• Asia pacific journal of information systems
• /
• v.21 no.4
• /
• pp.27-43
• /
• 2011

This article explores economic models that show the optimal level of information security investment in the presence of interdependent security risks, Using particular functional forms, the analysis shows that the relationship between the levels of security vulnerability and the levels of optimal security investments is affected by externalities caused by agents' correlated security risks. This article further illustrates that, compared to security investments in the situation of independent security risks, in order to maximize the expected benefits from security investments, an agent should invest a larger fraction of the expected loss from a security breach in the case of negative externalities, while an agent should spend a smaller fraction of the expected loss in the case of negative externalities.

• International Journal of Computer Science & Network Security
• /
• v.22 no.1
• /
• pp.69-76
• /
• 2022

At the current stage of globalization and European integration of Ukraine, the aspects related to the effective fight against corruption in the system of economic security of our country are receiving more and more attention, as they become a prerequisite for continuing reforms based on international funding. In order to consider this issue and solve this problem, the necessary step is to develop and implement real mechanisms of the system for detecting and preventing corrupt behavior, which are based on international anti-corruption standards. The leading component of this system is the management of corruption risks in the system of economic security in order to identify them and implement measures to reduce them. This study analyzes the corruption perception index in Ukraine in recent years, which showed a positive, albeit somewhat slow dynamics of its growth, indicating a gradual increase in overcoming corruption through the introduction of a number of anti-corruption measures and changes. It is proved that the current stage of socio-economic development of the country contributes to strengthening the processes of combating corruption and preventing corruption risks, creating an effective and efficient anti-corruption system of the state. The concept of "corruption" was studied, it was found that in the field of public administration it is considered from different positions and is closely related to the concept of "corruption risks". The essence and features of corruption risks are studied, the preconditions of their occurrence are formulated, the relationship between the causes of corruption risks and economic security in the field of public authority has been established. The system of corruption risk management is considered and its components are characterized. It is proposed to increase the effectiveness of anticorruption policy through the implementation of measures aimed at investigating the causes of corruption risks, as well as developed effective and effective means of reducing corruption risks within the system of economic security

• Asia pacific journal of information systems
• /
• v.22 no.1
• /
• pp.79-101
• /
• 2012

This study expands the current body of research by exploring multiple scenarios of insufficient and excessive IT security investments caused by interdependent risks and the interplay between IT security investments and cyber insurance. A key finding is that organizations experiencing interdependent risks with different types of cyber attacks (i.e., targeted and untargeted attacks) use different strategies in making IT security investment decisions and in purchasing cyber insurance policies for their information security risk management than firms that are facing independent risks. The study further provides an economic rationale for employing insurance mechanisms as a risk management solution for information security.

• IE interfaces
• /
• v.16 no.4
• /
• pp.421-431
• /
• 2003

Due to the increasing complexity of the information systems environment, modern information systems are facing more difficult and various security risks than ever, there by calling for a higher level of security safeguard. In this paper, an information technology security risk management model, which modified by adopting the concept of business processes, is applied to client/server distributed systems. The results demonstrate a high level of risk-detecting performance of the model, by detecting various kinds of security risks. In addition, a practical and efficient security control safeguard to cope with the identified security risks are suggested. Namely, using the proposed model, the risks on the assets in both of the I/O stage(on client side) and the request/processing stage(on server side), which can cause serious problems on business processes, are identified and the levels of the risks are analyzed. The analysis results show that maintenance of management and access control to application systems are critical in the I/O stage, while managerial security activities including training are critical in the request/processing stage.

• Journal of Navigation and Port Research
• /
• v.37 no.6
• /
• pp.709-718
• /
• 2013

In this study, AHP analysis was conducted through a survey that was organized by 9 job categories. The results show that sustainable operation risks have the highest priority level among all criteria with management interest having the highest priority level within sustainable operation risks related attributes. The most important risk attributes among stakeholder risks appeared to be asset security and cargo and conveyance security, with education and training being the most important among regulatory risks. Effective management and response to the risks from export controls on strategic trade require an understanding of supply chain security and compliance programs, effective training programs, investments for development of security systems that meet international standards. In addition, the government needs to focus on developing professionals and providing support for companies with compliance programs, working closely with businesses.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.3
• /
• pp.1408-1416
• /
• 2011

Cloud computing provides not only cost savings and efficiencies for computing resources, but the ability to expend and enhance services. However, cloud service users(enterprisers) are very concerned about the risks created by the characteristics of cloud computing. In this paper, we discuss major concerns about cloud computing environments including concerns regarding security. We also analyze the security concerns specifically, identify threats to cloud computing, and propose general countermeasures to reduce the security risks.

• Knowledge Management Research
• /
• v.16 no.4
• /
• pp.35-45
• /
• 2015

Fintech, which means the convergence of finance and information technology, becomes a hot topic in the financial sector. Through innovative activities on financial services, ICT(Information and Communication Technology) is integrated into the overall financial industry, and a new form of financial services could be expected to improve the existing financial system. On the other hand, fintech services are relatively vulnerable to security issues. Due to the process simplication and the channel fusion, the leakage of personal and financial informations, authentication bypass, phishing, and pharming are getting more concerned. In this study we investigated the security risk of fintech services in the viewpoints of service provider, technology adoption, and security policy. The possible countermeasures to reduce those risks are suggested because security is an important criterion for selecting financial services. This study basically offers quantification of the potential security risks and step-by-step control measures about business processes in the fintech services. The suggested security model includes user authentication, terminal security, payment information protection, API(Application Programming Interface) security, and abnormal transaction monitoring. This study might contribute to an understanding of the security risks and some possible measures for mitigating those risks on the practical perspective.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.2
• /
• pp.865-882
• /
• 2017

To improve passenger convenience and safety, today's vehicle is evolving into a "connected vehicle," which mounts various sensors, electronic control devices, and wired/wireless communication devices. However, as the number of connections to external networks via the various electronic devices of connected vehicles increases and the internal structures of vehicles become more complex, there is an increasing chance of encountering issues such as malfunctions due to various functional defects and hacking. Recalls and indemnifications due to such hacking or defects, which may occur as vehicles evolve into connected vehicles, are becoming a new risk for automakers, causing devastating financial losses. Therefore, automakers need to make voluntary efforts to comply with security ethics and strengthen their responsibilities. In this study, we investigated potential security issues that may occur under a connected vehicle environment (vehicle-to-vehicle, vehicle-to-infrastructure, and internal communication). Furthermore, we analyzed several case studies related to automaker's legal risks and responsibilities and identified the security requirements and necessary roles to be played by each player in the automobile development process (design, manufacturing, sales, and post-sales management) to enhance their responsibility, along with measures to manage their legal risks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.7
• /
• pp.2892-2913
• /
• 2016

Network virtualization promises to play a dominant role in shaping the future Internet by overcoming the Internet ossification problem. However, due to the injecting of additional virtualization layers into the network architecture, several new security risks are introduced by the network virtualization. Although traditional protection mechanisms can help in virtualized environment, they are not guaranteed to be successful and may incur high security overheads. By performing the virtual network (VN) embedding in a security-aware way, the risks exposed to both the virtual and substrate networks can be minimized, and the additional techniques adopted to enhance the security of the networks can be reduced. Unfortunately, existing embedding algorithms largely ignore the widespread security risks, making their applicability in a realistic environment rather doubtful. In this paper, we attempt to address the security risks by integrating the security factors into the VN embedding. We first abstract the security requirements and the protection mechanisms as numerical concept of security demands and security levels, and the corresponding security constraints are introduced into the VN embedding. Based on the abstraction, we develop three security-risky modes to model various levels of risky conditions in the virtualized environment, aiming at enabling a more flexible VN embedding. Then, we present a mixed integer linear programming formulation for the VN embedding problem in different security-risky modes. Moreover, we design three heuristic embedding algorithms to solve this problem, which are all based on the same proposed node-ranking approach to quantify the embedding potential of each substrate node and adopt the k-shortest path algorithm to map virtual links. Simulation results demonstrate the effectiveness and efficiency of our algorithms.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12spc
• /
• pp.586-596
• /
• 2021

Software organisations follow different methodologies for the development of software. The software development methodologies are mainly divided into two categories, including plan-driven and agile development. To attain project success, it is very significant to consider risk management during whole project. Agile development is considered risk-driven, but many risks are unreported at the industrial level. The risks can be divided into three categories, including (i) development risks, (ii) organisations risks, and (iii) people-oriented risks. This paper deals with Development risks specifically. Several risks related to development are faced by people working in the industry while dealing with agile development. Their management among the industry is a big issue, so this paper emphasises ARMF based on development-related risks by following agile development. This research work will help software organisations to prevent different project-related risks during agile development. The risks are elicited at two-level, (i) literature-based and (ii) IT industry based. A systematic literature review was performed for eliciting the agile risks from the literature. Detailed case studies and survey research methods were applied for eliciting risks from IT industry. Finally, we merged the agile development risks from literature with standard industrial risks. Hence, we established an agile risk mitigation framework ARMF based on agile development and present a groundwork established in light of empirical examination for extending it in future research.