Information Processing System To Security Standard Compliance Measurement: A Quantitative Approach Using Pathfinder Networks (Pfnets)

Hulitt, Elaine

11 December 2009

Continuously changing system configurations and attack methods make information system risk management using traditional methods a formidable task. Traditional qualitative approaches usually lack sufficient measurable detail on which to base confident, cost-effective decisions. Traditional quantitative approaches are burdened with the requirement to collect an abundance of detailed asset value and historical incident data and to apply complex calculations to measure the data precisely in work environments where there are limited resources to collect and process it. To ensure that safeguards (controls) are implemented to protect against a majority of known threats, industry leaders are requiring information processing systems to comply with security standards. The National Institute of Standards and Technology (NIST) Federal Information Risk Management Framework (RMF) and the associated suite of guidance documents describe the minimum security requirements for non-national-security federal information and information systems as mandated by the Federal Information Security Management Act (FISMA), enacted into law on December 17, 2002, as Title III of the E-Government Act of 2002. This study proposes using the Pathfinder procedure to mathematically model an information system FISMA-required security control state and an actual information system security control state. A comparison of these two security control states using the proposed method will generate a quantitative measure of the status of compliance of the actual system with the FISMA-required standard. The quantitative measures generated should provide information sufficient to plan risk mitigation strategy, track system compliance to standard, and allow for the discussion of system compliance with the FISMA-required standard in terms easily understood by participants at various levels of an organization without requiring all to have detailed knowledge of the internals of the security standard or the targeted system. The ability to clearly articulate system compliance status and risk mitigation requirements is critical to gaining the support of upper-level management whose responsibility it is to allocate funds sufficient to support government security programs.

Secure Architecture Modeling

Risk Analysis

Standards Compliance Modeling

FISMA

RMF

Pathfinder Networks

Frames within Themselves: Treating Visual Imagery as a Variable in IR

Dombrowski, Andrew G.

14 May 2015

No description available.

Aesthetics

Political Science

ANALYSIS OF VALUE AT RISK MODELS BASED ON THE SHANGHAI STOCK INDEX

MAHAJAN, SHRIRANG A.

January 2003

No description available.

Engineering, Industrial

value at risk

GARCH

Shanghai Stock Exchange

risk analysis

Unmanned Aerial Systems for Emergency Response

Brown, Bryan

06 June 2016

No description available.

Aerospace Materials

Unmanned Aerial Systems

Emergency Response

Flight Testing

Multirotor

Wildland Fires

Risk Analysis

A Comparison of Dynamic and Classical Event Tree Analysis for Nuclear Power Plant Probabilistic Safety/Risk Assessment

Metzroth, Kyle G.

22 July 2011

No description available.

Nuclear Engineering

Probabilistic Risk Assessment

Dynamic Probabilistic Risk Assessment

Nuclear Power Plant Risk Analysis

A fuzzy Bayesian network approach for risk analysis in process industries

Yazdi, M., Kabir, Sohag

04 August 2020

Yes / Fault tree analysis is a widely used method of risk assessment in process industries. However, the classical fault tree approach has its own limitations such as the inability to deal with uncertain failure data and to consider statistical dependence among the failure events. In this paper, we propose a comprehensive framework for the risk assessment in process industries under the conditions of uncertainty and statistical dependency of events. The proposed approach makes the use of expert knowledge and fuzzy set theory for handling the uncertainty in the failure data and employs the Bayesian network modeling for capturing dependency among the events and for a robust probabilistic reasoning in the conditions of uncertainty. The effectiveness of the approach was demonstrated by performing risk assessment in an ethylene transportation line unit in an ethylene oxide (EO) production plant.

Hazard analysis

Fault tree analysis

Bayesian networks

Fuzzy set theory

Process industry

Risk analysis

Improving microbial fate and transport modeling to support TMDL development in an urban watershed

Liao, Hehuan

30 April 2015

Pathogen contamination, typically quantified by elevated levels of fecal indicator bacteria (FIB), remains the leading cause of surface water-quality impairments in the United States. Continuous watershed-scale models are typically employed to facilitate Total Maximum Daily Load (TMDL) restoration efforts. Due to limited understanding of microbial fate and transport, predictions of FIB concentrations are associated with considerable uncertainty relative to other water-quality contaminants. By focusing on a data-rich instrumented urban watershed, this study aims to improve understanding of microbial fate and transport processes. Weekly FIB concentrations in both the water column and streambed sediments were monitored for one year, and statistical correlations with hydrometeorological and physicochemical variables were identified. An intensive six storm intra-sampling campaign quantified and contrasted loading trends of both traditional regulatory FIB and emerging Microbial Source Tracking (MST) markers. Together, these intensive monitoring efforts facilitated evaluation of the impacts of bacteria-sediment interactions on the predictions of daily FIB concentrations in Hydrological Simulation Program-Fortran (HSPF) over multiple years. While superior overall model performance was demonstrated as compared to earlier efforts, the inclusion of bacteria-sediment interactions did not improve performance. Large wet-weather microbial loading appears to have dwarfed the effects of FIB release and resuspension from sediment. Although wet-weather loading is generally considered as a primary source of waterbody microbial loads, dry-weather periods are more directly associated with public health concern, which may be a more suitable area for future model-refinement efforts. Site evaluation is critical to determine whether the added model complexity and effort associated with partitioning phases of FIB can be sufficiently offset by gains in predictive capacity. Finally, a stochastic framework to translate simulated daily FIB concentrations into estimates of human illness risks is presented that can be can be readily integrated into existing TMDLs. As even small concentrations of FIB from human sources are associated with great risk, and monitoring efforts indicated moderate/high levels of human-associated MST marker in this watershed, remediation efforts to protect public health would be best directed toward infrastructure improvements. Uncertainty analysis indicates more site-specific knowledge of pathogen presence and densities would best improve the estimation of illness risks. / Ph. D.

Fecal indicator bacteria

fate and transport

quantitative microbial risk analysis

source tracking

urban watershed

waterborne disease

Risk Analysis Based on Performance Criteria: A  Food Safety Control System and Decision-making Tool to Control Salmonella from Whole Broilers

Alshuniaber, Mohammad A.f.

21 August 2014

Risk analysis is a powerful science-based tool that can be used to control and mitigate microbial food safety hazards. Codex recommends conducting preliminary risk management activities (PRMAs) to initiate risk analysis and to plan the risk assessment process. The information learned from these PRMAs should be utilized to construct a quantitative microbial risk assessment (QMRA) model. Then, risk management activities can utilize the QMRA model to identify and select microbial risk management (MRM) options. In this project, Codex recommendations for conducting risk analysis were followed to analyze the risk of acquiring salmonellosis from whole broiler (meat chickens) consumption within the United States. At the first stage, the risk of Salmonella on whole broilers was quantitatively estimated by attributing reported annual salmonellosis to whole broilers. A quantitative microbial risk assessment (QMRA) model was constructed to build an informative risk analysis model based on performance criteria, while minimizing associated modeling complications. The QMRA model was constructed in Excel® (Microsoft Corporation, Redmond, WA, USA) with the @RISK® Add-ins software (Palisade Corp., Ithaca, NY, USA). @RISK® software was used to perform Monte Carlo simulations that account for attendant uncertainties. After the model was tested and calibrated, it estimated the annual salmonellosis cases from whole broilers as 216,408 case/year that corresponds to the number of salmonellosis reported by Center for Disease and Control Prevention (CDC). Furthermore, sensitivity analysis was performed where 16 sensitive inputs (potential places for food safety interventions) and 10 data gaps (inputs that significantly affect the overall uncertainty) were reported. Some QMRA model results were transformed to MRM metrics. These MRM metrics, including ALOPs (Appropriate Level of Protection), FSOs (Food Safety Objectives), POs (Performance Objectives), and PC (Performance Criteria), were calculated along with a sampling plan for a food safety control system. The MRM metrics were utilized to identify and plan food control interventions such as risk communication, auditing, inspection, and monitoring. Furthermore, the QMRA model was utilized to identify and to quantitatively evaluate food safety interventions that affect Salmonella prevalence and/or concentration. / Ph. D.

Risk analysis

decision-making

food safety control system

performance criteria

whole broilers

Salmonella

<b>ANALYZING RISK THROUGH THE INTEGRATION OF NUCLEAR SAFETY AND SECURITY IN A RESEARCH REACTOR</b>

Theodore Thomas (18360159)

15 April 2024

<p dir="ltr">Protecting workers, the public, and the environment from the potential hazards associated with radiation exposure relies on two disciplines: safety and security. Historically, these two disciplines operate in isolation, but new emerging threats have exploited weaknesses in the disciplines’ isolated practices. A method for overcoming weakness in isolation and strengthening protection is the integration of nuclear safety and security. Integration can provide increased protection for nuclear facilities and operations. This research identifies and fills gaps within integration research that promotes the active practice of integration. </p><p dir="ltr">Eight integration points were identified across the overlap of nuclear safety and security. Definitions for the points of overlap were determined using qualitative research methodologies. These definitions provided measurable aspects of practiced integration among the eight points. The eight integration points were also analyzed for importance using a quantitative methodology known as an analytical hierarchy process with an assisted Monte Carlo simulation. This study found that reactor staff placed access control and transportation of materials as the highest points of importance. However, a 10-year review of United States Nuclear Regulatory Commission violations and citations revealed culture as the most common issue for research reactors. This supports the need for a shift in perspective regarding nuclear safety and security practices.</p><p dir="ltr">An integration assessment tool was designed to measure the active practice of integrative techniques among research reactor staff. When applied to a research reactor, specific integration points were assessed, and an overall integration score for the facility was provided. The results of the integration assessment tool were applied to a newly developed integrated risk model that determined the facility’s vulnerability, consequences, and integrated risk score. </p><p dir="ltr">Through the efforts of this research, the eight points of integration have clearly and concisely identified how integration can be exercised at a facility level—this is something that has not yet been done. This research identified trends in safety and security practices that indicated strengths and weaknesses and how integration can improve those strengths and address the weaknesses. This research also provided a novel risk analysis model focused on actively applied integrative techniques instead of simulated hypothetical probabilities. Through this adjusted focus on integration, this research has found a new method for increasing the safety and security of nuclear operations.</p><p><br></p>

risk analysis (assessment)

Nuclear Safety

Nuclear Security

Research reactors

Analýza rizik vybraných nebezpečných chemických látek / Risk Analysis of Selected Hazardous Chemical Substances

Obadalová, Kristýna

January 2011

An extensive bibliographic search of domestic and foreign resources was elaborated within the diploma thesis. In the sphere of major accident prevention, risk analysis and assessment are necessary to fulfill the aims. The development of this sphere is mentioned in the thesis. It also discusses reasons why the exact and detailed instruction for those analyses cannot be provided and why the standard methods of risk analysis cannot be introduced (as well as the methods for particular risk recipients). The thesis also discusses available software tools for evaluating the emergency impacts. The study suggests the optimal software tool for simulation of emergency impacts in the conditions of the Czech Republic and also recommends the possible technical precautions for increasing safety of dangerous chemical substances. The conclusion contains discussion on the finding the author revealed and their relation to the information found in the literature and it also summarizes author’s opinion.