Pawel Skrzynski

A new lightweight method for security risk assessment based on fuzzy cognitive maps

Abstract For contemporary software systems, security is considered to be a key quality factor and the analysis of IT security risk becomes an indispensable stage during software deployment. However, performing risk assessment according to methodologies and standards issued for the public sector or large institutions can be too costly and time consuming. Current business practice tends to circumvent risk assessment by defining sets of standard safeguards and applying them to all developed systems. This leads to a substantial gap: threats are not re-evaluated for particular systems and the selection of security functions is not based on risk models. This paper discusses a new lightweight risk assessment method aimed at filling this gap. In this proposal, Fuzzy Cognitive Maps (FCMs) are used to capture dependencies between assets, and FCM-based reasoning is performed to calculate risks. An application of the method is studied using an example of an e-health system providing remote telemonitoring, data storage and teleconsultation services. Lessons learned indicate that the proposed method is an efficient and low-cost approach, giving instantaneous feedback and enabling reasoning on the effectiveness of the security system.

Risk assessment for a video surveillance system based on Fuzzy Cognitive Maps

For various IT systems security is considered a key quality factor. In particular, it might be crucial for video surveillance systems, as their goal is to provide continuous protection of critical infrastructure and other facilities. Risk assessment is an important activity in security management; it aims at identifying assets, threats and vulnerabilities, analysis of implemented countermeasures and their effectiveness in mitigating risks. This paper discusses an application of a new risk assessment method, in which risk calculation is based on Fuzzy Cognitive Maps (FCMs) to a complex automated video surveillance system. FCMs are used to capture dependencies between assets and FCM based reasoning is applied to aggregate risks assigned to lower-level assets (e.g. cameras, hardware, software modules, communications, people) to such high level assets as services, maintained data and processes. Lessons learned indicate, that the proposed method is an efficient and low-cost approach, giving instantaneous feedback and enabling reasoning on effectiveness of security system.

Risk Assessment for SWOP Telemonitoring System Based on Fuzzy Cognitive Maps

For various IT systems security is considered to be a key quality factor. In particular, for health care systems security is of uttermost importance, as it is related to patients’ health and safety. Risk assessment is an important activity in security management; it aims at identifying assets, threats and vulnerabilities, analysis of implemented countermeasures and their effectiveness in mitigating risks. This paper discusses a new risk assessment method, in which risk calculation is based on Fuzzy Cognitive Maps (FCMs) approach. FCMs are used to capture dependencies between assets and FCM based reasoning is applied to aggregate risks assigned to lower-level assets (e.g. hardware, software modules, communications, people) to such high level assets as services, maintained data and processes. An application of the method is studied on an example of e-health system providing remote telemonitoring, data storage and teleconsultation services. Lessons learned indicate, that the proposed method is an efficient and low-cost approach, giving instantaneous feedback and enabling reasoning on effectiveness of security system.

Collective intelligence approach to measuring invisible hand of the market

The paper presents an invisible hand process simulation using a multi agent approach and its measure with a IQS - collective intelligence factor used to calculate the intelligence of a given social structure. Since it is widely assumed that in a free market, market participants create such a structure the authors claim that it is possible to calculate the effect of the invisible hand process by defining the IQS of the market. The agents behavior and interaction is modeled by adapting classical models from a theory of microeconomics which describes the ways goods are exchanged among agents. The paper also introduces in details the concept of a multi-agent market simulator which was used in experiments.

FIPA Compliant Agent-based Decentralized Expert System

The paper presents the agent-oriented architecture of a decentralised expert system based on FIPA standard. Each agent in the framework can use its own knowledge representation and reasoning strategy, which makes the system flexible and extensible. Interoperability of heterogeneous agents is ensured via common communication protocols, as well as identification and location facilities provided by an agent platform. Realisation of the proposed architecture is based on JADE platform and its description concludes the work.

Formal and Computational Model for A. Smith’s Invisible Hand Paradigm

We present probably the first formal theory of A. Smith’s Invisible Hand paradigm (ASIH). It proves that it is not only an idea, that is often conflicting with established governing methods, but something real, for which a formal theory can be built. This should allow for the creation of new tools for market analysis and prediction. It claims, that a market has another dimension of computational nature, which itself is a complete programmable computer; however quite different from a digital computer. There, unconscious meta-inference process of ASIH is spread on the platform of brains of agents and the structure of a market. This process is: unconscious, distributed, parallel, non-deterministic with properties of chaotic systems. A given thread of ASIH emerges spontaneously in certain market circumstances and can vanish when the market situation changes. Since this computer is made up of brains of agents, conclusions of this inference process affect the behavior of agents and therefore the behavior of the entire market. For a description of ASIH, a molecular model of computations must be used. Our theory shows that ASIH is much more “universal” than expected, and is not only restricted to market optimization and stabilization, but can also act as a “discoverer” of new technologies, (technical market optimization). Also rules of social behavior can be discovered (social market optimization). ASIH can be considered as Collective Intelligence (CI) of a market, similarly to Collective Intelligence of an ant hill.