Real-time hierarchical predictive risk assessment at the national level: Mutually agreed predicted service disruption profiles

• Autorzy: Malinowski Krzysztof , Karbowski Andrzej

Identyfikatory

DOI

10.34768/amcs-2020-0044

• Języki publikacji: EN

Abstrakty

EN

We present a real-time hierarchical approach to an on-line risk assessment at the national level taking into account both local risk analyses performed by key service operators and relevant interdependencies between those services. For this purpose we define mutually agreed predicted service disruption profiles and then propose a coordination mechanism to align those profiles. A simple, four-entity example is provided to illustrate the coordination.

Słowa kluczowe

EN

risk assessment; cyber security; hierarchical approach; service disruption profile; coordination mechanism

PL

szacowanie ryzyka; bezpieczeństwo cyfrowe; podejście hierarchiczne

• Wydawca: Oficyna Wydawnicza Uniwersytetu Zielonogórskiego
• Czasopismo: International Journal of Applied Mathematics and Computer Science
• Rocznik: 2020
• Tom: Vol. 30, no. 3
• Strony: 597--609
• Opis fizyczny: Bibliogr. 26 poz., rys.

Twórcy

autor

Malinowski Krzysztof

• Centre for Research and Technology Transfer, Research and Academic Computer Network—State Research Institute (NASK PIB), ul. Kolska 12, 01-045 Warsaw, Poland

autor

Karbowski Andrzej

• Centre for Research and Technology Transfer, Research and Academic Computer Network—State Research Institute (NASK PIB), ul. Kolska 12, 01-045 Warsaw, Poland; Institute of Control and Computation Engineering, Warsaw University of Technology, ul. Nowowiejska 15/19, 00-665 Warsaw, Poland

Bibliografia

• [1] Bertsekas, D. and Tsitsiklis, J. (1989). Parallel and Distributed Computation: Numerical Methods, Prentice Hall, Englewood Cliffs, NJ.
• [2] EU (2016). Directive (EU) 2016/1148 of the European Parliament and of the Council of the European Union of 6 July 2016 concerning measures for a high common level of security of network and information systems across the union, Official Journal of the European Union 59: L194/1–L194/30.
• [3] ENISA (2013). National-level risk assessments an analysis report—Executive summary, Technical report, European Union Agency for Network and Information Security, Heraklion.
• [4] Findeisen, W., Bailey, F.N., Brdyś, M., Malinowski, K., Tatjewski, P. and Woźniak, A. (1980). Control and Coordination in Hierarchical Systems, Wiley, Chichester.
• [5] Frommer, A. (1991). Generalized nonlinear diagonal dominance and applications to asynchronous iterative methods, Journal of Computational and Applied Mathematics 38(1): 105–124.
• [6] Haimes, Y. (2016). Risk Modeling, Assessment, and Management (4th Edition), Wiley, Hoboken, NJ.
• [7] Haimes, Y., Santos, J., Crowther, K., Henry, M., Lian, C. and Yan, Z. (2007). Risk analysis in interdependent infrastructure, in E. Goetz and S. Shenoi (Eds), Critical Infrastructure Protection, Springer, Boston, MA, pp. 297–310.
• [8] Kalantarnia, M., Khan, F. and Hawboldt, K. (2009). Dynamic risk assessment using failure assessment and Bayesian theory, Journal of Loss Prevention in the Process Industries 22(5): 600–606.
• [9] Karbowski, A., Malinowski, K., Szwaczyk, S. and Jaskóła, P. (2019). Critical infrastructure risk assessment using Markov chain model, Journal of Telecommunications and Information Technology 2019(2): 15–20.
• [10] Khan, F., Hashemi, S.J., Paltrinieri, N., Amyotte, P., Cozzani, V. and Reniers, G. (2016). Dynamic risk management: A contemporary approach to process safety management, Current Opinion in Chemical Engineering 14: 9–17.
• [11] Kołodziej, J. and Xhafa, F. (2011). Modern approaches to modeling user requirements on resource and task allocation in hierarchical computational grids, International Journal of Applied Mathematics and Computer Science 21(2): 243–257, DOI: 10.2478/v10006-011-0018-x.
• [12] König, S., Schaberreiter, T., Rass, S. and Schauer, S. (2019). A measure for resilience of critical infrastructures, in E. Luiijf et al. (Eds), Critical Information Infrastructures Security, Springer, Cham, pp. 57–71.
• [13] Lian, C. and Haimes, Y.Y. (2006). Managing the risk of terrorism to interdependent infrastructure systems through the dynamic inoperability input–output model, Systems Engineering 9(3): 241–258.
• [14] López, Pastor, D. and Villalba, L.J.G. (2013). Dynamic risk assessment in information systems: State-of-the-art, Proceedings of the 6th International Conference on Information Technology (ICIT 2013), Amman, Jordan, pp. 1–9.
• [15] Malinowski, K. and Karbowski, A. (2019). Hierarchical on-line risk assessment at national level, International Conference on Military Communications and Information Systems (ICMCIS 2019), Budva, Montenegro, pp. 1–5.
• [16] Mesarović, M., Macko, D. and Takahara, Y. (1970). Theory of Multi-Level Hierarchical Systems, Academic Press, New York, NY.
• [17] Naumov, S. and Kabanov, I. (2016). Dynamic framework for assessing cyber security risks in a changing environment, Proceedings of the 2016 International Conference on Information Science and Communication Technologies (ICISCT 2016), Tashkent, Uzbekistan, pp. 1–4.
• [18] NIST (2012). Guide for conducting risk assessments, information security, NIST special publication 800-30, Revision 1, Technical report, US Department of Commerce, National Institute of Standards and Technology, Gaithersburg, MD.
• [19] Poolsappasit, N., Dewri, R. and Ray, I. (2012). Dynamic security risk management using Bayesian attack graphs, IEEE Transactions on Dependable and Secure Computing 9(1): 61–74.
• [20] Rausand, M. (2011). Risk Assessment; Theory, Methods, and Applications, Wiley, Hoboken, NJ.
• [21] Settanni, G., Skopik, F., Shovgenya, Y., Fiedler, R., Carolan, M., Conroy, D., Boettinger, K., Gall, M., Brost, G., Ponchel, C., Haustein, M., Kaufmann, H., Theuerkauf, K. and Olli, P. (2017). A collaborative cyber incident management system for European interconnected critical infrastructures, Journal of Information Security and Applications 34(2): 166–182.
• [22] Skopik, F., Settanni, G. and Fiedler, R. (2016). A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing, Computers & Security 60: 154–176.
• [23] Szwed, P. and Skrzyński, P. (2014). A new lightweight method for security risk assessment based on fuzzy cognitive maps, International Journal of Applied Mathematics and Computer Science 24(1): 213–225, DOI: 10.2478/amcs-2014-0016.
• [24] Viduto, V., Maple, C., Huang, W. and López-Peréz, D. (2012). A novel risk assessment and optimization model for a multi-objective network security countermeasure selection problem, Decision Support Systems 53(3): 569–610.
• [25] Zhang, Q., Zhou, C., Xiong, N., Qin, Y., Li, X. and Huang, S. (2016). Multimodel-based incident prediction and risk assessment in dynamic cybesecurity protection for industrial control systems, IEEE Transactions on Systems, Man and Cybernetics 46(10): 1426–1444.
• [26] Zwikael, O. and Smyrk, J. (2019). Project Management: A Benefit Realisation Approach, Springer, Cham.

Uwagi

PL

Opracowanie rekordu ze środków MNiSW, umowa Nr 461252 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2020).