispe

et al. 2023

IJSSE

View full text Add to dashboard Cite

Advancements in digital technologies have significantly enhanced the functional capabilities of consumers and businesses alike, yet have concurrently amplified the complexities associated with cybersecurity, including theft and cyber-attacks. Consequently, auditing of information systems has emerged as a crucial security apparatus for organizations aiming to safeguard their data assets, specifically with respect to customer information. This study aims to design an information systems security and audit model that emphasizes the fortification of an organization's crucial assets via IT infrastructure security and information security management systems, in alignment with ISO 27001 standards. The proposed model seeks to assure information confidentiality, integrity, availability, and compliance with legal mandates. The study adopted the OCTAVE v2.0 method, executed in three distinct phases. In the first phase, profiles of asset-based threats were constructed. The second phase involved the identification of infrastructure vulnerabilities, whereas the final phase focused on the development of a security strategy and plans. The implementation of the proposed model yielded a marked impact, with a positive shift from 46% to 94% following the establishment of IT infrastructure security policies. The study underscores the importance of conducting a comparative analysis prior to implementation and asserts that well-defined and identified security models and information systems auditing can effectively counteract potential data leaks and cyber-attacks such as malware, phishing, spam, and ransomware. The findings suggest that a meticulous and preemptive approach to auditing and security planning can significantly bolster the resilience of an organization's digital infrastructure.

show abstract

Section: Figure 2 Identify Business Knowledgementioning

confidence: 99%

Leveraging Security Modeling and Information Systems Audits to Mitigate Network Vulnerabilities

Arenas,

Yactayo-Arias,

Quispe

et al. 2023

IJSSE

View full text Add to dashboard Cite

show abstract

“…For both OCTAVE and OCTAVE-S, the following three stages need to be fulfilled: building asset-based threat profiles, identifying infrastructure vulnerabilities, and developing a security strategy and plans [42]. To identify existing threats, a threat profile is created for each critical asset in the organization using a threat-tree approach [42]. Figure 5 shows the tree structure of the OCTAVE methods, which is used for each asset currently in an organization.…”

Section: Octavementioning

confidence: 99%

“…Figure 5 shows the tree structure of the OCTAVE methods, which is used for each asset currently in an organization. The vulnerability, threat agent, attacker purpose, and effect of the attack on the asset are all identified using the tree structure [42]. The goal of the OA is the same as that of OCTAVE and OCTAVE-S, but it has the additional benefit of targeting the information assets [43].…”

Section: Octavementioning

confidence: 99%

When Security Risk Assessment Meets Advanced Metering Infrastructure: Identifying the Appropriate Method

et al. 2023

View full text Add to dashboard Cite

Leading risk assessment standards such as the NIST SP 800-39 and ISO 27005 state that information security risk assessment (ISRA) is one of the crucial stages in the risk-management process. It pinpoints current weaknesses and potential risks, the likelihood of their materializing, and their potential impact on the functionality of critical information systems such as advanced metering infrastructure (AMI). If the current security controls are insufficient, risk assessment helps with applying countermeasures and choosing risk-mitigation strategies to decrease the risk to a controllable level. Although studies have been conducted on risk assessment for AMI and smart grids, the scientific foundations for selecting and using an appropriate method are lacking, negatively impacting the credibility of the results. The main contribution of this work is identifying an appropriate ISRA method for AMI by aligning the risk assessment criteria for AMI systems with the ISRA methodologies’ characteristics. Consequently, this work makes three main contributions. First, it presents a comprehensive comparison of multiple ISRA methods, including OCTAVE Allegro (OA), CORAS, COBRA, and FAIR, based on a variety of input requirements, tool features, and the type of risk assessment method. Second, it explores the necessary conditions for carrying out a risk assessment for an AMI system. Third, these AMI risk assessment prerequisites are aligned with the capabilities of multiple ISRA approaches to identify the best ISRA method for AMI systems. The OA method is found to be the best-suited risk assessment method for AMI, and this outcome paves the way to standardizing this method for AMI risk assessment.

show abstract

“…OCTAVE Allegro [39,40] is a version of the OCTAVE approach, which is a comprehensive evaluation of an organization's operational risk environment that yields improved results without requiring extensive risk assessment experience. In [41], the authors utilized the OCTAVE allegro methodology to identify risks in the fleet management system (FMS), identified and ranked the risks to be mitigated, presented mitigation recommendations, and demonstrated the solution's effectiveness. In [42], the authors utilized the OCTAVE allegro approach to evaluate the information system risk at the ed-tech organization to determine the risk mitigation priorities.…”

Section: Related Workmentioning

confidence: 99%

A Study on Internet of Things Devices Vulnerabilities using Shodan

Rajasekar¹,

Rajkumar²

2023

IJC

View full text Add to dashboard Cite

IoT has attracted a diverse range of applications due to its adaptability, flexibility, and scalability. However, the most significant barriers to IoT adoption are security, privacy, interoperability, and a lack of standards. Due to the persistent online connectivity and lack of security measures, adversaries can quickly attack IoT systems for various adversarial operations, financial gain, and access to sensitive data. We conducted a massive vulnerability scan on IoT devices using Shodan, the IoT search engine. The discovered vulnerabilities are analyzed using the Octave Allegro risk assessment method to determine the risk level (Critical, High, Moderate, Low, None), and the results are classified based on the vulnerabilities. The research findings are intriguing, shocking, and alarming, revealing the bitter reality that IoT devices are rapidly increasing while simultaneously eroding users' privacy on a never-before-seen scale. Our search discovered 13,558 webcams with outdated components, 11,090 devices disclosing NAT-PMP information, and 16,356 connected devices responding to remote telnet access. Around 2,456 IoT devices were found with the Heartbleed vulnerability, 674 with the Ticketbleed vulnerability, and 9,241 with expired SSL certificates. Nearly 18,638 IoT consumer devices are configured with insecure default settings; 11,481 devices with default SNMP agent community names; 4,987 devices running on non-standard ports; and 4,425 Cisco devices are configured with generic or default passwords.

show abstract

Risk assessment in fleet management system using OCTAVE allegro

Cited by 9 publications

References 20 publications

Leveraging Security Modeling and Information Systems Audits to Mitigate Network Vulnerabilities

Leveraging Security Modeling and Information Systems Audits to Mitigate Network Vulnerabilities

When Security Risk Assessment Meets Advanced Metering Infrastructure: Identifying the Appropriate Method

A Study on Internet of Things Devices Vulnerabilities using Shodan

Contact Info

Product

Resources

About