G-RAM framework for software risk assessment and mitigation strategies in organisations

GA-BP neural network modeling for project portfolio risk prediction

Purpose

Project portfolio risk (PPR) management plays an important role in promoting the smooth implementation of a project portfolio (PP). Accurate PPR prediction helps managers cope with risks timely in complicated PP environments. However, studies on accurate PPR impact degree prediction, which consists of both risk occurrence probabilities and risk impact consequences considering project interactions, are limited. This study aims to model PPR prediction and expand PPR prediction tools.

Design/methodology/approach

In this study, the authors build a PPR prediction model based on a genetic algorithm and back-propagation neural network (GA-BPNN) integrated with entropy-trapezoidal fuzzy numbers. Then, the authors verify the proposed model with real data and obtain PPR impact degrees.

Findings

The test results indicate that the proposed method achieves an average absolute error of 0.002 and an average prediction accuracy rate of 97.8%. The former is reduced by 0.038, while the latter is improved by 32.1% when compared with the results of the original BPNN model. Finally, the authors conduct an index sensitivity analysis for identifying critical risks to effectively control them.

Originality/value

This study develops a hybrid PPR prediction model that integrates a GA-BPNN with entropy-trapezoidal fuzzy numbers. The authors use this model to predict PPR impact degrees, which consist of both risk occurrence probabilities and risk impact consequences considering project interactions. The results provide insights into PPR management.

Searching Deterministic Chaotic Properties in System-Wide Vulnerability Datasets

Cybersecurity is a never-ending battle against attackers, who try to identify and exploit misconfigurations and software vulnerabilities before being patched. In this ongoing conflict, it is important to analyse the properties of the vulnerability time series to understand when information systems are more vulnerable. We study computer systems’ software vulnerabilities and probe the relevant National Vulnerability Database (NVD) time-series properties. More specifically, we show through an extensive experimental study based on the National Institute of Standards and Technology (NIST) database that the relevant systems software time series present significant chaotic properties. Moreover, by defining some systems based on open and closed source software, we compare their chaotic properties resulting in statistical conclusions. The contribution of this novel study is focused on the prepossessing stage of vulnerabilities time series forecasting. The strong evidence of their chaotic properties as derived by this research effort could lead to a deeper analysis to provide additional tools to their forecasting process.

Firm investment decisions for information security under a fuzzy environment: a game-theoretic approach

Purpose

This paper aims to examine optimal decisions for information security investments for a firm in a fuzzy environment. Under both sequential and simultaneous attack scenarios, optimal investment of firm, optimal efforts of attackers and their economic utilities are determined.

Design/methodology/approach

Throughout the analysis, a single firm and two attackers for a “firm as a leader” in a sequential game setting and “firm versus attackers” in a simultaneous game setting are considered. While the firm makes investments to secure its information assets, the attackers spend their efforts to launch breaches.

Findings

It is observed that the firm needs to invest more when it announces its security investment decisions ahead of attacks. In contrast, the firm can invest relatively less when all agents are unaware of each other’s choices in advance. Further, the study reveals that attackers need to exert higher effort when no agent enjoys the privilege of being a leader.

Research limitations/implications

In a novel approach, inherent system vulnerability of the firm, financial benefit of attackers from the breach and monetary loss suffered by the firm are considered, as fuzzy variables in the well-recognized Gordon – Loeb breach function, with the help of fuzzy expectation operator.

Practical implications

This study reports that the optimal breach effort exerted by each attacker is proportional to its obtained economic benefit for both sequential and simultaneous attack scenarios. A set of numerical experiments and sensitivity analyzes complement the analytical modeling.

Originality/value

In a novel approach, inherent system vulnerability of the firm, financial benefit of attackers from the breach and monetary loss suffered by the firm are considered, as fuzzy variables in the well-recognized Gordon – Loeb breach function, with the help of fuzzy expectation operator.

The Impact of Trust on the Willingness of Co-Tenancy Behavior: Evidence from China

Introduction

Nowadays, more and more people choose to rent houses in first-tier cities together with other people, which can alleviate certain economic pressure. Therefore co-tenancy has become an important field of academic research in recent years and a number of previous studies have discussed the phenomenon. However, fewer studies explore the influence of different variables on the willingness of co-tenancy behavior through quantitative methods.

Methods

This study conceptualizes and implements concepts such as trust, positive emotion, relationship strength, satisfaction, income, duration of co-tenancy required and the willingness of co-tenancy behavior(WOCB). We designed and collected a questionnaire and finally a questionnaire survey of users (n=525) was conducted, and a basic description and comparison of research objects’ willingness of co-tenancy behavior were made in terms of trust, and positive emotion, relationship strength and monthly income also affect the willingness of co-tenancy behavior.

Results

The trust effects have a positive impact on the WOCB, Trust effect will affect Relationship Strength and Positive Emotion, and will further affect the WOCB. However, this influence is negative when people are in high Monthly Income and negative when people are in low Monthly Income.

Discussion

Trust, relationship strength and positive emotion are key factors for people to rent houses with others. That is to say, the intensity of people’s willingness to rent houses with others depends on the degree of trust in others, the relationship strength and positive emotion. When the post-90s drifters in Shenzhen do not believe others, they will tend to live alone rather than the new model of co-tenancy. We also suspect that a person with negative emotion far greater than positive emotion prefers to live alone, rather than living in the same place with his roommates. It provided certain group implications for their willingness of co-tenancy behavior.

Antecedents for enhanced level of cyber-security in organisations

Purpose

The present study aims to identify and investigate the antecedents of enhanced level of cyber-security at the organisational level from both the technical and the human resource perspective using human–organisation–technology (HOT) theory.

Design/methodology/approach

The study has been conducted on 151 professionals who have expertise in dealing with cyber-security in organisations in sectors such as retail, education, healthcare, etc. in India. The analysis of the data is carried out using partial least squares based structural equation modelling technique (PLS-SEM).

Findings

The results from the study suggest that “legal consequences” and “technical measures” adopted for securing cyber-security in organisations are the most important antecedents for enhanced cyber-security levels in the organisations. The other significant antecedents for enhanced cyber-security in organisations include “role of senior management” and “proactive information security”.

Research limitations/implications

This empirical study has significant implications for organisations as they can take pre-emptive measures by focussing on important antecedents and work towards enhancing the level of cyber-security.

Originality/value

The originality of this research is combining both technical and human resource perspective in identifying the determinants of enhanced level of cyber-security in the organisations.

A novel FMEA model based on fuzzy multiple-criteria decision-making methods for risk assessment

Purpose

Risk assessment is a very important step toward managing risks in various organizations and industries. One of the most extensively applied risk assessment techniques is failure mode and effects analysis (FMEA). In this paper, a novel fuzzy multiple-criteria decision-making (MCDM)-based FMEA model is proposed for assessing the risks of different failure modes more accurately.

Design/methodology/approach

In this model, the weight of each failure mode is considered instead of risk priority number (RPN). Additionally, three criteria of time, cost and profit are added to the three previous risk factors of occurrence (O), severity (S) and detection (D). Furthermore, the weights of the mentioned criteria and the priority weights of the decision-makers calculated by modified fuzzy AHP and fuzzy weighted MULTIMOORA methods, respectively, are considered in the proposed model. A new ranking method of fuzzy numbers is also utilized in both proposed fuzzy MCDM methods.

Findings

To show the capability and usefulness of the suggested fuzzy MCDM-based FMEA model, Kerman Steel Industries Factory is considered as a case study. Moreover, a sensitivity analysis is conducted for validating the achieved results. Findings indicate that the proposed model is a beneficial and applicable tool for risk assessment.

Originality/value

To the best of authors’ knowledge, no research has considered the weights of failure modes, the weights of risk factors and the priority weights of decision-makers simultaneously in the FMEA method.