• Title/Summary/Keyword: Security Risk

Search Result 1,265, Processing Time 0.028 seconds

A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS

  • Song, Jae-Gu;Lee, Jung-Woon;Lee, Cheol-Kwon;Kwon, Kee-Choon;Lee, Dong-Young
    • Nuclear Engineering and Technology
    • /
    • v.44 no.8
    • /
    • pp.919-928
    • /
    • 2012
  • The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the lifecycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

A Study on the Feature and Countermeasure on Maritime Security threats in Korea (국내 해상보안 위협의 유형별 특성과 대응방안)

  • Lim Hee Jun;Kim Dong Hyug;Son Hyun Min;Lee Eun Bang
    • Proceedings of KOSOMES biannual meeting
    • /
    • 2003.11a
    • /
    • pp.99-104
    • /
    • 2003
  • The maritime security risk has been recognized since the terrorists attacked the world trade center and the Pentagon In this paper, maritime security risk is analyzed on the basis if the data of crime in Korean sea We propose the countermeasures to prevent maritime security threats

  • PDF

An Intelligent Game Theoretic Model With Machine Learning For Online Cybersecurity Risk Management

  • Alharbi, Talal
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.6
    • /
    • pp.390-399
    • /
    • 2022
  • Cyber security and resilience are phrases that describe safeguards of ICTs (information and communication technologies) from cyber-attacks or mitigations of cyber event impacts. The sole purpose of Risk models are detections, analyses, and handling by considering all relevant perceptions of risks. The current research effort has resulted in the development of a new paradigm for safeguarding services offered online which can be utilized by both service providers and users. customers. However, rather of relying on detailed studies, this approach emphasizes task selection and execution that leads to successful risk treatment outcomes. Modelling intelligent CSGs (Cyber Security Games) using MLTs (machine learning techniques) was the focus of this research. By limiting mission risk, CSGs maximize ability of systems to operate unhindered in cyber environments. The suggested framework's main components are the Threat and Risk models. These models are tailored to meet the special characteristics of online services as well as the cyberspace environment. A risk management procedure is included in the framework. Risk scores are computed by combining probabilities of successful attacks with findings of impact models that predict cyber catastrophe consequences. To assess successful attacks, models emulating defense against threats can be used in topologies. CSGs consider widespread interconnectivity of cyber systems which forces defending all multi-step attack paths. In contrast, attackers just need one of the paths to succeed. CSGs are game-theoretic methods for identifying defense measures and reducing risks for systems and probe for maximum cyber risks using game formulations (MiniMax). To detect the impacts, the attacker player creates an attack tree for each state of the game using a modified Extreme Gradient Boosting Decision Tree (that sees numerous compromises ahead). Based on the findings, the proposed model has a high level of security for the web sources used in the experiment.

A Study on the Impact of Security Risk on the Usage of Knowledge Management System : Focus on Parameter of Trust (보안위험 수준이 지식관리시스템의 성공에 미치는 영향 : '신뢰'를 매개변인으로)

  • Ahn, Joong-Ho;Choi, Kyu-Chul;Sung, Ki-Moon;Lee, Jae-Hong
    • The Journal of Society for e-Business Studies
    • /
    • v.15 no.4
    • /
    • pp.143-163
    • /
    • 2010
  • The purpose of this study is to investigate the user's perception of security risk and examine its impact on the usage of Knowledge Management Systems(KMS). The findings of this study are three-fold. First, the overall user's perception of security risk is not high. However, there is a considerably big difference in the perception of security risk among users. This finding means that user's perception of a security risk is not based on the actual security effects but one's individual perception. Another finding is that user's perception of a security risk has a negative impact on the usage of KMS through "trust", which is a mediating variable in our study. This finding corresponds with the existing theory that security risk is oneof the critical sources of trust, and trust is a critical factor of user's acceptance of KMS. Finally, the result of this study reveals that activities devoted to security do not decrease the effectiveness and productivity of KMS. Our long-held cognition that security activity hinders the effectiveness and productivity of an information system is not particularly applied to the KMS.

An Investigation of the Factors that Influence the Compliance to Information Security Policy: From Risk Compensation Theory (정보보안 정책 준수에 영향을 미치는 요인: 위험보상이론 관점에서)

  • Yim, Myung-Seong;Han, Kun Hee
    • Journal of Digital Convergence
    • /
    • v.11 no.10
    • /
    • pp.153-168
    • /
    • 2013
  • Information security has been a major concern in organizations. The longstanding question of how to improve employees security behaviors and reduce human errors remains unanswered and requires further exploration in the information security domain. To do this, we propose a risk compensation theory-based model and examine the model. Research results shows that the relationships between information security countermeasures and information security compliance intention of employees are moderated by system vulnerability. However, the finding is contrary to the previously held risk compensation assumption and deserve further study. In addition, system quality does not play a moderator role in the relationship. Conclusions and implications are discussed.

Application of STPA-SafeSec for a cyber-attack impact analysis of NPPs with a condensate water system test-bed

  • Shin, Jinsoo;Choi, Jong-Gyun;Lee, Jung-Woon;Lee, Cheol-Kwon;Song, Jae-Gu;Son, Jun-Young
    • Nuclear Engineering and Technology
    • /
    • v.53 no.10
    • /
    • pp.3319-3326
    • /
    • 2021
  • As a form of industrial control systems (ICS), nuclear instrumentation and control (I&C) systems have been digitalized increasingly. This has raised in turn cyber security concerns. Cyber security for ICS is important because cyber-attacks against ICS can cause not only equipment damage and loss of production but also personal and public safety hazards unlike in general IT environments. Numerous risk analyses have been carried out to enhance the safety of ICS and recently, many studies related to the cyber security of ICS are being conducted. Many existing risk analyses and cyber security studies have considered safety and cyber security separately. However, both safety and cyber security perspectives should be considered when analyzing risks for complex and critical ICS facilities such as nuclear power plants (NPPs). In this paper, the STPA-SafeSec methodology is selected to consider both safety and security perspectives when performing a risk analysis for NPPs in order to assess impacts on the safety by cyber-attacks against the digital I&C systems. The STPA-SafeSec methodology was applied to a test-bed system that simulates a condensate water (CD) system in an NPP. The process of the application up to the development of mitigation strategies is described in detail.

A Study on Supply Chain Risk Management of Automotive (자동차 공급망 위험관리(A-SCRM) 방안 연구)

  • Kim, Dong-won;Han, Keun-hee;Jeon, In-seok;Choi, Jin-yung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.4
    • /
    • pp.793-805
    • /
    • 2015
  • Due to the rise of automotive security problems following automotive safety and the progress of the internet technology leading to a hyper-connected society, guaranteeing the safety of automotive requires security plans in the supply chain assurance and automotive software, and risk management plans for identifying, evaluating, and controlling the risks that may occur from the supply chain since the modern automotive is a Safety Critical system. In this paper, we propose a study on Automotive Supply Chain Risk Management (A-SCRM) procedures by person interested within the automotive Life-Cycle.

A study on the influence of information security in selecting smart-phone (정보보안이 스마트폰 선택에 미치는 영향에 관한 연구)

  • Ahn, Jong-Chang;Lee, Seung-Won;Lee, Ook;Cho, Sung-Phil
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.1
    • /
    • pp.207-214
    • /
    • 2014
  • Recently, smartphone spyware resembles various types of virus components in PCs and has trends getting more and more severe. Users do not perceive the risk factors severely even if smartphone security is very vulnerable in spite of the smartphone spyware growth. Thus, this study observes the influence of information security in selecting smartphone based on the personal inclinations and spyware perceptions. The main variables of study model are such as the degree of personal risk-accepting and the risk of smartphone spyware as independent variables and smartphone purchasing intention as a dependent variable. The model is tested using SPSS 21 packages on the effective 200 samples gathered through questionnaire survey on the present smartphone users. As a result, the two main hypotheses which are "the degree of personal risk-accepting will influence on the perceiving risk of smartphone spyware" and "the perceiving risk of smartphone spyware will influence on smartphone purchasing intention" were significant statistically. Therefore, we could find out information security's influence on the selecting smartphone.

Security Risk Evaluation Scheme for Effective Threat Management (효과적인 위협관리를 위한 보안 위험도 평가기법)

  • Kang, Pil-Yong
    • Journal of KIISE:Computer Systems and Theory
    • /
    • v.36 no.5
    • /
    • pp.380-386
    • /
    • 2009
  • It is most important that identifying security threats(or vulnerabilities) of critical IT assets and checking the propriety of related security countermeasures in advance for enhancing security level. In this paper, we present a new security risk evaluation scheme based on critical assets and threats for this. The presented scheme provides the coverage and propriety of the countermeasures(e.g., intrusion detection rules and vulnerability scan rules, etc.), and the quantitative risk level of identified assets and threats. So, it is expected that the presented scheme will be utilized in threat management process efficiently compared to previous works.

FLORA: Fuzzy Logic - Objective Risk Analysis for Intrusion Detection and Prevention

  • Alwi M Bamhdi
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.5
    • /
    • pp.179-192
    • /
    • 2023
  • The widespread use of Cloud Computing, Internet of Things (IoT), and social media in the Information Communication Technology (ICT) field has resulted in continuous and unavoidable cyber-attacks on users and critical infrastructures worldwide. Traditional security measures such as firewalls and encryption systems are not effective in countering these sophisticated cyber-attacks. Therefore, Intrusion Detection and Prevention Systems (IDPS) are necessary to reduce the risk to an absolute minimum. Although IDPSs can detect various types of cyber-attacks with high accuracy, their performance is limited by a high false alarm rate. This study proposes a new technique called Fuzzy Logic - Objective Risk Analysis (FLORA) that can significantly reduce false positive alarm rates and maintain a high level of security against serious cyber-attacks. The FLORA model has a high fuzzy accuracy rate of 90.11% and can predict vulnerabilities with a high level of certainty. It also has a mechanism for monitoring and recording digital forensic evidence which can be used in legal prosecution proceedings in different jurisdictions.