Abstract: Information system risk management helps to reduce
or eliminate risk by implementing appropriate controls. In this paper,
we propose a quantification model of controls impact on information
system risks by automatizing the residual criticality estimation step of
FMECA which is based on a inductive reasoning. For this, we defined
three equations based on type and maturity of controls. For testing,
the values obtained with the model were compared to estimated
values given by interlocutors during different working sessions and
the result is satisfactory. This model allows an optimal assessment of
controls maturity and facilitates risk analysis of information system.
Abstract: The purpose of this paper is to contribute to the
enhancement of a hydroelectric plant protection by coordinating
protection measures / existing security and introducing new measures
under a risk management process. In addition, plan identifies key
critical elements of a hydroelectric plant, from its level vulnerabilities
and threats it is subjected to in order to achieve the necessary
protection measures to reduce the level of risk.
Abstract: In order to be capable of dealing with uncertainties,
subjectivities, including vagueness arising in building construction
projects, the application of fuzzy reasoning technique based on fuzzy
set theory is proposed. This study contributes significantly to the
development of a fuzzy reasoning safety risk assessment model for
building construction projects that could be employed to assess the
risk magnitude of each hazardous event identified during
construction, and a third parameter of probability of consequence is
incorporated in the model. By using the proposed safety risk analysis
methodology, more reliable and less ambiguities, which provide the
safety risk management project team for decision-making purposes.
Abstract: The popularity of quality management system models
continues to grow despite the transitional crisis in 2008. Their
development is associated with demands of the new requirements for
entrepreneurs, such as risk analysis projects and more emphasis on
supervision of outsourced processes. In parallel, it is appropriate to
focus attention on the selection of companies aspiring to a quality
management system. This is particularly important in the automotive
supplier industry, where requirements transferred to the levels in the
supply chain should be clear, transparent and fairly satisfied. The
author has carried out a series of researches aimed at finding the
factors that allow for the effective implementation of the quality
management system in automotive companies. The research was
focused on four groups of companies: 1) manufacturing (parts and
assemblies for the purpose of sale or for vehicle manufacturers), 2)
service (repair and maintenance of the car) 3) services for the
transport of goods or people, 4) commercial (auto parts and vehicles).
The identified determinants were divided into two types of criteria:
internal and external, as well as hard and soft. The article presents the
hard – technical factors that an automotive company must meet in
order to achieve the goal of the quality management system
implementation.
Abstract: Risk analysis is considered as a fundamental aspect
relevant for ensuring the level of critical infrastructure protection,
where the critical infrastructure is seen as system, asset or its part
which is important for maintaining the vital societal functions. Article
actually discusses and analyzes the potential application of selected
tools of information support for the implementation and within the
framework of risk analysis and critical infrastructure protection. Use
of the information in relation to their risk analysis can be viewed as a
form of simplifying the analytical process. It is clear that these
instruments (information support) for these purposes are countless, so
they were selected representatives who have already been applied in
the selected area of critical infrastructure, or they can be used. All
presented fact were the basis for critical infrastructure resilience
evaluation methodology development.
Abstract: It is widely believed that mobile device is a promising technology for lending the opportunity for the third wave of electronic commerce. Mobile devices have changed the way companies do business. Many applications are under development or being incorporated into business processes. In this day, mobile applications are a vital component of any industry strategy.One of the greatest benefits of selling merchandise and providing services on a mobile application is that it widens a company’s customer base significantly.Mobile applications are accessible to interested customers across regional and international borders in different electronic business (e-business) area. But there is a dark side to this success story. The security risks associated with mobile devices and applications are very significant. This paper introduces a broad risk analysis for the various threats, vulnerabilities, and risks in mobile e-business applications and presents some important risk mitigation approaches. It reviews and compares two different frameworks for security assurance in mobile e-business applications. Based on the comparison, the paper suggests some recommendations for applications developers and business owners in mobile e-business application development process.
Abstract: A key issue in seismic risk analysis within the context
of Performance-Based Earthquake Engineering is the evaluation of
the expected seismic damage of structures under a specific
earthquake ground motion. The assessment of the seismic
performance strongly depends on the choice of the seismic Intensity
Measure (IM), which quantifies the characteristics of a ground
motion that are important to the nonlinear structural response. Several
conventional IMs of ground motion have been used to estimate their
damage potential to structures. Yet, none of them has been proved to
be able to predict adequately the seismic damage. Therefore,
alternative, scalar intensity measures, which take into account not
only ground motion characteristics but also structural information
have been proposed. Some of these IMs are based on integration of
spectral values over a range of periods, in an attempt to account for
the information that the shape of the acceleration, velocity or
displacement spectrum provides. The adequacy of a number of these
IMs in predicting the structural damage of 3D R/C buildings is
investigated in the present paper. The investigated IMs, some of
which are structure specific and some are non structure-specific, are
defined via integration of spectral values. To achieve this purpose
three symmetric in plan R/C buildings are studied. The buildings are
subjected to 59 bidirectional earthquake ground motions. The two
horizontal accelerograms of each ground motion are applied along
the structural axes. The response is determined by nonlinear time
history analysis. The structural damage is expressed in terms of the
maximum interstory drift as well as the overall structural damage
index. The values of the aforementioned seismic damage measures
are correlated with seven scalar ground motion IMs. The comparative
assessment of the results revealed that the structure-specific IMs
present higher correlation with the seismic damage of the three
buildings. However, the adequacy of the IMs for estimation of the
structural damage depends on the response parameter adopted.
Furthermore, it was confirmed that the widely used spectral
acceleration at the fundamental period of the structure is a good
indicator of the expected earthquake damage level.
Abstract: This paper deals with a simulation programs and
technologies using in the educational process for members of the crisis
management. Risk analysis, simulation, preparation and planning are
among the main activities of workers of crisis management. Made
correctly simulation of emergency defines the extent of the danger. On
this basis, it is possible to effectively prepare and plan measures to
minimize damage. The paper is focused on simulation programs that
are trained at the University of Defence. Implementation of the outputs
from simulation programs in decision-making processes of crisis staffs
is one of the main tasks of the research project.
Abstract: Bureaucracy reform program drives Indonesian
government to change their management to enhance their
organizational performance. Information technology became one of
strategic plan that organization tried to improve. Knowledge
management system is one of information system that supporting
knowledge management implementation in government which
categorized as people perspective, because this system has high
dependency in human interaction and participation. Strategic plan for
developing knowledge management system can be determine using
some of information system strategic methods. This research
conducted to define type of strategic method of information system,
stage of activity each method, strength and weakness. Literature
review methods used to identify and classify strategic methods of
information system, differentiate method type, categorize common
activities, strength and weakness. Result of this research are
determine and compare six strategic information system methods,
Balanced Scorecard and Risk Analysis believe as common strategic
method that usually used and have the highest excellence strength.
Abstract: FMEA has been used for several years and proved its efficiency for system’s risk analysis due to failures. Risk priority number found in FMEA is used to rank failure modes that may occur in a system. There are some guidelines in the literature to assign the values of FMEA components known as Severity, Occurrence and Detection. This paper propose a method to assign the value for occurrence in more realistic manner representing the state of the system under study rather than depending totally on the experience of the analyst. This method uses the hazard function of a system to determine the value of occurrence depending on the behavior of the hazard being constant, increasing or decreasing.
Abstract: Safe drinking water is one of the biggest issues facing
the planet this century. The primary aim of this paper is to present our
research focused on theoretical and experimental analysis of potable
water and in-building water distribution systems from the point of
view of microbiological risk on the basis of confrontation between
the theoretical analysis and synthesis of gathered information in
conditions of the Slovak Republic. The presence of the bacteria
Legionella in water systems, especially in hot water distribution
system, represents in terms of health protection of inhabitants the
crucial problem which cannot be overlooked. Legionella
pneumophila discovery, its classification and its influence on
installations inside buildings are relatively new. There are a lot of
guidelines and regulations developed in many individual countries for
the design, operation and maintenance for tap water systems to avoid
the growth of bacteria Legionella pneumophila, but in Slovakia we
don-t have any. The goal of this paper is to show the necessity of
prevention and regulations for installations inside buildings verified
by simulation methods.
Abstract: Over the years, there is a growing trend towards
quality-based specifications in highway construction. In many
Quality Control/Quality Assurance (QC/QA) specifications, the
contractor is primarily responsible for quality control of the process,
whereas the highway agency is responsible for testing the acceptance
of the product. A cooperative investigation was conducted in Illinois
over several years to develop a prototype End-Result Specification
(ERS) for asphalt pavement construction. The final characteristics of
the product are stipulated in the ERS and the contractor is given
considerable freedom in achieving those characteristics. The risk for
the contractor or agency depends on how the acceptance limits and
processes are specified. Stochastic simulation models are very useful
in estimating and analyzing payment risk in ERS systems and these
form an integral part of the Illinois-s prototype ERS system. This
paper describes the development of an innovative methodology to
estimate the variability components in in-situ density, air voids and
asphalt content data from ERS projects. The information gained from
this would be crucial in simulating these ERS projects for estimation
and analysis of payment risks associated with asphalt pavement
construction. However, these methods require at least two parties to
conduct tests on all the split samples obtained according to the
sampling scheme prescribed in present ERS implemented in Illinois.
Abstract: The paper evaluates several hundred one-day-ahead
VaR forecasting models in the time period between the years 2004
and 2009 on data from six world stock indices - DJI, GSPC, IXIC,
FTSE, GDAXI and N225. The models model mean using the ARMA
processes with up to two lags and variance with one of GARCH,
EGARCH or TARCH processes with up to two lags. The models are
estimated on the data from the in-sample period and their forecasting
accuracy is evaluated on the out-of-sample data, which are more
volatile. The main aim of the paper is to test whether a model
estimated on data with lower volatility can be used in periods with
higher volatility. The evaluation is based on the conditional coverage
test and is performed on each stock index separately. The primary
result of the paper is that the volatility is best modelled using a
GARCH process and that an ARMA process pattern cannot be found
in analyzed time series.
Abstract: Security risk models have been successful in estimating the likelihood of attack for simple security threats. However, modeling complex system and their security risk is even a challenge. Many methods have been proposed to face this problem. Often difficult to manipulate, and not enough all-embracing they are not as famous as they should with administrators and deciders. We propose in this paper a new tool to model big systems on purpose. The software, takes into account attack threats and security strength.
Abstract: In recent years, the number of natural disasters in Laos has a trend to increase, especially the disaster of flood. To make a flood plan risk management in the future, it is necessary to understand and analyze the characteristics of the rainfall and Mekong River level data. To reduce the damage, this paper presents the flood risk analysis in Luangprabang and Vientiane, the prefecture of Laos. In detail, the relationship between the rainfall and the Mekong River level has evaluated and appropriate countermeasure for flood was discussed.
Abstract: In this paper, a strategy for long-span bridge disaster response was developed, divided into risk analysis, business impact analysis, and emergency response plan. At the risk analysis stage, the critical risk was estimated. The critical risk was “car accident."The critical process by critical-risk classification was assessed at the business impact analysis stage. The critical process was the task related to the road conditions and traffic safety. Based on the results of the precedent analysis, an emergency response plan was established. By making the order of the standard operating procedures clear, an effective plan for dealing with disaster was formulated. Finally, a prototype software was developed based on the research findings. This study laid the foundation of an information-technology-based disaster response guideline and is significant in that it computerized the disaster response plan to improve the plan-s accessibility.
Abstract: Global environmental changes lead to increased frequency and scale of natural disaster, Taiwan is under the influence of global warming and extreme weather. Therefore, the vulnerability was increased and variability and complexity of disasters is relatively enhanced. The purpose of this study is to consider the source and magnitude of hazard characteristics on the tourism industry. Using modern risk management concepts, integration of related domestic and international basic research, this goes beyond the Taiwan typhoon disaster risk assessment model and evaluation of loss. This loss evaluation index system considers the impact of extreme weather, in particular heavy rain on the tourism industry in Taiwan. Consider the extreme climate of the compound impact of disaster for the tourism industry; we try to make multi-hazard risk assessment model, strategies and suggestions. Related risk analysis results are expected to provide government department, the tourism industry asset owners, insurance companies and banking include tourist disaster risk necessary information to help its tourism industry for effective natural disaster risk management.
Abstract: Reliability assessment and risk analysis of rotating
machine rotors in various overload and malfunction situations
present challenge to engineers and operators. In this paper a new
analytical method for evaluation of rotor under large deformation is
addressed. Model is presented in general form to include also
composite rotors. Presented simulation procedure is based on
variational work method and has capability to account for geometric
nonlinearity, large displacement, nonlinear support effect and rotor
contacting other machine components. New shape functions are
presented which capable to predict accurate nonlinear profile of
rotor. The closed form solutions for various operating and
malfunction situations are expressed. Analytical simulation results
are discussed
Abstract: Despite various methods that exist in software risk management, software projects have a high rate of failure. When complexity and size of the projects are increased, managing software development becomes more difficult. In these projects the need for more analysis and risk assessment is vital. In this paper, a classification for software risks is specified. Then relations between these risks using risk tree structure are presented. Analysis and assessment of these risks are done using probabilistic calculations. This analysis helps qualitative and quantitative assessment of risk of failure. Moreover it can help software risk management process. This classification and risk tree structure can apply to some software tools.
Abstract: Information and communication service providers
(ICSP) that are significant in size and provide Internet-based services
take administrative, technical, and physical protection measures via
the information security check service (ISCS). These protection
measures are the minimum action necessary to secure the stability and
continuity of the information and communication services (ICS) that
they provide. Thus, information assets are essential to providing ICS,
and deciding the relative importance of target assets for protection is a
critical procedure. The risk analysis model designed to decide the
relative importance of information assets, which is described in this
study, evaluates information assets from many angles, in order to
choose which ones should be given priority when it comes to
protection. Many-sided risk analysis (MSRS) grades the importance of
information assets, based on evaluation of major security check items,
evaluation of the dependency on the information and communication
facility (ICF) and influence on potential incidents, and evaluation of
major items according to their service classification, in order to
identify the ISCS target. MSRS could be an efficient risk analysis
model to help ICSPs to identify their core information assets and take
information protection measures first, so that stability of the ICS can
be ensured.