Strengthening information technology security through the failure modes and effects analysis approach-Reference-Cited by-同舟云学术

Strengthening information technology security through the failure modes and effects analysis approach

Published:2018-10-08 Issue:1 Volume:4 Page:
ISSN:2363-7021
Container-title:International Journal of Quality Innovation
language:en
Short-container-title:Int J Qual Innov

Author:

Asllani Arben^ORCID,Lari Alireza,Lari Nasim

Abstract

AbstractProper protection of information systems is a major quality issue of organizational risk management. Risk management is a process whereby risk factors are identified and then virtually eliminated. Failure modes and effects analysis (FMEA) is a risk management methodology for identifying system’s failure modes with their effects and causes. FMEA identifies potential weaknesses in the system. This approach allows companies to correct areas identified through the process before the system fails. In this paper, we identify several critical failure factors that may jeopardize the security of information systems. In doing this, we systematically identify, analyze, and document the possible failure modes and the possible effects of each failure on the system. The proposed cybersecurity FMEA (C-FMEA) process results in a detailed description of how failures influence the system’s performance and how they can be avoided. The applicability of the proposed C-FMEA is illustrated with an example from a regional airport.

Publisher

Springer Science and Business Media LLC

Subject

General Medicine

Link

https://link.springer.com/content/pdf/10.1186/s40887-018-0025-1.pdf

Reference39 articles.

1. Fortune;J Roberts,2017

2. NIST (2013) Security controls for federal information systems and organizations. (Special publication 800-53, revision 4). https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf, Accessed 29 Dec 2016, from National Institute of Standards and Technology

3. NIST (2002) Risk management guide for information technology systems (special publication 800-30). http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf, Accessed 29 Dec 2016, from National Institute of Standards and Technology

4. NIST (2006) Guide for developing security plans for federal information systems. (Special publication 800-18). https://csrc.nist.gov/publications/detail/sp/800-30/archive/2002-07-01, Accessed 21 Dec 2016, from National Institute of Standards and Technology

5. NIST (2011) Managing information security risk. (Special publication 800-39). http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf, Accessed 3 Jan 2017, from National Institute of Standards and Technology

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Sentinel Event Alert 67: Preserving Patient Safety After a Cyberattack;The Joint Commission Journal on Quality and Patient Safety;2023-12

2. Assessing Cyber Risk in Cyber-Physical Systems Using the ATT&CK Framework;ACM Transactions on Privacy and Security;2023-03-13

3. LPWAN Cyber Security Risk Analysis: Building a Secure IQRF Solution;Sensors;2023-02-12

4. Safety and Cybersecurity Assessment Techniques for Critical Industries: A Mapping Study;IEEE Access;2023

5. Comparison of Cybersecurity Methodologies for the Implementing of a Secure IoT Architecture;Advanced Sciences and Technologies for Security Applications;2023