• Journal of Information Processing Systems
• /
• 제16권1호
• /
• pp.61-82
• /
• 2020

The security risk management used by some service providers is not appropriate for effective security enhancement. The reason is that the security risk management methods did not take into account the opinions of security experts, types of service, and security vulnerability-based risk assessment. Moreover, the security risk assessment method, which has a great influence on the risk treatment method in an information security risk assessment model, should be security risk assessment for fine-grained risk assessment, considering security vulnerability rather than security threat. Therefore, we proposed an improved information security risk management model and methods that consider vulnerability-based risk assessment and mitigation to enhance security controls considering limited security budget. Moreover, we can evaluate the security cost allocation strategies based on security vulnerability measurement that consider the security weight.

• 국제학술발표논문집
• /
• The 3th International Conference on Construction Engineering and Project Management
• /
• pp.292-301
• /
• 2009

The employment of risk management theory in Urban Disaster Management System (UDMS) has become an important trend in recent years. The viewpoint of risk management is mainly a comprehensive risk assessment of various internal and external factors, and a subsequent handling of risks. Through continuous and systematic accumulation and analysis of risk information, disaster prevention and rescue system is established. Taking risk management theory as the foundation, Organization for Economic Cooperation and Development (OECD) has developed a series of UDMS in the mega-cities all over the world. With this system as a common platform, OECD cooperates with different cities to develop disaster prevention and rescue system consisting of vulnerability assessment methods, risk assessment and countermeasures. The paper refers to the urban disaster vulnerability assessment and risk management of OECD and the mega-cities of different advanced and developed countries in the world, and then constructs a preliminarily drafted structure for the vulnerability assessment methods and risk management mechanism in the metropolitan districts of Taiwan.

• 인터넷정보학회논문지
• /
• 제14권3호
• /
• pp.23-33
• /
• 2013

최근 IT분야에서 클라우드 컴퓨팅 기술은 유연성, 효율성, 비용절감이라는 특징을 갖고 있어 현 사회에 빠르게 보급되고 있다. 그러나 클라우드 컴퓨팅 시스템은 보안의 취약점을 크게 갖고 있다. 본 연구에서는 클라우드 컴퓨팅 시스템 보안의 취약점 해결을 위해, 가상머신의 취약점에 대한 유형 및 영향분석 타입(impact type)을 정하고, 가상머신의 취약점에 대한 위험도 평가에 따른 우선순위를 정하였다. 취약점 분석을 위해서는 오픈프레임워크인 CVSS2.0을 기반으로 취약점에 대한 위험도 측정 기준을 정의하고 해당 취약점마다 점수를 매겨 위험도 측정을 체계화하였다. 제시된 취약점 위험도 기준은 취약점의 근본적인 특징을 제시하고 취약점에 대한 위험도를 제공하여 취약점 최소화를 위한 기술적 가이드를 작성하는 데에 활용 가능할 것으로 판단된다. 또한 제시된 취약점 위험도 기준은 연구내용 자체로 의미가 있으며 향후 추진될 기술 정책프로젝트에서 활용될 수 있다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제15권12호
• /
• pp.4531-4544
• /
• 2021

Because the traditional network information security vulnerability risk assessment method does not set the weight, it is easy for security personnel to fail to evaluate the value of information security vulnerability risk according to the calculation value of network centrality, resulting in poor evaluation effect. Therefore, based on the network security data element feature system, this study designed a quantitative assessment method of network information security vulnerability detection risk under single transmission state. In the case of single transmission state, the multi-dimensional analysis of network information security vulnerability is carried out by using the analysis model. On this basis, the weight is set, and the intrinsic attribute value of information security vulnerability is quantified by using the qualitative method. In order to comprehensively evaluate information security vulnerability, the efficacy coefficient method is used to transform information security vulnerability associated risk, and the information security vulnerability risk value is obtained, so as to realize the quantitative evaluation of network information security vulnerability detection under single transmission state. The calculated values of network centrality of the traditional method and the proposed method are tested respectively, and the evaluation of the two methods is evaluated according to the calculated results. The experimental results show that the proposed method can be used to calculate the network centrality value in the complex information security vulnerability space network, and the output evaluation result has a high signal-to-noise ratio, and the evaluation effect is obviously better than the traditional method.

• Safety and Health at Work
• /
• 제10권2호
• /
• pp.172-179
• /
• 2019

Background: Workers exposed to hazards without adequate protections are at greater risk of injury and illness. Supervisor activities have also been associated with injury risk. We examined the interplay between supervisor safety support and occupational health and safety (OHS) vulnerability on workplace injury and illness. Methods: A survey was administered to 2,390 workers employed for more than 15 hrs/week in workplaces with at least five employees who had a direct supervisor. We examined the combined effects of hazard exposure with inadequate protection (OHS vulnerability) and supervisor support on workplace injury and illness, using additive interactions in log-binomial regression models. Results: OHS vulnerability and lack of supervisor support independently increased the likelihood of physical injuries at work. Crude and adjusted models showed that the risk of physical injury was at least 3.5 times higher among those experiencing both OHS vulnerability and a lack of supervisor support than individuals without OHS vulnerability and with a supportive direct supervisor. Workers who experienced vulnerability were at less risk if they had a supervisor who was supportive. Conclusion: In workplaces where workers experience one or more types of OHS vulnerability, having a supportive supervisor may play an important role in reducing the risk of injury and protecting workers.

• Journal of Multimedia Information System
• /
• 제4권2호
• /
• pp.57-64
• /
• 2017

Numerous software vulnerabilities have been found in the popular operating systems. And recently, robust linear behaviors in software vulnerability discovery process have been noticeably observed among the many popular systems having multi-versions released. Software users need to estimate how much their software systems are risk enough so that they need to take an action before it is too late. Security vulnerabilities are discovered throughout the life of a software system by both the developers, and normal end-users. So far there have been several vulnerability discovery models are proposed to describe the vulnerability discovery pattern for determining readiness for patch release, optimal resource allocations or evaluating the risk of vulnerability exploitation. Here, we apply a linear vulnerability discovery model into Windows operating systems to see the linear discovery trends currently observed often. The applicability of the observation form the paper show that linear discovery model fits very well with aggregate version rather than each version.

• International Journal of Naval Architecture and Ocean Engineering
• /
• 제12권1호
• /
• pp.541-551
• /
• 2020

Based on the trend, there have been numerous researches analysing the ship collision risk. However, in this scope, the navigational conditions and external environment are ignored or incompletely considered in training or/and real situation. It has been identified as a significant limitation in the navigational collision risk assessment. Therefore, a novel algorithm of the ship navigational collision risk solving system has been proposed based on basic collision risk and vulnerabilities of marine accidents. The vulnerability can increase the possibility of marine collision accidents. The factors of vulnerabilities including bad weather, tidal currents, accidents prone area, traffic congestion, operator fatigue and fishing boat operating area are involved in the fuzzy reasoning engines to evaluate the navigational conditions and environment. Fuzzy logic is employed to reason basic collision risk using Distance to Closest Point of Approach (DCPA) and Time of Closest Point of Approach (TCPA) and the degree of vulnerability in the specific coastal waterways. Analytical Hierarchy Process (AHP) method is used to obtain the integration of vulnerabilities. In this paper, vulnerability factors have been proposed to improve the collision risk assessment especially for non-SOLAS ships such as coastal operating ships and fishing vessels in practice. Simulation is implemented to validate the practicability of the designed navigational collision risk solving system.

• Journal of Multimedia Information System
• /
• 제8권4호
• /
• pp.259-266
• /
• 2021

Security vulnerabilities have been reported in major design software systems such as Adobe Photoshop and Illustrator, which are recognized as de facto standard design tools in most of the design industries. Companies need to evaluate and manage their risk levels posed by those vulnerabilities, so that they could mitigate the potential security bridges in advance. In general, security vulnerabilities are discovered throughout their life cycles repeatedly if software systems are continually used. Hence, in this study, we empirically analyze risk levels for the three major graphical design software systems, namely Photoshop, Illustrator and GIMP with respect to a software vulnerability discovery model. The analysis reveals that the Alhazmi-Malaiya Logistic model tends to describe the vulnerability discovery patterns significantly. This indicates that the vulnerability discovery model makes it possible to predict vulnerability discovery in advance for the software systems. Also, we found that none of the examined vulnerabilities requires even a single authentication step for successful attacks, which suggests that adding an authentication process in software systems dramatically reduce the probability of exploitations. The analysis also discloses that, for all the three software systems, the predictions with evenly distributed and daily based datasets perform better than the estimations with the datasets of vulnerability reporting dates only. The observed outcome from the analysis allows software development managers to prepare proactively for a hostile environment by deploying necessary resources before the expected time of vulnerability discovery. In addition, it can periodically remind designers who use the software systems to be aware of security risk, related to their digital work environments.

• 한국농공학회논문집
• /
• 제57권1호
• /
• pp.59-67
• /
• 2015

Because reservoirs that supply irrigation water play an important role in water resource management, it is necessary to evaluate the vulnerability of this particular water supply resource. The purpose of this study is to provide water supply risk maps of agricultural reservoirs in South Korea using irrigation vulnerability model and cluster analysis. To quantify water supply risk, irrigation vulnerability indices are estimated to evaluate the performance of the water supply on the agricultural reservoir system using a probability theory and reliability analysis. First, the irrigation vulnerability probabilities of 1,346 reservoirs managed by Korea Rural Community Corporation (KRC) were analyzed using meteorological data on 54 meteorological stations over the past 30 years (1981-2010). Second, using the K-mean method of non-hierarchical cluster analysis and pre-simulation approach, cluster analysis was applied to classify into three groups for characterizing irrigation vulnerability in reservoirs. The morphology index, watershed area, irrigated area, and ratio between watershed and irrigated area are selected as the clustering analysis parameters. It is suggested that the water supply risk map be utilized as a basis for the establishment of risk management measures, and could provide effective information for a reasonable decision making on drought risk mitigation.

• 해양환경안전학회지
• /
• 제26권3호
• /
• pp.227-232
• /
• 2020

This paper develops a risk index based on an indicator of risk assessment in terms of coastal activity location and accident type. The risk index is derived from a formula which adds the consequence of failure to a vulnerability value, then subtracts the mitigation value. Specifically, the consequence of failure is the number of casualties in coastal activity locations. An indicator of vulnerability refers to coastal environment elements and social elements. A pointer of mitigation includes managerial and organizational elements that indicate the capabilities of coastal activities. A risk rating of coastal activity location is found from a risk matrix consisting of the accident location and type. The purpose of this study is to prevent accidents at coastal activity locations by allowing the Coastal police guard to monitor effectively and inform visitors of potential risks.