Modeling of Risk Treatment Measurement Model under Four Clusters Standards (ISO 9001, 14001, 27001, OHSAS 18001)

Similar documents
A Network Intrusion Detection Method Based on Improved K-means Algorithm

COMPARISON OF SOME RELIABILITY CHARACTERISTICS BETWEEN REDUNDANT SYSTEMS REQUIRING SUPPORTING UNITS FOR THEIR OPERATIONS

The lower and upper bounds on Perron root of nonnegative irreducible matrices

A Novel Feistel Cipher Involving a Bunch of Keys supplemented with Modular Arithmetic Addition

A New Evolutionary Computation Based Approach for Learning Bayesian Network

The Order Relation and Trace Inequalities for. Hermitian Operators

Orientation Model of Elite Education and Mass Education

Air Age Equation Parameterized by Ventilation Grouped Time WU Wen-zhong

The Two-scale Finite Element Errors Analysis for One Class of Thermoelastic Problem in Periodic Composites

The Quadratic Trigonometric Bézier Curve with Single Shape Parameter

The binomial transforms of the generalized (s, t )-Jacobsthal matrix sequence

Modal Strain Energy Decomposition Method for Damage Detection of an Offshore Structure Using Modal Testing Information

Power law and dimension of the maximum value for belief distribution with the max Deng entropy

Comparative Studies of Law of Conservation of Energy. and Law Clusters of Conservation of Generalized Energy

Chapter 2 A Class of Robust Solution for Linear Bilevel Programming

A Hybrid Variational Iteration Method for Blasius Equation

The Synchronous 8th-Order Differential Attack on 12 Rounds of the Block Cipher HyRAL

Projective change between two Special (α, β)- Finsler Metrics

Three-Phase Distillation in Packed Towers: Short-Cut Modelling and Parameter Tuning

Appendix B: Resampling Algorithms

A New Scrambling Evaluation Scheme based on Spatial Distribution Entropy and Centroid Difference of Bit-plane

A new Approach for Solving Linear Ordinary Differential Equations

Suppose that there s a measured wndow of data fff k () ; :::; ff k g of a sze w, measured dscretely wth varable dscretzaton step. It s convenent to pl

Uncertainty in measurements of power and energy on power networks

risk and uncertainty assessment

Comparison of the Population Variance Estimators. of 2-Parameter Exponential Distribution Based on. Multiple Criteria Decision Making Method

Adaptive sliding mode reliable excitation control design for power systems

International Journal of Mathematical Archive-3(3), 2012, Page: Available online through ISSN

Cryptanalysis of pairing-free certificateless authenticated key agreement protocol

Speeding up Computation of Scalar Multiplication in Elliptic Curve Cryptosystem

A LINEAR PROGRAM TO COMPARE MULTIPLE GROSS CREDIT LOSS FORECASTS. Dr. Derald E. Wentzien, Wesley College, (302) ,

Parameter Estimation for Dynamic System using Unscented Kalman filter

Short Term Load Forecasting using an Artificial Neural Network

FUZZY GOAL PROGRAMMING VS ORDINARY FUZZY PROGRAMMING APPROACH FOR MULTI OBJECTIVE PROGRAMMING PROBLEM

Some Comments on Accelerating Convergence of Iterative Sequences Using Direct Inversion of the Iterative Subspace (DIIS)

A Fast Computer Aided Design Method for Filters

Color Rendering Uncertainty

Valuated Binary Tree: A New Approach in Study of Integers

International Journal of Engineering Research and Modern Education (IJERME) Impact Factor: 7.018, ISSN (Online): (

Multi-Robot Formation Control Based on Leader-Follower Optimized by the IGA

Improved delay-dependent stability criteria for discrete-time stochastic neural networks with time-varying delays

Convexity preserving interpolation by splines of arbitrary degree

Operating conditions of a mine fan under conditions of variable resistance

Study on Project Bidding Risk Evaluation Based on BP Neural Network Theory

Hiding data in images by simple LSB substitution

An efficient algorithm for multivariate Maclaurin Newton transformation

Wavelet chaotic neural networks and their application to continuous function optimization

A Multi-Axis Force Measurement System for a Space Docking Mechanism

Dr. Shalabh Department of Mathematics and Statistics Indian Institute of Technology Kanpur

Chapter 5. Solution of System of Linear Equations. Module No. 6. Solution of Inconsistent and Ill Conditioned Systems

The Study of Teaching-learning-based Optimization Algorithm

Adaptive Consensus Control of Multi-Agent Systems with Large Uncertainty and Time Delays *

Neuro-Adaptive Design - I:

Nodal analysis of finite square resistive grids and the teaching effectiveness of students projects

The Tangential Force Distribution on Inner Cylinder of Power Law Fluid Flowing in Eccentric Annuli with the Inner Cylinder Reciprocating Axially

DETERMINATION OF TEMPERATURE DISTRIBUTION FOR ANNULAR FINS WITH TEMPERATURE DEPENDENT THERMAL CONDUCTIVITY BY HPM

on the improved Partial Least Squares regression

Existence results for a fourth order multipoint boundary value problem at resonance

Atmospheric Environmental Quality Assessment RBF Model Based on the MATLAB

Parametric fractional imputation for missing data analysis. Jae Kwang Kim Survey Working Group Seminar March 29, 2010

B and H sensors for 3-D magnetic property testing

A Hybrid Evaluation model for Distribution Network Reliability Based on Matter-element Extension Method

On the correction of the h-index for career length

Aluminum Electrolysis 1

A PROBABILITY-DRIVEN SEARCH ALGORITHM FOR SOLVING MULTI-OBJECTIVE OPTIMIZATION PROBLEMS

International Power, Electronics and Materials Engineering Conference (IPEMEC 2015)

An Admission Control Algorithm in Cloud Computing Systems

PERFORMANCE OF HEAVY-DUTY PLANETARY GEARS

A Trust Model Based on Cloud Model and Bayesian Networks

Comments on a secure dynamic ID-based remote user authentication scheme for multiserver environment using smart cards

Deposit Insurance and Financial Development. Robert Cull (World Bank) Lemma W. Senbet (U. of Maryland) Marco Sorge (Stanford U.)

COMPOSITE BEAM WITH WEAK SHEAR CONNECTION SUBJECTED TO THERMAL LOAD

COEFFICIENT DIAGRAM: A NOVEL TOOL IN POLYNOMIAL CONTROLLER DESIGN

Stanford University CS359G: Graph Partitioning and Expanders Handout 4 Luca Trevisan January 13, 2011

Simulated Power of the Discrete Cramér-von Mises Goodness-of-Fit Tests

CSci 6974 and ECSE 6966 Math. Tech. for Vision, Graphics and Robotics Lecture 21, April 17, 2006 Estimating A Plane Homography

Design and Optimization of Fuzzy Controller for Inverse Pendulum System Using Genetic Algorithm

Grey prediction model in world women s pentathlon performance prediction applied research

829. An adaptive method for inertia force identification in cantilever under moving mass

Week 5: Neural Networks

Credit Card Pricing and Impact of Adverse Selection

A Two-Level Detection Algorithm for Optical Fiber Vibration

HEAT TRANSFER THROUGH ANNULAR COMPOSITE FINS

DESIGN AND ANALYSIS OF NEGATIVE VALUE CIRCUIT COMPONENTS IN PSPICE SIMULATION SOFTWARE

On the Multicriteria Integer Network Flow Problem

Sharp integral inequalities involving high-order partial derivatives. Journal Of Inequalities And Applications, 2008, v. 2008, article no.

Application research on rough set -neural network in the fault diagnosis system of ball mill

Solving Fractional Nonlinear Fredholm Integro-differential Equations via Hybrid of Rationalized Haar Functions

Statistical Evaluation of WATFLOOD

Entanglement vs Discord: Who Wins?

On Graphs with Same Distance Distribution

Lab 2e Thermal System Response and Effective Heat Transfer Coefficient

The Second Anti-Mathima on Game Theory

Available online at ScienceDirect. Procedia CIRP 43 (2016 ) th CIRP Conference on Computer Aided Tolerancing (CAT)

Clock-Gating and Its Application to Low Power Design of Sequential Circuits

Chapter - 2. Distribution System Power Flow Analysis

Final report. Absolute gravimeter Intercomparison

Microwave Diversity Imaging Compression Using Bioinspired

Errors in Nobel Prize for Physics (7) Improper Schrodinger Equation and Dirac Equation

Case Study of Cascade Reliability with weibull Distribution

Transcription:

Avalable onlne at www.scencedrect.com Proceda Engneerng 37 (202 ) 354 358 The Second SREE Conference on Engneerng Modelng and Smulaton Modelng of Rsk Treatment Measurement Model under Four Clusters Standards (ISO 900, 400, 2700, OHSAS 800) Lu Q, Du Qnglng, Sh We, Zhu Jne 2 Informaton Securty Department, Henan Polce College, Zhengzhou Henan 450002, Chna 2 FuElectrc(Hangzhou) Software Co., Ltd., Hangzhou 3002, Chna Abstract A novel model to measure Rsk Treatment ARME (Assets Rsk Value & Control Measures Effectveness) under four clusters standards (ISO 900, 400, 2700, OHSAS 800) was frstly proposed n ths paper. Establshment, computaton, realzaton flow and applcatons were dscussed n ths paper. Correctness of the model was proved; the correspondng ndcator system was gven. The computaton and mplementaton flow were developed. It was proposed the superortes of some organzaton undertook ths model. Accordng to the theory study and the practcal mplementaton, the model proposed n ths paper was effectve for measurng rsk treatment plan. 200 Publshed by Elsever Ltd. Selecton and/or peer-revew under responsblty of Socety for Resources, Envronment and Engneerng Open access under CC BY-NC-ND lcense. Keywords: rsk treatment measurement; ARME; ndcator system; rsk treatment effectveness. Introducton Nomenclature A Assets Su Suffcency R rsk value U Usablty S securty coeffcent La Laxty C Control Measures Sb Sutablty T Tmelness E Effcency Supported By Henan Educaton Commttee Proect (2B620002); Correspondng author. Lu Q (978-), assocate professor, Ph.D. Research Specalty. Rsk Assessment. Moble.5903667760. E-mal address: mchellemn@yahoo.cn. 877-7058 202 Publshed by Elsever Ltd. do:0.06/.proeng.202.04.252 Open access under CC BY-NC-ND lcense.

Lu Q et al. / Proceda Engneerng 37 ( 202 ) 354 358 355 There exsts dfferent knd of rsks n the process of organzaton operaton, for example, qualty rsks, envronmental rsks, operatonal health and safety rsks, nformaton securty rsks, and etc. These rsks present on dfferent knds of manfestaton, and correlate wth each other n organzatons strategc plannng, organzatonal management, producton operaton and servce actvty[]. These may cause socal responsblty rsks and law rsks eventually. Numerous organzatons mplement management system ntegrated qualty, envronmental, occupatonal health and safety, nformaton securty based on nternatonal standard Clusters ISO 900[2], ISO 400[3], OHSAS 800[4], and ISO/IEC 2700[5] to manage rsks[6-0], mprove ther general vabltes. However, there faces several problems n practcal work when applyng these four clusters of standards. One of the knotty problems s that t s dffcult to measure the effectveness after mplement rsk treatment plan. Seldom materals, standards could be found n publshed lteratures at present. A novel rsk treatment plan measurement model (ARME) was proposed n ths paper, based on the establshment of nformaton securty system n many organzatons. The effectveness of the model was proved n ths paper, and t was appled n several organzatons. Theory study and the practcal mplementaton proved the effectveness of ARME. 2. Modelng of ARME 2.. Establshment of ARME Accordng to OHSAS 800[4], rsk means, combnaton of lkelhood of an occurrence of a hazardous event or exposure(s) and the severty of nury or ll health that can be caused by the event or exposure(s) ; rsk assessment means, process of evaluatng the rsk(s) arsng from a hazard(s), takng nto account the adequacy of any exstng controls, and decdng whether or not he rsk(s) s acceptable. After assess rsks, proper treatments should be mplemented to guarantee organzaton s securty. These treatments are called rsk treatments[]. The purpose of establshng rsk treatment measurement model s to measure the effectveness of rsk treatments. The evaluatons are based on several correspondng parts: the suffcency of rsk treatment, f the executon could be undertake accordng to the plan, f the desred effect could be catered for, and etc. Through the nvestgaton, we thnk the followng factors should be consdered to measure rsk treatment effectveness: securty coeffcent; Tmelness (control measure effects could react organzatons n tme lmtaton); Suffcency (control measures could be fully mplemented); Usablty (f control measures could be easly mplemented); and etc. Based on the above, the effectveness measurement model (ARME) and ndcator system were frstly proposed n fg.. Fg. ARME Model

356 Lu Q et al. / Proceda Engneerng 37 ( 202 ) 354 358 2.2. Computaton of ARME The computaton of ARME model was frstly proposed n ths paper wth defnton, theorem, and corollary as follows. Defnton: Defne ten tuples = A, RCST,,,, SuU,, LaSbE,,. R S satsfes S = ( R + ) R, ST, La satsfes La = co S + co T. Su, U Sb satsfes 2 Sb = co3 Su + co4 U ( co, co2, co3, co4 represent normalzaton coeffcents). Then Rl, Sb Ef satsfes E = La wla + Sb wsb ( wrl, wsb represent weghts of La and Sb ). Theorem: For ten tuples = A, RCSTSuULaSbE,,,,,,,,, always holds equaton. ( ) [ ] E = wrl co R R+ + co2 T+ wsb co3 Su+ co4 U proof : E = La wla + Sb wsb = co S + co T w + co Su + co U w [ 2 ] Rl [ 3 4 ] Sb w co ( R R ) co T w [ co Su co U] = Rl + + 2 + Sb 3 + 4 Corollary: For arbtrary a A e E r R s S c C t T la La su Su u U sb Sb always holds equaton 2. ( ( ) ) e = w Rl co R r co2 t w Sb co3 su co4 u + + + + (2) Proof: By the above defnton, each set n ten tuples = A, RCST,,,, SuU,, LaSbE,, could be represented by matrx as follows. Input set Assets, output set Effectveness could be represented by e... e m... n E = ; others could be represented as: en... en m r... r m s... s m c... c m t... t m R = S = C = T = r r n... nm sn... s nm cn... c nm tn... t nm r... r m su... su m u... u m sb... sb m R = Su = U = Sb = rn... r nm sun... sun m un... u nm sbn... sbn m matrx as: A = [ a a ] a Use, ;, e E ;, r R ;, s S ;, c C ;, t T ; a A e r s c t la, la La ; su, su Su ; u, u U ; sb, sb Sb to represent arbtrary elements ()

Lu Q et al. / Proceda Engneerng 37 ( 202 ) 354 358 357 belongs to the set. ( =, 2,..., n,, 2,..., m ). Based on Defnton, S = R + R, La co S co T = + 2 3 4 equatons could be obtaned. ( ) s = ( R) + r, (3) la = co s + co t (4) 2 3 4 = ( ) Sb = co Su + co U E = La wla + Sb wsb,,, the correspondng ) sb = co su + co u (5) e = la w + sb w (6) La Sb Put equatons (3) (5) nto equaton (6), then e = la w + sb w = co s + co t w + co su + co u w ( ) ( (( ( ) ) ) La Sb 2 La 3 4 Sb = w R r co co su co u + + + w Equaton (2) could be obtaned: La 3 4 Sb ( ( ) ) e = cw Rl RV rv t c2 w Sb aq cv + + 2.3. Realzaton Flow of ARME Effectveness of model (ARME) could be computed by extractng parameters from rsk treatment tables, control measurement mplementaton tables, then bndng ntal values nput subectvely, as showed n fgure 2. 3. Applcatons of ARME Fg.2 Realzaton Flow We appled ARME n several organzatons, to guarantee the effectveness of rsk treatment plan n the prevous work. Take H organzaton for example, model ARME was used to measure ts effectveness of rsk treatment. Every threat, vulnerablty n all 59 rsk treatment tables was evaluated as follows. Measure all rsk treatment plans by ARME Compute the scores of each rsk treatment plans Classfy all the results nto three levels Analyze the results and obtaned the effcency of ARME A sample of ARME applcaton s showed n table. From table, Treatment results of 00 classes rsk treatment plans were 37% wth excellent effect, 33% wth good effect, 30% wth average effect.

358 Lu Q et al. / Proceda Engneerng 37 ( 202 ) 354 358 Table. Rsk Treatment Plan Measurement by ARME (Incomplete) Assets Seral Numbers Rsk Value (normalzed) S C T Su U La Sb E PD-MD-AD-BC xxx 20 85% 2 2 7 2 5 PD-MD-AD-TC xxx 20 80% 2 2 2 2 2 PD-MD-AD-EC xxx 2 00% 3 5 8 6 7 PD-MD-AD-EC xxx 5 80% 2 2 7 2 5 PD-DD-SD xxx 20 00% 5 4 0 8 9 The analyss s as follows. Measurements wth excellent effects focus on establshng correspondng management regulatons, procurng necessary equpments, and etc. Ths result catered for actvely workng atttudes of top leaders and coordnate department. Measurements wth good effects concentrate on staff mplementng correspondng control measurements. Ths result catered for ther busy workng fuzzy regulatons of reward and punshment. Measurements wth average effects focus on IT department. Ths s accorded that there s no full-tme staff n the department. All the results above catered for H organzaton s actual stuaton, whch shows the effectveness of model ARME proposed n ths paper. 4. Concluson A novel rsk treatment measurement model ARME for organzatons establshed ISO 900, ISO 400, OHSAS 800, and ISO/IEC 2700 four clusters standards management systems was frstly proposed n ths paper. Besdes, the correspondng ndcator system was proposed. The computaton equatons was desgned and proved theoretcally. The realzaton flow was showed and one of the applcaton cases of H organzaton was gven. Accordng to theoretcally study and practcal applcatons, the model ARME proposed n ths paper s effectveness for measurng rsk treatments. Next research wll focus on ndcator system coeffcents adustment, organzatons feed back about the model, and etc. References [] Guang Yaohua, Xe Zongxao, Cheng Yuq. Qualty/ Envronmental/ Operaton and Health/ Informaton Securty Four Clusters Standards Integratng Management System Course. Chna Standards Publshng House. 2009.9. [2] ISO 900, Qualty management systems Requrements. [3] ISO 400, Envronmental management systems Requrements wth gudance for use. [4] OHSAS 800, Occupatonal health and safety management systems Requrements. [5] ISO/IEC 2700, Informaton technology-securty technques-informaton securty management systems-requrements. [6] NIST Specal Publcaton 800-30: Rsk Management Gude for Informaton Technology Systems. [7] Z. Predrag. Informaton rsk and securty modelng. Proceedngs of SPIE The Internatonal Socety for Optcal Engneerng, Vol. 582, Data Mnng, Intruson Detecton, Informaton Assurance, and Data Networks Securty 2005, 42-50. [8] H. Olvers, Informaton modelng for automated rsk analyss. Communcatons and Multmeda Securty: CMS 2006, LNCS 4237, 2006, 228-239. [9] V. Page, M. Dxon, Choudhury. Securty rsk mtgaton for nformaton systems. BT TECHNOLOGY JOURNAL, 2007, 25(), 8-27. [0] Kevn J. Soo Hoo. How much s enough? [D] A Rsk-Management Approach to Informaton Securty, Doctoral dssertaton, Stanford Unversty, (20):69-78, 2000. [] NIST, ISO/IEC 27002, Informaton technology-securty technques - Code of practce for nformaton securty management

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback