SlideShare a Scribd company logo

Optimization of different objective function in risk assessment system

Alexander Decker
Alexander Decker

International peer-reviewed academic journals call for papers, http://www.iiste.org/Journals

TechnologyBusiness
1 of 6
Download to read offline
Mathematical Theory and Modeling www.iiste.org ISSN 2224-5804 (Paper) ISSN 2225-0522 (Online) Vol.3, No.6, 2013-Selected from International Conference on Recent Trends in Applied Sciences with Engineering Applications 308 Optimization of Different Objective Function in Risk Assessment System SHWETA SINGH Department of Mathematics, Radharaman Institute of Tech., & Science, Bhopal (M.P.) Singh84_s@rediffmail.com G.C. DUBEY Department of Mathematics, Govt. MGM College,Itarsi (M.P.) Gcd.1951@gmail.com RAJESH SHRIVASTAVA Department of Mathematics, Govt. Benazir College,Bhopal, (M.P.) Rajeshraju0101@rediffmail.com Abstract This paper proposes a new definition and conceptual framework for Risk assessment system. Risk assessment is the first process in the risk management methodology Organizations use risk system to determine the extent of the potential threat and the risk associated with an IT system throughout its SDLC. The output of this process helps to identify appropriate controls for eliminating risk and to determine the likelihood of a future adverse event. In this paper we will also discuss the Quantitative versus Qualitative Assessment, their advantage and disadvantages, while conducting the impact analysis. Once all the objective function have be optimized and completed, the results should be documented in an official report. This expanded view of Risk assessment emphasis the double role of risk management instruments, protecting basic livelihood as well as promoting risk taking and protecting basic livelihood. Keywords - Risk assessment, Risk Management, SDLC (System Development life cycle optimization) Introduction Due to technical advancement and needs of the person, the life cycle of product have been shortened. With the customer needs the functional for corporate should be quickly improved in quality for corporate survival. There for the risk factors which occurs during the product development need to be managed in project planning and risk management system. Risk is a function of the likelihood of a given threat-source's a exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization[1][2] The risk assessment methodology encompasses nine primary steps, which is described below: 1. System Characterization 2. Threat Identification 3. Vulnerability 4. Control Analysis 5. Likelihood Determination 6. Impact Analysis 7. Risk Determination 8. Control Recommendations 9. Results Documentation
Mathematical Theory and Modeling www.iiste.org ISSN 2224-5804 (Paper) ISSN 2225-0522 (Online) Vol.3, No.6, 2013-Selected from International Conference on Recent Trends in Applied Sciences with Engineering Applications 309 Figure 1 Risk Assessment Methodology Flow chart
Mathematical Theory and Modeling www.iiste.org ISSN 2224-5804 (Paper) ISSN 2225-0522 (Online) Vol.3, No.6, 2013-Selected from International Conference on Recent Trends in Applied Sciences with Engineering Applications 310 STEP 1- SYSTEM CHARACTERIZATION In assessing risks for an IT system, the first step is to define the scope of the effort. In this step, the boundaries of the IT system are identified, along with the resources and the information that constitute the system. 1.1 System-Related Information Indentifying risk for an IT system requires a keen understanding of the system’s processing environment. The person or persons who conduct the risk assessment must therefore first colled system-related information which is usually classified as follows: • Hardware • Software • System interfaces (e.g. internal and external connectivity) • Data and information • Persons who support and use the IT system • System mission (e.g., the processes performed by the IT system) • System and data criticality (e.g., the system’s value or importance to an organization). • System and data sensitivity. 1.2 Information-Gathering Techniques Any, or a combination, of the following techniques can be used in gathering information relevant to the IT system within the its operational boundary[5] . • Questionnaire • On-site Interviews. • Document Review • Use of Automated Scanning Tool. STEP 2- THREAT IDENTIFICATION A threat is the potential for a particular threat-source to successfully exercise a particular vulnerability. A vulnerability is a weakness that can be accidentally triggered or intentionally exploited. A threat-source does not present a risk when there is no vulnerabilitiy that can be exercised. 2.1 Threat-Source Identification The goal of this step is to identify the potential threat-sources and compile a threat statement listing potential threat-sources that are applicable to the IT system being evaluated. 2.2 Motivation and Threat Actions Motivation and the resources for carrying outan attack make humans potentially dangerous threat- sources. This information will be useful to organizations studying their human threat environments and customizing their human threat statements. STEP 3- VULNERABILITY IDENTIFICATION The analysis of the threat to an IT system must include an analysis of the vulnerabilities associated with the system environment. The goal of this step is to develop a list of system vulnerabilities (flaws or weaknesses) that could be exploited by the potential threat-sources. 3.1 Vulnerability Sources The technical and nontechnical vulnerabilities associated with an IT system’s processing environment can be identified via the information-gathering techniques described in. 3.2 System Security Testing Proactive methods, employing system testing, can be used to identify system vulnerabilities effieciently, depending on the criticality of the IT system and available resources. • Automated vulnerability scanning tool. • Security test and evaluation (ST & E) • Penetration testing. 3.3 Development of Security Requirements Checklist During this step, the risk assessment personnel determine whether the security requirements stipulated for the IT system and collected during system characterization are being met by existing or planned security controls. • Management • Operational • Technical STEP 4- CONTROL ANALYSIS
Mathematical Theory and Modeling www.iiste.org ISSN 2224-5804 (Paper) ISSN 2225-0522 (Online) Vol.3, No.6, 2013-Selected from International Conference on Recent Trends in Applied Sciences with Engineering Applications 311 The goal of this step is to analyze the controls that have been implemented, or are planned for implementation, by the organization to minimize or eliminate the likelihood (or probability) of a threat’s exercising a system vulnerability. STEP 5- LIKELIHOOD DETERMINATION To derive an overall likelihood rating that indicates the probability that a potential vulnerability may be exercised within the construct of the associated threat environment, the following governing factors must be considered: • Threat-source motivation and capability • Nature of the vulnerability • Existence and effectiveness of current controls. STEP 6- IMPACT ANALYSIS The Next major step in measureing level of risk is to determine the adverse impact resulting from a successful threat exercise of a vulnerability. Before beginning the impact analysis, it is necessary to obtain the following necessary informationg as discussed: • System mission (e.g., the processes performed by the IT system) • System and data criticality (e.g., the system’s value or importance to an organization). • System and data sensitivity. STEP 7- RISK DETERMINATION The purpose of this step is to assess the level of risk to the IT system. The determination of risk for a particualar threat/vulnerability pair can be expressed as a function of- • The likelihood of a given threat-source’s attempting to excrexcise a given vulnerability. • The magnitude of the impact should a threat-source successfully exercise the vulnerability. • The adequacy of planned or existing security controls for reducing or eliminating risk. Table-1 Risk-Level Matrix Threat Likelihood Impact Low (10) Medium (50) High (100) High (1.0) Low 10X1.0=10 Medium 50X1.0=50 High 100X1.0=100 Medium (0.5) Low 10X0.5=5 Medium 50X0.5=25 High 100X0.5=50 Low (0.1) Low 10X0.1=1 Medium 50X0.1=5 High 100X0.1=10 Risk Scale : High (>50 to 100); Medium (>10 to 50); Low (1 to 10)8 Table 2 Risk Scale and Necessary Actions Risk Level Risk Description and Necessary Actions High It an observation or finding is evaluated as a high risk, there is a strong need for corrective measures. An existing system may continue ot operate, but a corrective action plan must be put in place as soon as possible. Medium If an observation is rated as medium risk, corrective actions are neede and a plan must be developed to incorporate these actions within a reasonable period of time. Low If an observation is described as low risk the system’s DAA must determine whether corrective actions are still required or decide to accept the risk STEP 8 - CONTROL RECOMMENDATIONS During this step of the process, controls that could mitigate or eliminate the identified risks, as appropriate to the organization’s operation, are provided. The goal of the recommended controls is to reduce the level of risk to the IT system and its data to an acceptable level. The following factors should be considered in recommending control and alternative solutions to minimize or eliminate identified risks: • Effectiveness of recommended options (e.g. system compatibility) • Legislation and regulation • Organizational policy • Operational impact • Safety and reliability
Mathematical Theory and Modeling www.iiste.org ISSN 2224-5804 (Paper) ISSN 2225-0522 (Online) Vol.3, No.6, 2013-Selected from International Conference on Recent Trends in Applied Sciences with Engineering Applications 312 STEP 9 - RESULTS DOCUMENTATION Once the risk assessment has been completed (threat-sources and vulnerabilities identified, risks assessed, and recommended controls provided), the results should be documented in an official report or briefing. CONCLUSION A risk assessment report is a management report that helps senior management, the mission owners, make decisions on policy, procedural, budget and system operational and management changes. Unlike an audit or investigation report, which looks for wrongdoing, a risk assessment report should not be presented in an accusatory manner but as a systematic and analytical approach to assessing risk so that senior mmanagement will understand the risks and allocate resources to reduce and correct potential losses. For this reason, some people prefer to address the threat/vulnerability pairs as observations instead of findings in the risk assessment report. References - 1. J. Coppendale, “Manage risk in product and process development and avoid unpleasant surprises” Journal of Engineering Management, Vol.5, pp.33-38 2. L.P. Cooper, “ A research agenda to reduce risk in new product development through knowledge management: a practitioner perspective,” Journal of Engineering and Technology Management, 2003 3. P.K. Dey, “ Project Risk Management : A combined Analytic Hierarchy process and decision tree Approach,” cost Engineering, 44,2002. 4. H.G. Choi and J.O. Ahn, “Risk analysis models and risk degree determination in new product development: A case study” Journal of Engineering and Technology Management, pp. 110- 114. 2010. 5. D.W. Choi, J.S.Kim, and H.G. Choi, “Determination of Integrated Risk degrees in product development project,” Proceeding of the world congress on Engineering and computer science 2009, Vol.II, 2009.
This academic article was published by The International Institute for Science, Technology and Education (IISTE). The IISTE is a pioneer in the Open Access Publishing service based in the U.S. and Europe. The aim of the institute is Accelerating Global Knowledge Sharing. More information about the publisher can be found in the IISTE’s homepage: http://www.iiste.org CALL FOR PAPERS The IISTE is currently hosting more than 30 peer-reviewed academic journals and collaborating with academic institutions around the world. There’s no deadline for submission. Prospective authors of IISTE journals can find the submission instruction on the following page: http://www.iiste.org/Journals/ The IISTE editorial team promises to the review and publish all the qualified submissions in a fast manner. All the journals articles are available online to the readers all over the world without financial, legal, or technical barriers other than those inseparable from gaining access to the internet itself. Printed version of the journals is also available upon request of readers and authors. IISTE Knowledge Sharing Partners EBSCO, Index Copernicus, Ulrich's Periodicals Directory, JournalTOCS, PKP Open Archives Harvester, Bielefeld Academic Search Engine, Elektronische Zeitschriftenbibliothek EZB, Open J-Gate, OCLC WorldCat, Universe Digtial Library , NewJour, Google Scholar

Recommended

Risk Assessment: Approach to enhance Network Security
Risk Assessment: Approach to enhance Network SecurityRisk Assessment: Approach to enhance Network Security
Risk Assessment: Approach to enhance Network SecurityIJCSIS Research Publications
 
Igene - PhD SICSA Poster Presentation
Igene - PhD SICSA Poster PresentationIgene - PhD SICSA Poster Presentation
Igene - PhD SICSA Poster PresentationNetzone Resources Nig. Ltd.
 
Risk assessment of information production using extended risk matrix approach
Risk assessment of information production using extended risk matrix approachRisk assessment of information production using extended risk matrix approach
Risk assessment of information production using extended risk matrix approachTELKOMNIKA JOURNAL
 
50320130403010
5032013040301050320130403010
50320130403010IAEME Publication
 
A Survey On Genetic Algorithm For Intrusion Detection System
A Survey On Genetic Algorithm For Intrusion Detection SystemA Survey On Genetic Algorithm For Intrusion Detection System
A Survey On Genetic Algorithm For Intrusion Detection SystemIJARIIE JOURNAL
 
Risk Equation
Risk EquationRisk Equation
Risk EquationAdesh Rampat
 
Risk assessment tools and techniques
Risk assessment tools and techniquesRisk assessment tools and techniques
Risk assessment tools and techniquesAhmad Azwang Aisram Omar
 
Dj24712716
Dj24712716Dj24712716
Dj24712716IJERA Editor
 

Recommended

Risk Assessment: Approach to enhance Network Security
Risk Assessment: Approach to enhance Network SecurityRisk Assessment: Approach to enhance Network Security
Risk Assessment: Approach to enhance Network SecurityIJCSIS Research Publications
 
Igene - PhD SICSA Poster Presentation
Igene - PhD SICSA Poster PresentationIgene - PhD SICSA Poster Presentation
Igene - PhD SICSA Poster PresentationNetzone Resources Nig. Ltd.
 
Risk assessment of information production using extended risk matrix approach
Risk assessment of information production using extended risk matrix approachRisk assessment of information production using extended risk matrix approach
Risk assessment of information production using extended risk matrix approachTELKOMNIKA JOURNAL
 
50320130403010
5032013040301050320130403010
50320130403010IAEME Publication
 
A Survey On Genetic Algorithm For Intrusion Detection System
A Survey On Genetic Algorithm For Intrusion Detection SystemA Survey On Genetic Algorithm For Intrusion Detection System
A Survey On Genetic Algorithm For Intrusion Detection SystemIJARIIE JOURNAL
 
Risk Equation
Risk EquationRisk Equation
Risk EquationAdesh Rampat
 
Risk assessment tools and techniques
Risk assessment tools and techniquesRisk assessment tools and techniques
Risk assessment tools and techniquesAhmad Azwang Aisram Omar
 
Dj24712716
Dj24712716Dj24712716
Dj24712716IJERA Editor
 
Octav ethreat profiles
Octav ethreat profilesOctav ethreat profiles
Octav ethreat profilesFrancis Esquivel Cuenca
 
Preliminary Hazard Analysis (PHA): New hybrid approach to railway risk analysis
Preliminary Hazard Analysis (PHA): New hybrid approach to railway risk analysisPreliminary Hazard Analysis (PHA): New hybrid approach to railway risk analysis
Preliminary Hazard Analysis (PHA): New hybrid approach to railway risk analysisIRJESJOURNAL
 
Risk assessment managment and risk based audit approach
Risk assessment managment and risk based audit approachRisk assessment managment and risk based audit approach
Risk assessment managment and risk based audit approachn|u - The Open Security Community
 
Ch9
Ch9Ch9
Ch9phanleson
 
Fault tree analysis
Fault tree analysisFault tree analysis
Fault tree analysisMudit M. Saxena
 
Review Paper on Recovery of Data during Software Fault
Review Paper on Recovery of Data during Software FaultReview Paper on Recovery of Data during Software Fault
Review Paper on Recovery of Data during Software FaultAM Publications
 
Attack graph based risk assessment and optimisation approach
Attack graph based risk assessment and optimisation approachAttack graph based risk assessment and optimisation approach
Attack graph based risk assessment and optimisation approachIJNSA Journal
 
Genetic fuzzy process metric measurement system for an operating system
Genetic fuzzy process metric measurement system for an operating systemGenetic fuzzy process metric measurement system for an operating system
Genetic fuzzy process metric measurement system for an operating systemijcseit
 
Comparative Performance Analysis of Machine Learning Techniques for Software ...
Comparative Performance Analysis of Machine Learning Techniques for Software ...Comparative Performance Analysis of Machine Learning Techniques for Software ...
Comparative Performance Analysis of Machine Learning Techniques for Software ...csandit
 
F041123639
F041123639F041123639
F041123639IOSR-JEN
 
A Review on Software Fault Detection and Prevention Mechanism in Software Dev...
A Review on Software Fault Detection and Prevention Mechanism in Software Dev...A Review on Software Fault Detection and Prevention Mechanism in Software Dev...
A Review on Software Fault Detection and Prevention Mechanism in Software Dev...iosrjce
 
Well drilling fuzzy risk assessment using fuzzy FMEA and fuzzy TOPSIS
Well drilling fuzzy risk assessment using fuzzy FMEA and fuzzy TOPSISWell drilling fuzzy risk assessment using fuzzy FMEA and fuzzy TOPSIS
Well drilling fuzzy risk assessment using fuzzy FMEA and fuzzy TOPSISJournal of Fuzzy Extension and Applications
 
Benchmarks for Evaluating Anomaly Based Intrusion Detection Solutions
Benchmarks for Evaluating Anomaly Based Intrusion Detection SolutionsBenchmarks for Evaluating Anomaly Based Intrusion Detection Solutions
Benchmarks for Evaluating Anomaly Based Intrusion Detection SolutionsIJNSA Journal
 
Software testing defect prediction model a practical approach
Software testing defect prediction model a practical approachSoftware testing defect prediction model a practical approach
Software testing defect prediction model a practical approacheSAT Journals
 
Thesis Defense Presentation
Thesis Defense PresentationThesis Defense Presentation
Thesis Defense PresentationJamesDavie
 
Software Cost Estimation Using Clustering and Ranking Scheme
Software Cost Estimation Using Clustering and Ranking SchemeSoftware Cost Estimation Using Clustering and Ranking Scheme
Software Cost Estimation Using Clustering and Ranking SchemeEditor IJMTER
 
Software Development: Thinking, Fast and Slow
Software Development: Thinking, Fast and SlowSoftware Development: Thinking, Fast and Slow
Software Development: Thinking, Fast and SlowDaniel Bryant
 
Maintaining Your Code Clint Eastwood Style
Maintaining Your Code Clint Eastwood StyleMaintaining Your Code Clint Eastwood Style
Maintaining Your Code Clint Eastwood StyleRebecca Wirfs-Brock
 
Exploiting Fast and Slow Thinking
Exploiting Fast and Slow ThinkingExploiting Fast and Slow Thinking
Exploiting Fast and Slow ThinkingRebecca Wirfs-Brock
 
Book summery fooled_by_randomness
Book summery fooled_by_randomnessBook summery fooled_by_randomness
Book summery fooled_by_randomnessAnuya Kadam
 
SC 2015: Thinking Fast and Slow with Software Development
SC 2015: Thinking Fast and Slow with Software DevelopmentSC 2015: Thinking Fast and Slow with Software Development
SC 2015: Thinking Fast and Slow with Software DevelopmentDaniel Bryant
 
Why Scala Is Taking Over the Big Data World
Why Scala Is Taking Over the Big Data WorldWhy Scala Is Taking Over the Big Data World
Why Scala Is Taking Over the Big Data WorldDean Wampler
 

More Related Content

What's hot

Preliminary Hazard Analysis (PHA): New hybrid approach to railway risk analysis
Preliminary Hazard Analysis (PHA): New hybrid approach to railway risk analysisPreliminary Hazard Analysis (PHA): New hybrid approach to railway risk analysis
Preliminary Hazard Analysis (PHA): New hybrid approach to railway risk analysisIRJESJOURNAL
 
Review Paper on Recovery of Data during Software Fault
Review Paper on Recovery of Data during Software FaultReview Paper on Recovery of Data during Software Fault
Review Paper on Recovery of Data during Software FaultAM Publications
 
Attack graph based risk assessment and optimisation approach
Attack graph based risk assessment and optimisation approachAttack graph based risk assessment and optimisation approach
Attack graph based risk assessment and optimisation approachIJNSA Journal
 
Genetic fuzzy process metric measurement system for an operating system
Genetic fuzzy process metric measurement system for an operating systemGenetic fuzzy process metric measurement system for an operating system
Genetic fuzzy process metric measurement system for an operating systemijcseit
 
Comparative Performance Analysis of Machine Learning Techniques for Software ...
Comparative Performance Analysis of Machine Learning Techniques for Software ...Comparative Performance Analysis of Machine Learning Techniques for Software ...
Comparative Performance Analysis of Machine Learning Techniques for Software ...csandit
 
F041123639
F041123639F041123639
F041123639IOSR-JEN
 
A Review on Software Fault Detection and Prevention Mechanism in Software Dev...
A Review on Software Fault Detection and Prevention Mechanism in Software Dev...A Review on Software Fault Detection and Prevention Mechanism in Software Dev...
A Review on Software Fault Detection and Prevention Mechanism in Software Dev...iosrjce
 
Benchmarks for Evaluating Anomaly Based Intrusion Detection Solutions
Benchmarks for Evaluating Anomaly Based Intrusion Detection SolutionsBenchmarks for Evaluating Anomaly Based Intrusion Detection Solutions
Benchmarks for Evaluating Anomaly Based Intrusion Detection SolutionsIJNSA Journal
 
Software testing defect prediction model a practical approach
Software testing defect prediction model a practical approachSoftware testing defect prediction model a practical approach
Software testing defect prediction model a practical approacheSAT Journals
 
Thesis Defense Presentation
Thesis Defense PresentationThesis Defense Presentation
Thesis Defense PresentationJamesDavie
 
Software Cost Estimation Using Clustering and Ranking Scheme
Software Cost Estimation Using Clustering and Ranking SchemeSoftware Cost Estimation Using Clustering and Ranking Scheme
Software Cost Estimation Using Clustering and Ranking SchemeEditor IJMTER
 

What's hot (16)

Octav ethreat profiles
Octav ethreat profilesOctav ethreat profiles
Octav ethreat profiles
 
Preliminary Hazard Analysis (PHA): New hybrid approach to railway risk analysis
Preliminary Hazard Analysis (PHA): New hybrid approach to railway risk analysisPreliminary Hazard Analysis (PHA): New hybrid approach to railway risk analysis
Preliminary Hazard Analysis (PHA): New hybrid approach to railway risk analysis
 
Risk assessment managment and risk based audit approach
Risk assessment managment and risk based audit approachRisk assessment managment and risk based audit approach
Risk assessment managment and risk based audit approach
 
Ch9
Ch9Ch9
Ch9
 
Fault tree analysis
Fault tree analysisFault tree analysis
Fault tree analysis
 
Review Paper on Recovery of Data during Software Fault
Review Paper on Recovery of Data during Software FaultReview Paper on Recovery of Data during Software Fault
Review Paper on Recovery of Data during Software Fault
 
Attack graph based risk assessment and optimisation approach
Attack graph based risk assessment and optimisation approachAttack graph based risk assessment and optimisation approach
Attack graph based risk assessment and optimisation approach
 
Genetic fuzzy process metric measurement system for an operating system
Genetic fuzzy process metric measurement system for an operating systemGenetic fuzzy process metric measurement system for an operating system
Genetic fuzzy process metric measurement system for an operating system
 
Comparative Performance Analysis of Machine Learning Techniques for Software ...
Comparative Performance Analysis of Machine Learning Techniques for Software ...Comparative Performance Analysis of Machine Learning Techniques for Software ...
Comparative Performance Analysis of Machine Learning Techniques for Software ...
 
F041123639
F041123639F041123639
F041123639
 
A Review on Software Fault Detection and Prevention Mechanism in Software Dev...
A Review on Software Fault Detection and Prevention Mechanism in Software Dev...A Review on Software Fault Detection and Prevention Mechanism in Software Dev...
A Review on Software Fault Detection and Prevention Mechanism in Software Dev...
 
Well drilling fuzzy risk assessment using fuzzy FMEA and fuzzy TOPSIS
Well drilling fuzzy risk assessment using fuzzy FMEA and fuzzy TOPSISWell drilling fuzzy risk assessment using fuzzy FMEA and fuzzy TOPSIS
Well drilling fuzzy risk assessment using fuzzy FMEA and fuzzy TOPSIS
 
Benchmarks for Evaluating Anomaly Based Intrusion Detection Solutions
Benchmarks for Evaluating Anomaly Based Intrusion Detection SolutionsBenchmarks for Evaluating Anomaly Based Intrusion Detection Solutions
Benchmarks for Evaluating Anomaly Based Intrusion Detection Solutions
 
Software testing defect prediction model a practical approach
Software testing defect prediction model a practical approachSoftware testing defect prediction model a practical approach
Software testing defect prediction model a practical approach
 
Thesis Defense Presentation
Thesis Defense PresentationThesis Defense Presentation
Thesis Defense Presentation
 
Software Cost Estimation Using Clustering and Ranking Scheme
Software Cost Estimation Using Clustering and Ranking SchemeSoftware Cost Estimation Using Clustering and Ranking Scheme
Software Cost Estimation Using Clustering and Ranking Scheme
 

Viewers also liked

Software Development: Thinking, Fast and Slow
Software Development: Thinking, Fast and SlowSoftware Development: Thinking, Fast and Slow
Software Development: Thinking, Fast and SlowDaniel Bryant
 
Maintaining Your Code Clint Eastwood Style
Maintaining Your Code Clint Eastwood StyleMaintaining Your Code Clint Eastwood Style
Maintaining Your Code Clint Eastwood StyleRebecca Wirfs-Brock
 
Exploiting Fast and Slow Thinking
Exploiting Fast and Slow ThinkingExploiting Fast and Slow Thinking
Exploiting Fast and Slow ThinkingRebecca Wirfs-Brock
 
Book summery fooled_by_randomness
Book summery fooled_by_randomnessBook summery fooled_by_randomness
Book summery fooled_by_randomnessAnuya Kadam
 
SC 2015: Thinking Fast and Slow with Software Development
SC 2015: Thinking Fast and Slow with Software DevelopmentSC 2015: Thinking Fast and Slow with Software Development
SC 2015: Thinking Fast and Slow with Software DevelopmentDaniel Bryant
 
Why Scala Is Taking Over the Big Data World
Why Scala Is Taking Over the Big Data WorldWhy Scala Is Taking Over the Big Data World
Why Scala Is Taking Over the Big Data WorldDean Wampler
 

Viewers also liked (6)

Software Development: Thinking, Fast and Slow
Software Development: Thinking, Fast and SlowSoftware Development: Thinking, Fast and Slow
Software Development: Thinking, Fast and Slow
 
Maintaining Your Code Clint Eastwood Style
Maintaining Your Code Clint Eastwood StyleMaintaining Your Code Clint Eastwood Style
Maintaining Your Code Clint Eastwood Style
 
Exploiting Fast and Slow Thinking
Exploiting Fast and Slow ThinkingExploiting Fast and Slow Thinking
Exploiting Fast and Slow Thinking
 
Book summery fooled_by_randomness
Book summery fooled_by_randomnessBook summery fooled_by_randomness
Book summery fooled_by_randomness
 
SC 2015: Thinking Fast and Slow with Software Development
SC 2015: Thinking Fast and Slow with Software DevelopmentSC 2015: Thinking Fast and Slow with Software Development
SC 2015: Thinking Fast and Slow with Software Development
 
Why Scala Is Taking Over the Big Data World
Why Scala Is Taking Over the Big Data WorldWhy Scala Is Taking Over the Big Data World
Why Scala Is Taking Over the Big Data World
 

Similar to Optimization of different objective function in risk assessment system

Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30timmcguinness
 
Synthesis of Polyurethane Solution (Castor oil based polyol for polyurethane)
Synthesis of Polyurethane Solution (Castor oil based polyol for polyurethane)Synthesis of Polyurethane Solution (Castor oil based polyol for polyurethane)
Synthesis of Polyurethane Solution (Castor oil based polyol for polyurethane)IJARIIE JOURNAL
 
Research and identify three IT-related Risk Management Plans and lis.pdf
Research and identify three IT-related Risk Management Plans and lis.pdfResearch and identify three IT-related Risk Management Plans and lis.pdf
Research and identify three IT-related Risk Management Plans and lis.pdfRBMADU
 
Critical systems specification
Critical systems specificationCritical systems specification
Critical systems specificationAryan Ajmer
 
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...Editor IJCATR
 
A Behavior Based Intrusion Detection System Using Machine Learning Algorithms
A Behavior Based Intrusion Detection System Using Machine Learning AlgorithmsA Behavior Based Intrusion Detection System Using Machine Learning Algorithms
A Behavior Based Intrusion Detection System Using Machine Learning AlgorithmsCSCJournals
 
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptxPRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptxGraciaSuratos
 
Risk Management: A Holistic Organizational Approach
Risk Management: A Holistic Organizational ApproachRisk Management: A Holistic Organizational Approach
Risk Management: A Holistic Organizational ApproachGraydon McKee
 
cupdf.com_it-security-management-and-risk-assessment.pdf
cupdf.com_it-security-management-and-risk-assessment.pdfcupdf.com_it-security-management-and-risk-assessment.pdf
cupdf.com_it-security-management-and-risk-assessment.pdfAgusNursidik
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
IRJET- GDPS - General Disease Prediction System
IRJET- GDPS - General Disease Prediction SystemIRJET- GDPS - General Disease Prediction System
IRJET- GDPS - General Disease Prediction SystemIRJET Journal
 
Implementing a new AIS system could prove to be beneficial or detrimen.docx
Implementing a new AIS system could prove to be beneficial or detrimen.docxImplementing a new AIS system could prove to be beneficial or detrimen.docx
Implementing a new AIS system could prove to be beneficial or detrimen.docxtristans3
 
case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)ishan parikh production
 
Practical Application Of System Safety For Performance Improvement
Practical Application Of System Safety For Performance ImprovementPractical Application Of System Safety For Performance Improvement
Practical Application Of System Safety For Performance ImprovementAlbert V. Condello III CSP CHMM
 
University of the CumberlandsSchool of Computer & Information .docx
University of the CumberlandsSchool of Computer & Information .docxUniversity of the CumberlandsSchool of Computer & Information .docx
University of the CumberlandsSchool of Computer & Information .docxjolleybendicty
 

Similar to Optimization of different objective function in risk assessment system (20)

Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30
 
Synthesis of Polyurethane Solution (Castor oil based polyol for polyurethane)
Synthesis of Polyurethane Solution (Castor oil based polyol for polyurethane)Synthesis of Polyurethane Solution (Castor oil based polyol for polyurethane)
Synthesis of Polyurethane Solution (Castor oil based polyol for polyurethane)
 
Research and identify three IT-related Risk Management Plans and lis.pdf
Research and identify three IT-related Risk Management Plans and lis.pdfResearch and identify three IT-related Risk Management Plans and lis.pdf
Research and identify three IT-related Risk Management Plans and lis.pdf
 
Information Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsInformation Serurity Risk Assessment Basics
Information Serurity Risk Assessment Basics
 
Critical systems specification
Critical systems specificationCritical systems specification
Critical systems specification
 
Risk assessment managment and risk based audit approach
Risk assessment managment and risk based audit approachRisk assessment managment and risk based audit approach
Risk assessment managment and risk based audit approach
 
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 
A Behavior Based Intrusion Detection System Using Machine Learning Algorithms
A Behavior Based Intrusion Detection System Using Machine Learning AlgorithmsA Behavior Based Intrusion Detection System Using Machine Learning Algorithms
A Behavior Based Intrusion Detection System Using Machine Learning Algorithms
 
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptxPRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx
 
Risk Management: A Holistic Organizational Approach
Risk Management: A Holistic Organizational ApproachRisk Management: A Holistic Organizational Approach
Risk Management: A Holistic Organizational Approach
 
cupdf.com_it-security-management-and-risk-assessment.pdf
cupdf.com_it-security-management-and-risk-assessment.pdfcupdf.com_it-security-management-and-risk-assessment.pdf
cupdf.com_it-security-management-and-risk-assessment.pdf
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
E1804012536
E1804012536E1804012536
E1804012536
 
IRJET- GDPS - General Disease Prediction System
IRJET- GDPS - General Disease Prediction SystemIRJET- GDPS - General Disease Prediction System
IRJET- GDPS - General Disease Prediction System
 
Implementing a new AIS system could prove to be beneficial or detrimen.docx
Implementing a new AIS system could prove to be beneficial or detrimen.docxImplementing a new AIS system could prove to be beneficial or detrimen.docx
Implementing a new AIS system could prove to be beneficial or detrimen.docx
 
case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)
 
Practical Application Of System Safety For Performance Improvement
Practical Application Of System Safety For Performance ImprovementPractical Application Of System Safety For Performance Improvement
Practical Application Of System Safety For Performance Improvement
 
University of the CumberlandsSchool of Computer & Information .docx
University of the CumberlandsSchool of Computer & Information .docxUniversity of the CumberlandsSchool of Computer & Information .docx
University of the CumberlandsSchool of Computer & Information .docx
 

More from Alexander Decker

Abnormalities of hormones and inflammatory cytokines in women affected with p...
Abnormalities of hormones and inflammatory cytokines in women affected with p...Abnormalities of hormones and inflammatory cytokines in women affected with p...
Abnormalities of hormones and inflammatory cytokines in women affected with p...Alexander Decker
 
A validation of the adverse childhood experiences scale in
A validation of the adverse childhood experiences scale inA validation of the adverse childhood experiences scale in
A validation of the adverse childhood experiences scale inAlexander Decker
 
A usability evaluation framework for b2 c e commerce websites
A usability evaluation framework for b2 c e commerce websitesA usability evaluation framework for b2 c e commerce websites
A usability evaluation framework for b2 c e commerce websitesAlexander Decker
 
A universal model for managing the marketing executives in nigerian banks
A universal model for managing the marketing executives in nigerian banksA universal model for managing the marketing executives in nigerian banks
A universal model for managing the marketing executives in nigerian banksAlexander Decker
 
A unique common fixed point theorems in generalized d
A unique common fixed point theorems in generalized dA unique common fixed point theorems in generalized d
A unique common fixed point theorems in generalized dAlexander Decker
 
A trends of salmonella and antibiotic resistance
A trends of salmonella and antibiotic resistanceA trends of salmonella and antibiotic resistance
A trends of salmonella and antibiotic resistanceAlexander Decker
 
A transformational generative approach towards understanding al-istifham
A transformational generative approach towards understanding al-istifhamA transformational generative approach towards understanding al-istifham
A transformational generative approach towards understanding al-istifhamAlexander Decker
 
A time series analysis of the determinants of savings in namibia
A time series analysis of the determinants of savings in namibiaA time series analysis of the determinants of savings in namibia
A time series analysis of the determinants of savings in namibiaAlexander Decker
 
A therapy for physical and mental fitness of school children
A therapy for physical and mental fitness of school childrenA therapy for physical and mental fitness of school children
A therapy for physical and mental fitness of school childrenAlexander Decker
 
A theory of efficiency for managing the marketing executives in nigerian banks
A theory of efficiency for managing the marketing executives in nigerian banksA theory of efficiency for managing the marketing executives in nigerian banks
A theory of efficiency for managing the marketing executives in nigerian banksAlexander Decker
 
A systematic evaluation of link budget for
A systematic evaluation of link budget forA systematic evaluation of link budget for
A systematic evaluation of link budget forAlexander Decker
 
A synthetic review of contraceptive supplies in punjab
A synthetic review of contraceptive supplies in punjabA synthetic review of contraceptive supplies in punjab
A synthetic review of contraceptive supplies in punjabAlexander Decker
 
A synthesis of taylor’s and fayol’s management approaches for managing market...
A synthesis of taylor’s and fayol’s management approaches for managing market...A synthesis of taylor’s and fayol’s management approaches for managing market...
A synthesis of taylor’s and fayol’s management approaches for managing market...Alexander Decker
 
A survey paper on sequence pattern mining with incremental
A survey paper on sequence pattern mining with incrementalA survey paper on sequence pattern mining with incremental
A survey paper on sequence pattern mining with incrementalAlexander Decker
 
A survey on live virtual machine migrations and its techniques
A survey on live virtual machine migrations and its techniquesA survey on live virtual machine migrations and its techniques
A survey on live virtual machine migrations and its techniquesAlexander Decker
 
A survey on data mining and analysis in hadoop and mongo db
A survey on data mining and analysis in hadoop and mongo dbA survey on data mining and analysis in hadoop and mongo db
A survey on data mining and analysis in hadoop and mongo dbAlexander Decker
 
A survey on challenges to the media cloud
A survey on challenges to the media cloudA survey on challenges to the media cloud
A survey on challenges to the media cloudAlexander Decker
 
A survey of provenance leveraged
A survey of provenance leveragedA survey of provenance leveraged
A survey of provenance leveragedAlexander Decker
 
A survey of private equity investments in kenya
A survey of private equity investments in kenyaA survey of private equity investments in kenya
A survey of private equity investments in kenyaAlexander Decker
 
A study to measures the financial health of
A study to measures the financial health ofA study to measures the financial health of
A study to measures the financial health ofAlexander Decker
 

More from Alexander Decker (20)

Abnormalities of hormones and inflammatory cytokines in women affected with p...
Abnormalities of hormones and inflammatory cytokines in women affected with p...Abnormalities of hormones and inflammatory cytokines in women affected with p...
Abnormalities of hormones and inflammatory cytokines in women affected with p...
 
A validation of the adverse childhood experiences scale in
A validation of the adverse childhood experiences scale inA validation of the adverse childhood experiences scale in
A validation of the adverse childhood experiences scale in
 
A usability evaluation framework for b2 c e commerce websites
A usability evaluation framework for b2 c e commerce websitesA usability evaluation framework for b2 c e commerce websites
A usability evaluation framework for b2 c e commerce websites
 
A universal model for managing the marketing executives in nigerian banks
A universal model for managing the marketing executives in nigerian banksA universal model for managing the marketing executives in nigerian banks
A universal model for managing the marketing executives in nigerian banks
 
A unique common fixed point theorems in generalized d
A unique common fixed point theorems in generalized dA unique common fixed point theorems in generalized d
A unique common fixed point theorems in generalized d
 
A trends of salmonella and antibiotic resistance
A trends of salmonella and antibiotic resistanceA trends of salmonella and antibiotic resistance
A trends of salmonella and antibiotic resistance
 
A transformational generative approach towards understanding al-istifham
A transformational generative approach towards understanding al-istifhamA transformational generative approach towards understanding al-istifham
A transformational generative approach towards understanding al-istifham
 
A time series analysis of the determinants of savings in namibia
A time series analysis of the determinants of savings in namibiaA time series analysis of the determinants of savings in namibia
A time series analysis of the determinants of savings in namibia
 
A therapy for physical and mental fitness of school children
A therapy for physical and mental fitness of school childrenA therapy for physical and mental fitness of school children
A therapy for physical and mental fitness of school children
 
A theory of efficiency for managing the marketing executives in nigerian banks
A theory of efficiency for managing the marketing executives in nigerian banksA theory of efficiency for managing the marketing executives in nigerian banks
A theory of efficiency for managing the marketing executives in nigerian banks
 
A systematic evaluation of link budget for
A systematic evaluation of link budget forA systematic evaluation of link budget for
A systematic evaluation of link budget for
 
A synthetic review of contraceptive supplies in punjab
A synthetic review of contraceptive supplies in punjabA synthetic review of contraceptive supplies in punjab
A synthetic review of contraceptive supplies in punjab
 
A synthesis of taylor’s and fayol’s management approaches for managing market...
A synthesis of taylor’s and fayol’s management approaches for managing market...A synthesis of taylor’s and fayol’s management approaches for managing market...
A synthesis of taylor’s and fayol’s management approaches for managing market...
 
A survey paper on sequence pattern mining with incremental
A survey paper on sequence pattern mining with incrementalA survey paper on sequence pattern mining with incremental
A survey paper on sequence pattern mining with incremental
 
A survey on live virtual machine migrations and its techniques
A survey on live virtual machine migrations and its techniquesA survey on live virtual machine migrations and its techniques
A survey on live virtual machine migrations and its techniques
 
A survey on data mining and analysis in hadoop and mongo db
A survey on data mining and analysis in hadoop and mongo dbA survey on data mining and analysis in hadoop and mongo db
A survey on data mining and analysis in hadoop and mongo db
 
A survey on challenges to the media cloud
A survey on challenges to the media cloudA survey on challenges to the media cloud
A survey on challenges to the media cloud
 
A survey of provenance leveraged
A survey of provenance leveragedA survey of provenance leveraged
A survey of provenance leveraged
 
A survey of private equity investments in kenya
A survey of private equity investments in kenyaA survey of private equity investments in kenya
A survey of private equity investments in kenya
 
A study to measures the financial health of
A study to measures the financial health ofA study to measures the financial health of
A study to measures the financial health of
 

Recently uploaded

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Recently uploaded (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Optimization of different objective function in risk assessment system

  • 1. Mathematical Theory and Modeling www.iiste.org ISSN 2224-5804 (Paper) ISSN 2225-0522 (Online) Vol.3, No.6, 2013-Selected from International Conference on Recent Trends in Applied Sciences with Engineering Applications 308 Optimization of Different Objective Function in Risk Assessment System SHWETA SINGH Department of Mathematics, Radharaman Institute of Tech., & Science, Bhopal (M.P.) Singh84_s@rediffmail.com G.C. DUBEY Department of Mathematics, Govt. MGM College,Itarsi (M.P.) Gcd.1951@gmail.com RAJESH SHRIVASTAVA Department of Mathematics, Govt. Benazir College,Bhopal, (M.P.) Rajeshraju0101@rediffmail.com Abstract This paper proposes a new definition and conceptual framework for Risk assessment system. Risk assessment is the first process in the risk management methodology Organizations use risk system to determine the extent of the potential threat and the risk associated with an IT system throughout its SDLC. The output of this process helps to identify appropriate controls for eliminating risk and to determine the likelihood of a future adverse event. In this paper we will also discuss the Quantitative versus Qualitative Assessment, their advantage and disadvantages, while conducting the impact analysis. Once all the objective function have be optimized and completed, the results should be documented in an official report. This expanded view of Risk assessment emphasis the double role of risk management instruments, protecting basic livelihood as well as promoting risk taking and protecting basic livelihood. Keywords - Risk assessment, Risk Management, SDLC (System Development life cycle optimization) Introduction Due to technical advancement and needs of the person, the life cycle of product have been shortened. With the customer needs the functional for corporate should be quickly improved in quality for corporate survival. There for the risk factors which occurs during the product development need to be managed in project planning and risk management system. Risk is a function of the likelihood of a given threat-source's a exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization[1][2] The risk assessment methodology encompasses nine primary steps, which is described below: 1. System Characterization 2. Threat Identification 3. Vulnerability 4. Control Analysis 5. Likelihood Determination 6. Impact Analysis 7. Risk Determination 8. Control Recommendations 9. Results Documentation
  • 2. Mathematical Theory and Modeling www.iiste.org ISSN 2224-5804 (Paper) ISSN 2225-0522 (Online) Vol.3, No.6, 2013-Selected from International Conference on Recent Trends in Applied Sciences with Engineering Applications 309 Figure 1 Risk Assessment Methodology Flow chart
  • 3. Mathematical Theory and Modeling www.iiste.org ISSN 2224-5804 (Paper) ISSN 2225-0522 (Online) Vol.3, No.6, 2013-Selected from International Conference on Recent Trends in Applied Sciences with Engineering Applications 310 STEP 1- SYSTEM CHARACTERIZATION In assessing risks for an IT system, the first step is to define the scope of the effort. In this step, the boundaries of the IT system are identified, along with the resources and the information that constitute the system. 1.1 System-Related Information Indentifying risk for an IT system requires a keen understanding of the system’s processing environment. The person or persons who conduct the risk assessment must therefore first colled system-related information which is usually classified as follows: • Hardware • Software • System interfaces (e.g. internal and external connectivity) • Data and information • Persons who support and use the IT system • System mission (e.g., the processes performed by the IT system) • System and data criticality (e.g., the system’s value or importance to an organization). • System and data sensitivity. 1.2 Information-Gathering Techniques Any, or a combination, of the following techniques can be used in gathering information relevant to the IT system within the its operational boundary[5] . • Questionnaire • On-site Interviews. • Document Review • Use of Automated Scanning Tool. STEP 2- THREAT IDENTIFICATION A threat is the potential for a particular threat-source to successfully exercise a particular vulnerability. A vulnerability is a weakness that can be accidentally triggered or intentionally exploited. A threat-source does not present a risk when there is no vulnerabilitiy that can be exercised. 2.1 Threat-Source Identification The goal of this step is to identify the potential threat-sources and compile a threat statement listing potential threat-sources that are applicable to the IT system being evaluated. 2.2 Motivation and Threat Actions Motivation and the resources for carrying outan attack make humans potentially dangerous threat- sources. This information will be useful to organizations studying their human threat environments and customizing their human threat statements. STEP 3- VULNERABILITY IDENTIFICATION The analysis of the threat to an IT system must include an analysis of the vulnerabilities associated with the system environment. The goal of this step is to develop a list of system vulnerabilities (flaws or weaknesses) that could be exploited by the potential threat-sources. 3.1 Vulnerability Sources The technical and nontechnical vulnerabilities associated with an IT system’s processing environment can be identified via the information-gathering techniques described in. 3.2 System Security Testing Proactive methods, employing system testing, can be used to identify system vulnerabilities effieciently, depending on the criticality of the IT system and available resources. • Automated vulnerability scanning tool. • Security test and evaluation (ST & E) • Penetration testing. 3.3 Development of Security Requirements Checklist During this step, the risk assessment personnel determine whether the security requirements stipulated for the IT system and collected during system characterization are being met by existing or planned security controls. • Management • Operational • Technical STEP 4- CONTROL ANALYSIS
  • 4. Mathematical Theory and Modeling www.iiste.org ISSN 2224-5804 (Paper) ISSN 2225-0522 (Online) Vol.3, No.6, 2013-Selected from International Conference on Recent Trends in Applied Sciences with Engineering Applications 311 The goal of this step is to analyze the controls that have been implemented, or are planned for implementation, by the organization to minimize or eliminate the likelihood (or probability) of a threat’s exercising a system vulnerability. STEP 5- LIKELIHOOD DETERMINATION To derive an overall likelihood rating that indicates the probability that a potential vulnerability may be exercised within the construct of the associated threat environment, the following governing factors must be considered: • Threat-source motivation and capability • Nature of the vulnerability • Existence and effectiveness of current controls. STEP 6- IMPACT ANALYSIS The Next major step in measureing level of risk is to determine the adverse impact resulting from a successful threat exercise of a vulnerability. Before beginning the impact analysis, it is necessary to obtain the following necessary informationg as discussed: • System mission (e.g., the processes performed by the IT system) • System and data criticality (e.g., the system’s value or importance to an organization). • System and data sensitivity. STEP 7- RISK DETERMINATION The purpose of this step is to assess the level of risk to the IT system. The determination of risk for a particualar threat/vulnerability pair can be expressed as a function of- • The likelihood of a given threat-source’s attempting to excrexcise a given vulnerability. • The magnitude of the impact should a threat-source successfully exercise the vulnerability. • The adequacy of planned or existing security controls for reducing or eliminating risk. Table-1 Risk-Level Matrix Threat Likelihood Impact Low (10) Medium (50) High (100) High (1.0) Low 10X1.0=10 Medium 50X1.0=50 High 100X1.0=100 Medium (0.5) Low 10X0.5=5 Medium 50X0.5=25 High 100X0.5=50 Low (0.1) Low 10X0.1=1 Medium 50X0.1=5 High 100X0.1=10 Risk Scale : High (>50 to 100); Medium (>10 to 50); Low (1 to 10)8 Table 2 Risk Scale and Necessary Actions Risk Level Risk Description and Necessary Actions High It an observation or finding is evaluated as a high risk, there is a strong need for corrective measures. An existing system may continue ot operate, but a corrective action plan must be put in place as soon as possible. Medium If an observation is rated as medium risk, corrective actions are neede and a plan must be developed to incorporate these actions within a reasonable period of time. Low If an observation is described as low risk the system’s DAA must determine whether corrective actions are still required or decide to accept the risk STEP 8 - CONTROL RECOMMENDATIONS During this step of the process, controls that could mitigate or eliminate the identified risks, as appropriate to the organization’s operation, are provided. The goal of the recommended controls is to reduce the level of risk to the IT system and its data to an acceptable level. The following factors should be considered in recommending control and alternative solutions to minimize or eliminate identified risks: • Effectiveness of recommended options (e.g. system compatibility) • Legislation and regulation • Organizational policy • Operational impact • Safety and reliability
  • 5. Mathematical Theory and Modeling www.iiste.org ISSN 2224-5804 (Paper) ISSN 2225-0522 (Online) Vol.3, No.6, 2013-Selected from International Conference on Recent Trends in Applied Sciences with Engineering Applications 312 STEP 9 - RESULTS DOCUMENTATION Once the risk assessment has been completed (threat-sources and vulnerabilities identified, risks assessed, and recommended controls provided), the results should be documented in an official report or briefing. CONCLUSION A risk assessment report is a management report that helps senior management, the mission owners, make decisions on policy, procedural, budget and system operational and management changes. Unlike an audit or investigation report, which looks for wrongdoing, a risk assessment report should not be presented in an accusatory manner but as a systematic and analytical approach to assessing risk so that senior mmanagement will understand the risks and allocate resources to reduce and correct potential losses. For this reason, some people prefer to address the threat/vulnerability pairs as observations instead of findings in the risk assessment report. References - 1. J. Coppendale, “Manage risk in product and process development and avoid unpleasant surprises” Journal of Engineering Management, Vol.5, pp.33-38 2. L.P. Cooper, “ A research agenda to reduce risk in new product development through knowledge management: a practitioner perspective,” Journal of Engineering and Technology Management, 2003 3. P.K. Dey, “ Project Risk Management : A combined Analytic Hierarchy process and decision tree Approach,” cost Engineering, 44,2002. 4. H.G. Choi and J.O. Ahn, “Risk analysis models and risk degree determination in new product development: A case study” Journal of Engineering and Technology Management, pp. 110- 114. 2010. 5. D.W. Choi, J.S.Kim, and H.G. Choi, “Determination of Integrated Risk degrees in product development project,” Proceeding of the world congress on Engineering and computer science 2009, Vol.II, 2009.
  • 6. This academic article was published by The International Institute for Science, Technology and Education (IISTE). The IISTE is a pioneer in the Open Access Publishing service based in the U.S. and Europe. The aim of the institute is Accelerating Global Knowledge Sharing. More information about the publisher can be found in the IISTE’s homepage: http://www.iiste.org CALL FOR PAPERS The IISTE is currently hosting more than 30 peer-reviewed academic journals and collaborating with academic institutions around the world. There’s no deadline for submission. Prospective authors of IISTE journals can find the submission instruction on the following page: http://www.iiste.org/Journals/ The IISTE editorial team promises to the review and publish all the qualified submissions in a fast manner. All the journals articles are available online to the readers all over the world without financial, legal, or technical barriers other than those inseparable from gaining access to the internet itself. Printed version of the journals is also available upon request of readers and authors. IISTE Knowledge Sharing Partners EBSCO, Index Copernicus, Ulrich's Periodicals Directory, JournalTOCS, PKP Open Archives Harvester, Bielefeld Academic Search Engine, Elektronische Zeitschriftenbibliothek EZB, Open J-Gate, OCLC WorldCat, Universe Digtial Library , NewJour, Google Scholar