Publications
2020
Kuzmina, Elena M.; Klochko, Oksana; Savina, Nataliia B.; Yaremko, Svetlana A.; Akselrod, Roman B.; Strauss, Christine
Risk analysis of the Company's activities by means of simulation Konferenzbeitrag
In: Pickl, Stefan Wolfgang; Lytvynenko, Volodymyr; Zharikova, Maryna; Sherstjuk, Volodymyr (Hrsg.): CITRisk 2020. Computational & Information Technologies for Risk-Informed Systems, S. 162–174, RWTH Aachen, 2020, (Publisher Copyright: Copyright textcopyright 2020 for this paper by its authors. Copyright: Copyright 2021 Elsevier B.V., All rights reserved.; 1st International Workshop on Computational and Information Technologies for Risk-Informed Systems, CITRisk 2020 ; Conference date: 15-10-2020 Through 16-10-2020).
Abstract | BibTeX | Schlagwörter: Information technologies, Monte Carlo method, Probabilistic characteristics, Risks, Simulation
@inproceedings{379b349e6052444c8072300d27fd99f9,
title = {Risk analysis of the Company's activities by means of simulation},
author = {Elena M. Kuzmina and Oksana Klochko and Nataliia B. Savina and Svetlana A. Yaremko and Roman B. Akselrod and Christine Strauss},
editor = {Stefan Wolfgang Pickl and Volodymyr Lytvynenko and Maryna Zharikova and Volodymyr Sherstjuk},
year = {2020},
date = {2020-01-01},
booktitle = {CITRisk 2020. Computational & Information Technologies for Risk-Informed Systems},
volume = {2805},
pages = {162--174},
publisher = {RWTH Aachen},
series = {CEUR Workshop Proceedings},
abstract = {The use of simulation methods and modern information technologies increases competitiveness, management efficiency and eliminates possible risks in the company's activities. The use of the Monte-Carlo method is promising in simulation. The basis of the classical Monte-Carlo method is to obtain a large number of implementations of a random process, which is formed so that the probabilistic characteristics (mathematical expectations, probability of some events, probability of the trajectory in a certain area, etc.) are equal to the predetermined value of the problem. Construction of the model using this method should be based on the distribution of random variables in the studied process. The set of implementations can be used as some artificially obtained statistical material processed by methods of mathematical statistics. The author's development was the application in the classical Monte-Carlo method of generating samples of random variables with uniform and triangular distribution, as well as risk analysis of the company and forecasting for the future with greater probability using modern means of automating complex calculations based on high-level programming languages. The software implementation of the advanced Monte-Carlo method is performed using high-level object-oriented Python language tools that allow you to automate all stages of application of the Monte-Carlo method and store the results in a database. Strategic planning support tools based on computer simulation provide an opportunity to reflect complex nonlinear interactions in the business, assess the consequences of the implementation of various scenarios or predict further developments in the company.},
note = {Publisher Copyright: Copyright textcopyright 2020 for this paper by its authors. Copyright: Copyright 2021 Elsevier B.V., All rights reserved.; 1st International Workshop on Computational and Information Technologies for Risk-Informed Systems, CITRisk 2020 ; Conference date: 15-10-2020 Through 16-10-2020},
keywords = {Information technologies, Monte Carlo method, Probabilistic characteristics, Risks, Simulation},
pubstate = {published},
tppubtype = {inproceedings}
}
The use of simulation methods and modern information technologies increases competitiveness, management efficiency and eliminates possible risks in the company's activities. The use of the Monte-Carlo method is promising in simulation. The basis of the classical Monte-Carlo method is to obtain a large number of implementations of a random process, which is formed so that the probabilistic characteristics (mathematical expectations, probability of some events, probability of the trajectory in a certain area, etc.) are equal to the predetermined value of the problem. Construction of the model using this method should be based on the distribution of random variables in the studied process. The set of implementations can be used as some artificially obtained statistical material processed by methods of mathematical statistics. The author's development was the application in the classical Monte-Carlo method of generating samples of random variables with uniform and triangular distribution, as well as risk analysis of the company and forecasting for the future with greater probability using modern means of automating complex calculations based on high-level programming languages. The software implementation of the advanced Monte-Carlo method is performed using high-level object-oriented Python language tools that allow you to automate all stages of application of the Monte-Carlo method and store the results in a database. Strategic planning support tools based on computer simulation provide an opportunity to reflect complex nonlinear interactions in the business, assess the consequences of the implementation of various scenarios or predict further developments in the company.
2012
Kiesling, Elmar; Strauß, Christine; Stummer, Christian
A multi-objective decision support framework for simulation-based security control selection Konferenzbeitrag
In: Proceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012, S. 454–462, 2012, ISBN: 9780769547756, (2012 7th International Conference on Availability, Reliability and Security, ARES 2012 ; Conference date: 20-08-2012 Through 24-08-2012).
Abstract | Links | BibTeX | Schlagwörter: computational modeling, Decision support systems, HBE, human factors, security and protection, Simulation, systems analysis and design
@inproceedings{49b09d127eb448ce9585535e5687f541,
title = {A multi-objective decision support framework for simulation-based security control selection},
author = {Elmar Kiesling and Christine Strauß and Christian Stummer},
doi = {10.1109/ARES.2012.70},
isbn = {9780769547756},
year = {2012},
date = {2012-11-26},
booktitle = {Proceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012},
pages = {454--462},
abstract = {In this paper, we report on our ongoing research on simulation-based information security risk assessment and multi-objective optimization of investment in security controls. We outline a methodological framework that accounts for characteristics of the organization, its information infrastructure, assets to be protected, the particular threat sources it faces, and the decision-makers' risk preferences. This framework comprises (i) ontological modeling of security knowledge, (ii) dynamic attack graph generation techniques, (iii) probabilistic simulation of attacks by goal-driven threat agents, (iv) meta-heuristic identification of efficient portfolios of information security controls, and (v) interactive decision support. These components facilitate novel techniques to infer possible routes of attacks and generate attack graphs based on attackers' motivation, objectives, capabilities, and available modes of entry and to use this inferred knowledge to simulate attacks on an organization's modeled infrastructure. The method supports decision makers evaluating potential security control investments in striking a balance between monetary and non-monetary criteria regarding risks, costs, and benefits. We are currently in the process of developing a prototypical implementation of the framework that will be used to evaluate the approach through application case studies.},
note = {2012 7th International Conference on Availability, Reliability and Security, ARES 2012 ; Conference date: 20-08-2012 Through 24-08-2012},
keywords = {computational modeling, Decision support systems, HBE, human factors, security and protection, Simulation, systems analysis and design},
pubstate = {published},
tppubtype = {inproceedings}
}
In this paper, we report on our ongoing research on simulation-based information security risk assessment and multi-objective optimization of investment in security controls. We outline a methodological framework that accounts for characteristics of the organization, its information infrastructure, assets to be protected, the particular threat sources it faces, and the decision-makers' risk preferences. This framework comprises (i) ontological modeling of security knowledge, (ii) dynamic attack graph generation techniques, (iii) probabilistic simulation of attacks by goal-driven threat agents, (iv) meta-heuristic identification of efficient portfolios of information security controls, and (v) interactive decision support. These components facilitate novel techniques to infer possible routes of attacks and generate attack graphs based on attackers' motivation, objectives, capabilities, and available modes of entry and to use this inferred knowledge to simulate attacks on an organization's modeled infrastructure. The method supports decision makers evaluating potential security control investments in striking a balance between monetary and non-monetary criteria regarding risks, costs, and benefits. We are currently in the process of developing a prototypical implementation of the framework that will be used to evaluate the approach through application case studies.
2000
Gutjahr, Walter; Strauss, Christine; Toth, Martin
Crashing of stochastic processes by sampling and optimisation Artikel
In: Business Process Management Journal: developing re-engineering towards integrated process management, Bd. 6, Nr. 1, S. 65–83, 2000, ISSN: 1463-7154.
Abstract | Links | BibTeX | Schlagwörter: BPR, Business Process Reengineering, business processes, Project management, Risk management, Sampling, Simulation
@article{6c6024112615471095d98c4b67d913a0,
title = {Crashing of stochastic processes by sampling and optimisation},
author = {Walter Gutjahr and Christine Strauss and Martin Toth},
doi = {10.1108/14637150010313357},
issn = {1463-7154},
year = {2000},
date = {2000-01-01},
journal = {Business Process Management Journal: developing re-engineering towards integrated process management},
volume = {6},
number = {1},
pages = {65--83},
abstract = {The application of advanced methods of process management is essential, especially in those fields in which activity durations can be determined only vaguely, while at the same time a highly competitive market enforces strict completion schedules through the implementation of penalties. The technique presented is most suitable for determining a time‐cost trade‐off based on practice‐relevant assumptions. Completion time overruns usually cause penalties whose size depends on the degree of the overruns. To avoid such penalties – or at least to keep any losses low – distinct processes may be crashed by one or several measures that decrease the activity duration. The risk of an overrun has to be weighed against the expected costs and benefits of certain crashing measures and their combinations. The technique presented is a new PERT‐based, hybridised approach using simulated annealing and importance sampling to support typical process re‐engineering, which focuses on the efficient allocation of extra resources in order to achieve a more reliable performance without changing the precedence‐successor‐structure.},
keywords = {BPR, Business Process Reengineering, business processes, Project management, Risk management, Sampling, Simulation},
pubstate = {published},
tppubtype = {article}
}
The application of advanced methods of process management is essential, especially in those fields in which activity durations can be determined only vaguely, while at the same time a highly competitive market enforces strict completion schedules through the implementation of penalties. The technique presented is most suitable for determining a time‐cost trade‐off based on practice‐relevant assumptions. Completion time overruns usually cause penalties whose size depends on the degree of the overruns. To avoid such penalties – or at least to keep any losses low – distinct processes may be crashed by one or several measures that decrease the activity duration. The risk of an overrun has to be weighed against the expected costs and benefits of certain crashing measures and their combinations. The technique presented is a new PERT‐based, hybridised approach using simulated annealing and importance sampling to support typical process re‐engineering, which focuses on the efficient allocation of extra resources in order to achieve a more reliable performance without changing the precedence‐successor‐structure.