• 품질경영학회지
• /
• 제44권2호
• /
• pp.373-388
• /
• 2016

Purpose: This paper suggests a hierarchical time delay model to evaluate failure risks in FMEA(failure modes and effects analysis). In place of the conventional RPN(risk priority number), a more reasonable and objective risk metric is proposed under hierarchical failure cause structure considering time delay between a failure mode and its causes. Methods: The structure of failure modes and their corresponding causes are analyzed together with the time gaps between occurrences of causes and failures. Assuming the severity of a failure depends on the length of the delayed time for corrective action, a severity model is developed. Using the expected severity, a risk priority metric is defined. Results: For linear and quadratic types of severity, nice forms of expected severity are derived and a meaningful metric for risk evaluation is defined. Conclusion: The suggested REM(risk evaluation metric) provides a more reasonable and objective risk measure than the conventional RPN for FMEA.

• 한국안전학회지
• /
• 제33권3호
• /
• pp.83-91
• /
• 2018

This paper suggests a weibull time delay model to evaluate failure risks in FMEA(failure modes and effects analysis). Assuming three types of loss functions for delayed time in failure cause detection, the risk of each failure cause is evaluated as its occurring frequency and expected loss. Since the closed form solution of the risk metric cannot be obtained, a statistical computer software R program is used for numerical calculation. When the occurrence and detection times have a common shape parameter, though, some simple results of mathematical derivation are also available. As an enormous quantity of field data becomes available under recent progress of data acquisition system, the proposed risk metric will provide a more practical and reasonable tool for evaluating the risks of failure causes in FMEA.

• 품질경영학회지
• /
• 제42권4호
• /
• pp.543-562
• /
• 2014

Purpose: The purpose of this study is to suggest a modified approach that compensates some shortcomings of RPN with relevant strength of ASIL for Safety System and suggests systematic and logical approach for FMEA. Methods: By comparing the objectives, determination procedures, and key conceptual differences of RPN and ASIL, a refined method of risk evaluation and a new risk metric are devised. Results: While the traditional FMEA provides only rough evaluation of relative risk for each failure, the proposed method compensates its shortcomings with relevant strength of ASIL and provides a more logical and practical procedure of risk evaluation. Conclusion: The new metric RPM provides not only a comparative priority rank but also the degree of physical seriousness. Besides, it may have even more benefits for various applications if the severity can be expressed as mone tary amount of losses.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제4권2호
• /
• pp.138-153
• /
• 2010

The interactions between people who do not know each other have been greatly increased with the on-going increase of people's cyberspace activities. In this situation, there exist potential risk factors such as the possibility of fraud, so we need a method to reduce or eliminate those risk factors. Concerning this necessity, rating systems are widely used, and many trust metrics calculated from rate values that people give to each other are proposed to help them make decisions. However, the trust metrics decrease the accuracy, and this is caused by the different rating scales and ranges of each person. So, we propose a fuzzy adjustment method to solve this problem. It is possible to catch the exact meaning of the trust value that each person selects through applying fuzzy sets, which improve the accuracy of the trust metric calculated from the trust values. We have applied our fuzzy adjustment method to the TidalTrust algorithm, a representative algorithm for calculating the local scalar trust metric, and we performed an experimental evaluation with four data sets and three evaluation methods.

• 디지털융복합연구
• /
• 제15권6호
• /
• pp.219-227
• /
• 2017

네트워크 접근제어(Network Access Control)를 통해 IT 인프라에 대한 보안위협 즉, 비인가 사용자, 단말의 네트워크 무단 접속, 직원의 내부 서버 불법접근 등을 효과적으로 차단할 수있어야 한다. 이러한 관점에서는 보안성을 충족시키고 있음을 확실히 하기 위해 관련 표준에 기반을 둔 메트릭 구축이 요구된다. 그러므로 관련 표준에 따른 NAC의 보안성 평가를 위한 방법의 체계화가 필요하다. 따라서 이 연구에서는 네트워크 접근제어시스템의 보안성 메트릭 개발을 위해 ISO/IEC 15408(CC:Common Criteria)과 ISO 25000 시리즈의 보안성 평가 부분을 융합한 모델을 구축하였다. 이를 위해 네트워크 접근제어시스템의 품질 요구사항을 분석하고 두 국제표준의 보안성에 관한 융합 평가메트릭을 개발하였다. 이를 통해 네트워크 접근제어시스템의 보안성 품질수준 평가 모델을 구축하고, 향후 네트워크 접근제어시스템에 대한 평가방법의 표준화에 적용할 수 있을 것으로 사료된다.

• 한국안전학회지
• /
• 제31권4호
• /
• pp.136-142
• /
• 2016

The FMEA is a widely used technique to pre-evaluate and avoid risks due to potential failures for developing an improved design. The conventional FMEA does not consider the possible time gap between occurrence and detection of failure cause. When a failure cause is detected and corrected before the failure itself occurs, there will be no other effect except the correction cost. But, if its cause is detected after the failure actually occurs, its effects will become more severe depending on the duration of the uncorrected failure. Taking this situation into account, a risk metric is developed as an alternative to the RPN of the conventional FMEA. The severity of a failure effect is first modeled as linear and quadratic severity functions of undetected failure time duration. Assuming exponential probability distribution for occurrence and detection time of failures and causes, the expected severity is derived for each failure cause. A new risk metric REM is defined as the product of a failure cause occurrence rate and the expected severity of its corresponding failure. A numerical example and some discussions are provided for illustration.

• 디지털융복합연구
• /
• 제15권12호
• /
• pp.303-311
• /
• 2017

신생 정보기술의 등장에 따른 새로운 보안 위협에 대처하기 위해 기업은 통합보안괸리(Enterprise Security Management)시스템을 도입하고 솔루션 간 상호연동을 통해 중복투자나 자원 낭비를 줄이고 보안 위협에 대처하고 있다. 이에 따라 통합보안관리시스템이 보안성을 충족시킴을 입증하기 위해 관련 표준을 근거로 한 보안성 평가 메트릭의 구축이 필요한 실정이다. 따라서 본 연구에서는 통합보안괸리시스템에 대한 보안성을 평가할 수 있는 메트릭을 구축하기 위해 통합보안괸리시스템의 보안성 품질 관련 요구사항을 분석하고 총족 정도를 측정할 수 있는 메트릭을 구축하였다. 본 메트릭을 통해 ISO/IEC 15408과 ISO/IEC 25000 표준에 부합하는 보안성 평가의 일원화를 통한 시너지 효과를 얻을 수 있다. 이를 통해 통합보안관리시스템의 보안성 품질수준을 평가하는 모델을 구축하고, 향후 통합보안괸리시스템에 대한 평가방법의 표준화를 기할 수 있을 것으로 사료된다.

• Safety and Health at Work
• /
• 제8권2호
• /
• pp.206-211
• /
• 2017

Background: Self-reported low back pain (LBP) has been evaluated in relation to material handling lifting tasks, but little research has focused on relating quantifiable stressors to LBP at the individual level. The National Institute for Occupational Safety and Health (NIOSH) Composite Lifting Index (CLI) has been used to quantify stressors for lifting tasks. A chemical exposure can be readily used as an exposure metric or stressor for chemical risk assessment (RA). Defining and quantifying lifting nonchemical stressors and related adverse responses is more difficult. Stressor-response models appropriate for CLI and LBP associations do not easily fit in common chemical RA modeling techniques (e.g., Benchmark Dose methods), so different approaches were tried. Methods: This work used prospective data from 138 manufacturing workers to consider the linkage of the occupational stressor of material lifting to LBP. The final model used a Bayesian random threshold approach to estimate the probability of an increase in LBP as a threshold step function. Results: Using maximal and mean CLI values, a significant increase in the probability of LBP for values above 1.5 was found. Conclusion: A risk of LBP associated with CLI values > 1.5 existed in this worker population. The relevance for other populations requires further study.

• Earthquakes and Structures
• /
• 제14권6호
• /
• pp.577-587
• /
• 2018

The quantitative assessment of the seismic collapse risk of a structure requires the usage of an optimal intensity measure (IM) which can adequately characterise the severity of the ground motion. Research suggests that the average spectral acceleration ($Sa_{avg}$) may be an efficient and sufficient alternate IM as compared to the more traditional first mode spectral acceleration, $Sa(T_1)$, particularly during seismic collapse risk estimation. This study primarily presents a comparative evaluation of the sufficiency of the average spectral acceleration with respect to ground motion duration, and secondarily assesses the impact of ground motion duration on collapse risk estimation. By assembling a suite of 100 historical ground motions, incremental dynamic analysis of 60 different inelastic single-degree-of-freedom (SDF) oscillators with varying periods and ductility capacities were analysed, and collapse risk estimates obtained. Linear regression models are used to comparatively quantify the sufficiency of $Sa_{avg}$ and $Sa(T_1)$ using four significant duration metrics. Results suggests that an improved sufficiency may exist for $Sa_{avg}$ when the period of the SDF system increases, particularly beyond 0.5, as compare to $Sa(T_1)$. In reference to the ground motion duration measures, results indicated that the sufficiency of $Sa_{avg}$ is more sensitive to significant duration definitions that consider almost the full wave train of an accelerogram ($SD_{a5-95}$ and $SD_{v5-95}$). In order to obtain a reduced variability of the collapse risk estimate, the 5-95% significant duration metric defined using the Arias integral ($SD_{a5-95}$) should be used for seismic collapse risk estimation in conjunction with $Sa_{avg}$.

• 정보보호학회논문지
• /
• 제34권1호
• /
• pp.53-60
• /
• 2024

안전한 네트워크를 위해 보안 평가는 필수불가결한 과정으로, 위험을 관리하기 위해서는 적절한 성능지표가 있어야 한다. 가장 널리 사용하고 있는 정량적 지표로는 CVSS가 있다. CVSS는 주관성과 해석의 복잡성, 보안 위험의 관점에서 맥락을 고려하지 못한다는 문제가 있다. 이러한 문제를 보완하기 위해 ISO/IEC 15408 문서의 보안 개념 및 관계도를 바탕으로 공격자, 위협, 대응, 자산의 4가지를 항목화하고 수치화 하는 지표를 제안한다. 네트워크 스캐닝을 통해 발견된 취약점은 약점, 공격패턴의 연결관계에 의해 MITRE ATT&CK의 기술과 매핑시킬 수 있다. 우리는 MITRE ATT&CK 의 Groups, Tactic, Mitigations을 이용하여 일관성을 가지며 직관적인 점수를 산출한다. 이에 따라 보안 평가 관리자가 다양한 관점의 보안지표 중 선택할 수 있는 폭을 넓히고, 사이버 네트워크의 보안을 강화하는데 긍정적인 영향을 기대한다.