Rabiah Ahmad
Recent information technologies are able to facilitate the transformation of traditional administrative processes to services which can be performed online. The
rapid growth of ICT is proved to be aligned with its application for the 4th Industry Revolution. Today, information security has become a vital entity to most
organizations due to current trends in information transfer through a borderless and vulnerable world. The concern and interest in information security is mainly
due to the fact that information security risk analysis (ISRA) is seen as a focal method not only to identify and prioritize information assets but also to identify
and monitor the specific threats that an organization induces; especially the chances of these threats occurring and their impact on the respective businesses.
Thus, a total of 18 years research in Information Security were conducted, and their findings were gathered and analysed meticulously. Most of the research
were particularly focusing in exploring the various aspect of security threats and its countermeasure through empirical researches, tool development, systematic
literature review and dynamic analysis impacted from theoretical knowledge development to its implementation growth in Organization. Our reviews suggested
that risks analysis demand critical and deep research to make sure they are able to introduce effective security counter measure. Our research focused on
critical information infrastructure such as Healthcare, Power System and Manufacturing. One of the study, we applied empirical study to categorize threats
and calculate risks for Healthcare system. In addition to that we developed tool using Machine Learning to explore various type of risks categories using the
same dataset. In other cases our research explored information requirements needed for SME based company in implementing risk analysis and comply with
standard. With the same objectives i.e., to introduce effective security counter measure, we explored different methods for analyzing risks, vulnerabilities and
threats using survival analysis. We further explored those parameters at critical sectors such as Oil& GAS and Manufacturing. For this, terms used are slightly
different yet aim/intention/ motive almost similar. The research finding explored Cyber Terrorism and its impact to critical system. Our come concluded that
Cyberterrorism required advanced technology for protection. The protection system should incorporated latest technology, expert, and systematic process. Our
proposed safeguards for cyber terrorism activities comply with international standard ISO 27100. Complexity in performing risks analysis is due to various type
of data i.e., either qualitative or quantitative or both. Most of risk analysis tools in the market only allow single type of data to be analysed. Therefore, in order to
facilitate this issue we explored and introduced techniques that allow both type of data to be treated as one. As a conclusion from the 18 years research in Risks,
Vulnerabilities and Threats Analysis in Information Security involved with various type of platform, software, hardware, middleware and Cyber Physical System.
Those technologies rapidly growth and backbone for Industry Revolution 5.0.
Compartilhe este artigo