Geodesic
Real-time hierarchical predictive risk assessment at the national level: Mutually agreed predicted service disruption profiles
International Journal of Applied Mathematics and Computer Science, Tome 30 (2020) no. 3, pp. 597-609.

Voir la notice de l'article provenant de la source Library of Science

We present a real-time hierarchical approach to an on-line risk assessment at the national level taking into account both local risk analyses performed by key service operators and relevant interdependencies between those services. For this purpose we define mutually agreed predicted service disruption profiles and then propose a coordination mechanism to align those profiles. A simple, four-entity example is provided to illustrate the coordination.
Keywords: risk assessment, cyber security, hierarchical approach, service disruption profile, coordination mechanism
Mots-clés : szacowanie ryzyka, bezpieczeństwo cyfrowe, podejście hierarchiczne 
@article{IJAMCS_2020_30_3_a14,
     author = {Malinowski, Krzysztof and Karbowski, Andrzej},
     title = {Real-time hierarchical predictive risk assessment at the national level: {Mutually} agreed predicted service disruption profiles},
     journal = {International Journal of Applied Mathematics and Computer Science},
     pages = {597--609},
     publisher = {mathdoc},
     volume = {30},
     number = {3},
     year = {2020},
     language = {en},
     url = {http://geodesic.mathdoc.fr/item/IJAMCS_2020_30_3_a14/}
}
TY  - JOUR
AU  - Malinowski, Krzysztof
AU  - Karbowski, Andrzej
TI  - Real-time hierarchical predictive risk assessment at the national level: Mutually agreed predicted service disruption profiles
JO  - International Journal of Applied Mathematics and Computer Science
PY  - 2020
SP  - 597
EP  - 609
VL  - 30
IS  - 3
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/IJAMCS_2020_30_3_a14/
LA  - en
ID  - IJAMCS_2020_30_3_a14
ER  - 
%0 Journal Article
%A Malinowski, Krzysztof
%A Karbowski, Andrzej
%T Real-time hierarchical predictive risk assessment at the national level: Mutually agreed predicted service disruption profiles
%J International Journal of Applied Mathematics and Computer Science
%D 2020
%P 597-609
%V 30
%N 3
%I mathdoc
%U http://geodesic.mathdoc.fr/item/IJAMCS_2020_30_3_a14/
%G en
%F IJAMCS_2020_30_3_a14
Malinowski, Krzysztof; Karbowski, Andrzej. Real-time hierarchical predictive risk assessment at the national level: Mutually agreed predicted service disruption profiles. International Journal of Applied Mathematics and Computer Science, Tome 30 (2020) no. 3, pp. 597-609. http://geodesic.mathdoc.fr/item/IJAMCS_2020_30_3_a14/

[1] Bertsekas, D. and Tsitsiklis, J. (1989). Parallel and Distributed Computation: Numerical Methods, Prentice Hall, Englewood Cliffs, NJ.

[2] EU (2016). Directive (EU) 2016/1148 of the European Parliament and of the Council of the European Union of 6 July 2016 concerning measures for a high common level of security of network and information systems across the union, Official Journal of the European Union 59: L194/1–L194/30.

[3] ENISA (2013). National-level risk assessments an analysis report—Executive summary, Technical report, European Union Agency for Network and Information Security, Heraklion.

[4] Findeisen, W., Bailey, F.N., Brdyś, M., Malinowski, K., Tatjewski, P. and Woźniak, A. (1980). Control and Coordination in Hierarchical Systems, Wiley, Chichester.

[5] Frommer, A. (1991). Generalized nonlinear diagonal dominance and applications to asynchronous iterative methods, Journal of Computational and Applied Mathematics 38(1): 105–124.

[6] Haimes, Y. (2016). Risk Modeling, Assessment, and Management (4th Edition), Wiley, Hoboken, NJ.

[7] Haimes, Y., Santos, J., Crowther, K., Henry, M., Lian, C. and Yan, Z. (2007). Risk analysis in interdependent infrastructure, in E. Goetz and S. Shenoi (Eds), Critical Infrastructure Protection, Springer, Boston, MA, pp. 297–310.

[8] Kalantarnia, M., Khan, F. and Hawboldt, K. (2009). Dynamic risk assessment using failure assessment and Bayesian theory, Journal of Loss Prevention in the Process Industries 22(5): 600–606.

[9] Karbowski, A., Malinowski, K., Szwaczyk, S. and Jaskóła, P. (2019). Critical infrastructure risk assessment using Markov chain model, Journal of Telecommunications and Information Technology 2019(2): 15–20.

[10] Khan, F., Hashemi, S.J., Paltrinieri, N., Amyotte, P., Cozzani, V. and Reniers, G. (2016). Dynamic risk management: A contemporary approach to process safety management, Current Opinion in Chemical Engineering 14: 9–17.

[11] Kołodziej, J. and Xhafa, F. (2011). Modern approaches to modeling user requirements on resource and task allocation in hierarchical computational grids, International Journal of Applied Mathematics and Computer Science 21(2): 243–257, DOI: 10.2478/v10006-011-0018-x.

[12] König, S., Schaberreiter, T., Rass, S. and Schauer, S. (2019). A measure for resilience of critical infrastructures, in E. Luiijf et al. (Eds), Critical Information Infrastructures Security, Springer, Cham, pp. 57–71.

[13] Lian, C. and Haimes, Y.Y. (2006). Managing the risk of terrorism to interdependent infrastructure systems through the dynamic inoperability input–output model, Systems Engineering 9(3): 241–258.

[14] López, Pastor, D. and Villalba, L.J.G. (2013). Dynamic risk assessment in information systems: State-of-the-art, Proceedings of the 6th International Conference on Information Technology (ICIT 2013), Amman, Jordan, pp. 1–9.

[15] Malinowski, K. and Karbowski, A. (2019). Hierarchical on-line risk assessment at national level, International Conference on Military Communications and Information Systems (ICMCIS 2019), Budva, Montenegro, pp. 1–5.

[16] Mesarović, M., Macko, D. and Takahara, Y. (1970). Theory of Multi-Level Hierarchical Systems, Academic Press, New York, NY.

[17] Naumov, S. and Kabanov, I. (2016). Dynamic framework for assessing cyber security risks in a changing environment, Proceedings of the 2016 International Conference on Information Science and Communication Technologies (ICISCT 2016), Tashkent, Uzbekistan, pp. 1–4.

[18] NIST (2012). Guide for conducting risk assessments, information security, NIST special publication 800-30, Revision 1, Technical report, US Department of Commerce, National Institute of Standards and Technology, Gaithersburg, MD.

[19] Poolsappasit, N., Dewri, R. and Ray, I. (2012). Dynamic security risk management using Bayesian attack graphs, IEEE Transactions on Dependable and Secure Computing 9(1): 61–74.

[20] Rausand, M. (2011). Risk Assessment; Theory, Methods, and Applications, Wiley, Hoboken, NJ.

[21] Settanni, G., Skopik, F., Shovgenya, Y., Fiedler, R., Carolan, M., Conroy, D., Boettinger, K., Gall, M., Brost, G., Ponchel, C., Haustein, M., Kaufmann, H., Theuerkauf, K. and Olli, P. (2017). A collaborative cyber incident management system for European interconnected critical infrastructures, Journal of Information Security and Applications 34(2): 166–182.

[22] Skopik, F., Settanni, G. and Fiedler, R. (2016). A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing, Computers Security 60: 154–176.

[23] Szwed, P. and Skrzyński, P. (2014). A new lightweight method for security risk assessment based on fuzzy cognitive maps, International Journal of Applied Mathematics and Computer Science 24(1): 213–225, DOI: 10.2478/amcs-2014-0016.

[24] Viduto, V., Maple, C., Huang, W. and López-Peréz, D. (2012). A novel risk assessment and optimization model for a multi-objective network security countermeasure selection problem, Decision Support Systems 53(3): 569–610.

[25] Zhang, Q., Zhou, C., Xiong, N., Qin, Y., Li, X. and Huang, S. (2016). Multimodel-based incident prediction and risk assessment in dynamic cybesecurity protection for industrial control systems, IEEE Transactions on Systems, Man and Cybernetics 46(10): 1426–1444.

[26] Zwikael, O. and Smyrk, J. (2019). Project Management: A Benefit Realisation Approach, Springer, Cham.