• Journal of Korean Society for Quality Management
• /
• v.44 no.2
• /
• pp.373-388
• /
• 2016

Purpose: This paper suggests a hierarchical time delay model to evaluate failure risks in FMEA(failure modes and effects analysis). In place of the conventional RPN(risk priority number), a more reasonable and objective risk metric is proposed under hierarchical failure cause structure considering time delay between a failure mode and its causes. Methods: The structure of failure modes and their corresponding causes are analyzed together with the time gaps between occurrences of causes and failures. Assuming the severity of a failure depends on the length of the delayed time for corrective action, a severity model is developed. Using the expected severity, a risk priority metric is defined. Results: For linear and quadratic types of severity, nice forms of expected severity are derived and a meaningful metric for risk evaluation is defined. Conclusion: The suggested REM(risk evaluation metric) provides a more reasonable and objective risk measure than the conventional RPN for FMEA.

• Journal of the Korean Society of Safety
• /
• v.33 no.3
• /
• pp.83-91
• /
• 2018

This paper suggests a weibull time delay model to evaluate failure risks in FMEA(failure modes and effects analysis). Assuming three types of loss functions for delayed time in failure cause detection, the risk of each failure cause is evaluated as its occurring frequency and expected loss. Since the closed form solution of the risk metric cannot be obtained, a statistical computer software R program is used for numerical calculation. When the occurrence and detection times have a common shape parameter, though, some simple results of mathematical derivation are also available. As an enormous quantity of field data becomes available under recent progress of data acquisition system, the proposed risk metric will provide a more practical and reasonable tool for evaluating the risks of failure causes in FMEA.

• Journal of Korean Society for Quality Management
• /
• v.42 no.4
• /
• pp.543-562
• /
• 2014

Purpose: The purpose of this study is to suggest a modified approach that compensates some shortcomings of RPN with relevant strength of ASIL for Safety System and suggests systematic and logical approach for FMEA. Methods: By comparing the objectives, determination procedures, and key conceptual differences of RPN and ASIL, a refined method of risk evaluation and a new risk metric are devised. Results: While the traditional FMEA provides only rough evaluation of relative risk for each failure, the proposed method compensates its shortcomings with relevant strength of ASIL and provides a more logical and practical procedure of risk evaluation. Conclusion: The new metric RPM provides not only a comparative priority rank but also the degree of physical seriousness. Besides, it may have even more benefits for various applications if the severity can be expressed as mone tary amount of losses.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.2
• /
• pp.138-153
• /
• 2010

The interactions between people who do not know each other have been greatly increased with the on-going increase of people's cyberspace activities. In this situation, there exist potential risk factors such as the possibility of fraud, so we need a method to reduce or eliminate those risk factors. Concerning this necessity, rating systems are widely used, and many trust metrics calculated from rate values that people give to each other are proposed to help them make decisions. However, the trust metrics decrease the accuracy, and this is caused by the different rating scales and ranges of each person. So, we propose a fuzzy adjustment method to solve this problem. It is possible to catch the exact meaning of the trust value that each person selects through applying fuzzy sets, which improve the accuracy of the trust metric calculated from the trust values. We have applied our fuzzy adjustment method to the TidalTrust algorithm, a representative algorithm for calculating the local scalar trust metric, and we performed an experimental evaluation with four data sets and three evaluation methods.

• Journal of Digital Convergence
• /
• v.15 no.6
• /
• pp.219-227
• /
• 2017

Network access control should be able to effectively block security threats to the IT infrastructure, such as unauthorized access of unauthorized users and terminals, and illegal access of employees to internal servers. From this perspective, it is necessary to build metrics based on relevant standards to ensure that security is being met. Therefore, it is necessary to organize the method for security evaluation of NAC according to the related standards. Therefore, this study builds a model that combines the security evaluation part of ISO / IEC 15408 (CC: Common Criteria) and ISO 25000 series to develop security metric of network access control system. For this purpose, we analyzed the quality requirements of the network access control system and developed the convergence evaluation metric for security of the two international standards. It can be applied to standardization of evaluation method for network access control system in the future by constructing evaluation model of security quality level of network access control system.

• Journal of the Korean Society of Safety
• /
• v.31 no.4
• /
• pp.136-142
• /
• 2016

The FMEA is a widely used technique to pre-evaluate and avoid risks due to potential failures for developing an improved design. The conventional FMEA does not consider the possible time gap between occurrence and detection of failure cause. When a failure cause is detected and corrected before the failure itself occurs, there will be no other effect except the correction cost. But, if its cause is detected after the failure actually occurs, its effects will become more severe depending on the duration of the uncorrected failure. Taking this situation into account, a risk metric is developed as an alternative to the RPN of the conventional FMEA. The severity of a failure effect is first modeled as linear and quadratic severity functions of undetected failure time duration. Assuming exponential probability distribution for occurrence and detection time of failures and causes, the expected severity is derived for each failure cause. A new risk metric REM is defined as the product of a failure cause occurrence rate and the expected severity of its corresponding failure. A numerical example and some discussions are provided for illustration.

• Journal of Digital Convergence
• /
• v.15 no.12
• /
• pp.303-311
• /
• 2017

As new information technology emerges, companies are introducing an Enterprise Security Management system to cope with new security threats, reducing redundant investments and waste of resources and counteracting security threats. Therefore, it is necessary to construct a security evaluation metric based on related standards to demonstrate that the Enterprise Security Management(ESM) System meets security. Therefore, in order to construct a metric for evaluating the security of the ESM, this study analyzed the security quality related requirements of the ESM and constructed a metric for measuring the degree of satisfaction. This metric provides synergies through the unification of security assessments that comply with ISO/IEC 15408 and ISO/IEC 25000 standards. It is expected that the evaluation model of the security quality level of ESM will be established and the evaluation method of ESM will be standardized in the future.

• Safety and Health at Work
• /
• v.8 no.2
• /
• pp.206-211
• /
• 2017

Background: Self-reported low back pain (LBP) has been evaluated in relation to material handling lifting tasks, but little research has focused on relating quantifiable stressors to LBP at the individual level. The National Institute for Occupational Safety and Health (NIOSH) Composite Lifting Index (CLI) has been used to quantify stressors for lifting tasks. A chemical exposure can be readily used as an exposure metric or stressor for chemical risk assessment (RA). Defining and quantifying lifting nonchemical stressors and related adverse responses is more difficult. Stressor-response models appropriate for CLI and LBP associations do not easily fit in common chemical RA modeling techniques (e.g., Benchmark Dose methods), so different approaches were tried. Methods: This work used prospective data from 138 manufacturing workers to consider the linkage of the occupational stressor of material lifting to LBP. The final model used a Bayesian random threshold approach to estimate the probability of an increase in LBP as a threshold step function. Results: Using maximal and mean CLI values, a significant increase in the probability of LBP for values above 1.5 was found. Conclusion: A risk of LBP associated with CLI values > 1.5 existed in this worker population. The relevance for other populations requires further study.

• Earthquakes and Structures
• /
• v.14 no.6
• /
• pp.577-587
• /
• 2018

The quantitative assessment of the seismic collapse risk of a structure requires the usage of an optimal intensity measure (IM) which can adequately characterise the severity of the ground motion. Research suggests that the average spectral acceleration ($Sa_{avg}$) may be an efficient and sufficient alternate IM as compared to the more traditional first mode spectral acceleration, $Sa(T_1)$, particularly during seismic collapse risk estimation. This study primarily presents a comparative evaluation of the sufficiency of the average spectral acceleration with respect to ground motion duration, and secondarily assesses the impact of ground motion duration on collapse risk estimation. By assembling a suite of 100 historical ground motions, incremental dynamic analysis of 60 different inelastic single-degree-of-freedom (SDF) oscillators with varying periods and ductility capacities were analysed, and collapse risk estimates obtained. Linear regression models are used to comparatively quantify the sufficiency of $Sa_{avg}$ and $Sa(T_1)$ using four significant duration metrics. Results suggests that an improved sufficiency may exist for $Sa_{avg}$ when the period of the SDF system increases, particularly beyond 0.5, as compare to $Sa(T_1)$. In reference to the ground motion duration measures, results indicated that the sufficiency of $Sa_{avg}$ is more sensitive to significant duration definitions that consider almost the full wave train of an accelerogram ($SD_{a5-95}$ and $SD_{v5-95}$). In order to obtain a reduced variability of the collapse risk estimate, the 5-95% significant duration metric defined using the Arias integral ($SD_{a5-95}$) should be used for seismic collapse risk estimation in conjunction with $Sa_{avg}$.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.53-60
• /
• 2024

Security assessment is an indispensable process for a secure network, and appropriate performance indicators must be present to manage risks. The most widely used quantitative indicator is CVSS. CVSS has a problem that it cannot consider context in terms of subjectivity, complexity of interpretation, and security risks. To compensate for these problems, we propose indicators that itemize and quantify four things: attackers, threats, responses, and assets, taking into account the security context of ISO/IEC 15408 documents. Vulnerabilities discovered through network scanning can be mapped to MITREATT&CK's technology by the connection between weaknesses and attack patterns (CAPEC). We use MITREATT&CK's Groups, Tactic, and Mitigations to produce consistent and intuitive scores. Accordingly, it is expected that security evaluation managers will have a positive impact on strengthening security such as corporate networks by expanding the range of choices among security indicators from various perspectives.