Building a semantics-assisted risk analysis (SARA) framework for vendor risk management. / CUHK electronic theses & dissertations collection / ProQuest dissertations and theses

January 2007

Although there are several solutions available in the industry to manage the vendor risk confronting corporate purchasers in their practices of traditional procurement mechanism, they are not widely accepted among industries practicing the traditional procurement mechanism. Moreover, they are unfeasible to be implemented in the eProcurement mechanism. They rely heavily on self-assessment data provided by vendors or transaction records from purchasing departments, and there is a lack of a systematic approach to accumulate the collective experience of the corporation in vendor risk management. / Moreover, the risk cause taxonomy identified in this study lays out the theoretical grounds for the development of any software applications relating to the deployment of risk perceptions held by procurement professionals and practitioners. / Recently, electronic procurement or eProcurement has gradually acquired wide acceptance in various industries as an effective, efficient, and cost-saving mechanism to search for and contact potential vendors over the Internet. However, it is also a common situation that purchasers do not have handy and reliable tools for the evaluation of the risk deriving from their choices of selecting seemingly promising but unfamiliar vendors, identified through the eProcurement mechanism. The purchasing corporations need to implement a systematic framework to identify, and assess the risks associated with their vendor choices, that is, the vendor risk, and even to memorize their collective experience on risk analysis, while they try to gain benefits from the practice of the eProcurement strategy. / The structure for the establishment of the semantic application identified in this study can be generalized as the common framework for developing an automatic information extractor to acquire Internet content as the support for making important business decisions. The structure is composed of three basic components: (1) an information collection method to identify specific information over the Internet through the deployment of semantic technology, (2) an ontology repository to associate the collected data and the specific data schema, and (3) a scheme to associate the data schema with the analytical methods which would be deployed to provide decision support. / This study proposes the establishment of the Vendor Risk Analysis (VRA) system to assist procurement officers in vendor risk analysis as a support to their decision of seeking promising vendors over the Internet. The VRA system adopts a Semantic-Assisted Risk Analysis (SARA) framework to implement an innovative approach in the implementation of risk assessment. The SARA framework deploys the collaboration of a knowledge-based Expert System and several emerging semantic technologies, including Information Extraction, a Community Template Repository, and a Semantic Platform for Information Indexing and Retrieval, to enhance the capability of the VRA system in the capability of acquiring sufficient risk evidence over the Internet to provide timely and reliable risk assessment support to vendor choice decisions. / Chou, Ling Yu. / "July 2007." / Advisers: Vincent Sie-king Lai; Timon Chih-ting Du. / Source: Dissertation Abstracts International, Volume: 68-12, Section: A, page: 5128. / Thesis (Ph.D.)--Chinese University of Hong Kong, 2007. / Includes bibliographical references (p. 178-186). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Electronic reproduction. [Ann Arbor, MI] : ProQuest Information and Learning, [200-] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Electronic reproduction. Ann Arbor, MI : ProQuest dissertations and theses, [201-] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstracts in English and Chinese. / School code: 1307.

Purchasing--Management

Risk assessment--Data Processing

Risk management--Data Processing

Real-time risk analysis : a modern perspective on network security with a prototype

16 August 2012

M.Sc. / The present study was undertaken in a bid within the realm of the existing Internet working environment to meet the need for a more secure network-security process in terms of which possible risks to be incurred by Internet users could be identified and controlled by means of the appropriate countermeasures in real time. On launching the study, however, no such formal risk-analysis model has yet been developed specifically to effect risk analysis in real time. This, then, gave rise to the development of a prototype specifically aimed at the identification of risks that could pose a threat to Internet users' private data — the so-called "Real-time Risk Analysis" (RtRA) prototype. In so doing, the principal aim of the study, namely to implement the RtRA prototype, was realised. Following, an overview of the research method employed to realise the objectives of the study. Firstly, background information on and the preamble to the issues and problems to be addressed were provided, as well as a well-founded motivation for the study. The latter included theoretical studies on current network security and Transmission Control Protocol/Internet Protocol (TCP/IP). Secondly, the study of existing TCP/IP packet-intercepting tools available on the Internet brought deeper insight into how TCP/IP packets are to be intercepted and handled. In the third instance, the most recent development in network security — firewalls — came under discussion. The latter technology represents a "super-developed" TCP/IP packet-intercepting tool that implements the best known security measures. In addition, the entire study was based on firewall technology and the model that was developed related directly to firewalls. Fourthly, a prototype, consisting of three main modules, was implemented in a bid to prove that RtRA is indeed tenable and practicable. In so doing, the second module of the prototype, namely the real-time risk-identification and countermeasure-execution module, was given special emphasis. The modus operandi of the said prototype was then illustrated by means of a case study undertaken in a simulated Internet working environment. The study culminated in a summation of the results of and the conclusions reached on the strength of the research. Further problem areas, which could become the focal points of future research projects, were also touched upon.

Internet - Security measures.

Computer networks - Security measures.

Risk assessment - Data processing.