Treceți la conținutul principal

DEVELOPMENT OF A KNOWLEDGE BASED SYSTEM FOR VULNERABILITY ANALYSIS AND MITIGATION- Research proposal



1.Objective of the proposal
The main objective of the proposal is to perform and refine the study of vulnerability- as a dangerous phenomena for all  industrial enterprises and not only. Every economic entity (enterprise) is exposed to vulnerability. An enterprise could be vulnerable to internal or external factors, to unintended mistakes or to malevolence. The common direct effects or vulnerability are loss, incidents or accidents. Indirect effects of vulnerability are manifested on the position of the enterprise in the market, on its brand or on the relationships with suppliers, clients, local community or society as a whole.
Based on previous research developed inside iNTeG-Risk project, this study would end with operational instruments for assessing vulnerability, training people how to mitigate it and developing also other mitigation measures. . A prototype of the developed tools will be implemented and tested in at least 3 pilot enterprises.
The obtained results could be used by any enterprise- with a special focus on SME (Small and medium Enterprises) that are more affected  by the vulnerabilities.
The research proposed here covers a complex, multidisciplinary field including development and asset studies, public health, security studies, engineering, and disaster and risk management.

2. Activities to be performed
-a. vulnerability cross study- vulnerability would be looked upon as a phenomena that afects economic unitsThe study would include the main actors of vulnerability, the vulnerability cycle, the relationship between vulnerability and critical assets of the enterprise and more .
-vulnerability assessment method development; we know at this point that the enterprise could be affected by some identified vulnerabilities; we also know that these are interacting with certain assets that could affect or could be affected by vulnerabilities. We need to be able to assess the vulnerabilities taking into account all these considerations, in order to prioritize the mitigation plans.
c.research on a vulnerability mitigation tool through training and managerial best practices: this activity should be based on points a and b and should  research the development of the best vulnerability mitigation tools; as one of the main actors is the human operator- specific training, focused on knowledge islands should be one of the tools, together with a way to quickly and efficiently develop and implement best practices for specific vulnerabilities (like a sudden spill);
d.Development of an integrated package to deal with vulnerability in connexion with quality, health and safety and environment management. Vulnerability has specific common parts with these three types of management.
e.Piloting the implementation of the developed tools and methods in at least three specific pilots from construction industry, mechanical maintenance services and process industry.
The main activities that would be performed would give their global content to specific workpackages.

3. Methodologies used
The methodologies to be used are mixed, providing examples of best practice in data generation and analysis. The wealth of experiences with existing methods have also laid the foundation for more innovative approaches in integrating quantitative and qualitative research , implemented in this research. Mainly the methods would be cantered around a qualitative approach- as needed for such a research.
4.Expected results
As the main expected results were ennounced with the activities that would  produce them- we could recapitulate:
-R1.a risk-vulnerability ontology;
-R2.an intelligent vulnerability identification checklist including a BEEVA tool (mainly a  specialized cost- benefit tool);
-R3.an operative semi-qualitative method to assess vulnerabilities ;
-R4.a framework that would integrate the identification and the assessment of vulnerabilities for further efficient management;
-R5.an individual quick adaptive training tool based on knowledge islands;

-R6.a tool for vulnerability mitigation  based upon best practice procedures;

Comentarii

Postări populare de pe acest blog

IDENTIFICAREA ȘI ANALIZA CAUZELOR RĂDĂCINĂ -1

Analiza cauzelor rădăcină este o metodă extrem de folosită de către managementul de performanță  din firmele dezvoltate. Metoda este considerată ca o metodă primară- care trebuie utilizată în primele faze ale analizei specifice procesului managerial. Ne propunem să prezentăm o metodă de analiză a cauzelor rădăcină care să poată fi aplicată atât pentru managementul calității cât și pentru managementul securității – ținând seama de faptul că în cea mai mare parte, cauzele rădăcină ale problemelor de calitate și problemelor de securitate și sănătate sunt comune. Figura 1 prezintă modul  global de analiză pentru cauzele rădăcină Din figură se poate observa că avem 2 procese distincte: ·         -un proces de identificare- care va fi realizat pe baza metodei cunoscute și ca 5 W ( 5 Why); ·         -un proces de analiză; procesul de analiză urmărește: o   stabilirea cauzelor specifice managementului calității și managementului de SSM; o   ierarhizarea cauzelor identificate;

Figura 1  Structurare…

VULNERABILITY METRICS AND KPI

KPI definitionA key performance indicator(KPI) is a measure of performance, commonly used to help an organization defineand evaluate how successful it is, typically in terms of making progress towards its long-term organizational goals.
–KPIs provide business-level context to security-generated data –KPIs answer the “so what?” question –Each additional KPI indicates a step forward in program maturity –None of these KPIs draw strictly from security data
COBITControl Objectives for Information and Related Technology (COBIT) is a framework created by ISACA for information technology (IT) management and IT governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT was first released in 1996; the current version, COBIT 5, was published in 2012. Its mission is “to research, develop, publish and promote an authoritative, up-to-date, international set of generally accepted information technology control obj…

APLICAȚII ALE GRAFULUI DE RISC-1

Așa după cum s-a văzut dintr-o postare trecută, graful de risc poate fi un instrument util- și nu numai în cazul bolilor profesionale. Vom adapta în continuare  teoria existentă la teoria și practica din România și vom detalia câteva aspecte considerate de interes.
Este interesant de adaptat  graful de risc pornind de la clasicul sistem Om-Mașină folosit în practica de specialitate din domeniul SSM din România. În acest sens, folosind experiența existentă și datele statistice putem dezvolta în mod corespunzător- așa cum se prezintă în continuare în acest material.
Tabelul 1- Atribute folosite în graf Atribut Descriere I (Inițiatori) Operator(O): a. operator pregătit necorespunzător[1] b.operator malevolent [2] c.operator surprins de un eveniment neprevăzut datorat sarcinii[3] d. operator surprins de un eveniment neprevăzut datorat mașinii;[4] e. operator surprins de un eveniment neprevăzut datorat mediului/factorilor naturali. [5] Sarcină(S): a. sarcină incorect formulată- care dete…