Search results

This paper aims to design a vulnerability assessment model considering the multidimensional and systematic approach to disaster risk and vulnerability. This model serves to both risk mitigation and disaster preparedness phases of humanitarian logistics.

A survey of 27,218 households in Pueblo Rico and Dosquebradas was conducted to obtain information about disaster risk for landslides, floods and collapses. We adopted a cross entropy-based approach for the measure of disaster vulnerability (Kullback–Leibler divergence), and a maximum-entropy estimation for the reconstruction of risk a priori categorization (logistic regression). The capabilities approach of Sen supported theoretically our multidimensional assessment of disaster vulnerability.

Disaster vulnerability is shaped by economic, such as physical attributes of households, and health indicators, which are in specific morbidity indicators that seem to affect vulnerability outputs. Vulnerability is heterogeneous between communities/districts according to formal comparisons of Kullback–Leibler divergence. Nor social dimension, neither chronic illness indicators seem to shape vulnerability, at least for Pueblo Rico and Dosquebradas.

The results need a qualitative or case study validation at the community/district level.

We discuss how risk mitigation policies and disaster preparedness strategies can be driven by empirical results. For example, the type of stock to preposition can vary according to the disaster or the kind of alternative policies that can be formulated on the basis of the strong relationship between morbidity and disaster risk.

Entropy-based metrics are not widely used in humanitarian logistics literature, as well as empirical data-driven techniques.

The purpose of this paper was to develop an integrated framework for assessing the flood risk and climate adaptation capacity of an urban area and its critical infrastructures to help address flood risk management issues and identify climate adaptation strategies.

Using the January 2011 flood in the core suburbs of Brisbane City, Queensland, Australia, various spatial analytical tools (i.e. digital elevation modeling and urban morphological characterization with 3D analysis, spatial analysis with fuzzy logic, proximity analysis, line statistics, quadrat analysis, collect events analysis, spatial autocorrelation techniques with global Moran’s I and local Moran’s I, inverse distance weight method, and hot spot analysis) were implemented to transform and standardize hazard, vulnerability, and exposure indicating variables. The issue on the sufficiency of indicating variables was addressed using the topological cluster analysis of a two-dimension self-organizing neural network (SONN) structured with 100 neurons and trained by 200 epochs. Furthermore, the suitability of flood risk modeling was addressed by aggregating the indicating variables with weighted overlay and modified fuzzy gamma overlay operations using the Bayesian joint conditional probability weights. Variable weights were assigned to address the limitations of normative (equal weights) and deductive (expert judgment) approaches. Applying geographic information system (GIS) and appropriate equations, the flood risk and climate adaptation capacity indices of the study area were calculated and corresponding maps were generated.

The analyses showed that on the average, 36 (approximately 813 ha) and 14 per cent (approximately 316 ha) of the study area were exposed to very high flood risk and low adaptation capacity, respectively. In total, 93 per cent of the study area revealed negative adaptation capacity metrics (i.e. minimum of −23 to <0), which implies that the socio-economic resources in the area are not enough to increase climate resilience of the urban community (i.e. Brisbane City) and its critical infrastructures.

While the framework in this study was obtained through a robust approach, the following are the research limitations and recommended for further examination: analyzing and incorporating the impacts of economic growth; population growth; technological advancement; climate and environmental disturbances; and climate change; and applying the framework in assessing the risks to natural environments such as in agricultural areas, forest protection and production areas, biodiversity conservation areas, natural heritage sites, watersheds or river basins, parks and recreation areas, coastal regions, etc.

This study provides a tool for high level analyses and identifies adaptation strategies to enable urban communities and critical infrastructure industries to better prepare and mitigate future flood events. The disaster risk reduction measures and climate adaptation strategies to increase urban community and critical infrastructure resilience were identified in this study. These include mitigation on areas of low flood risk or very high climate adaptation capacity; mitigation to preparedness on areas of moderate flood risk and high climate adaptation capacity; mitigation to response on areas of high flood risk and moderate climate adaptation capacity; and mitigation to recovery on areas of very high flood risk and low climate adaptation capacity. The implications of integrating disaster risk reduction and climate adaptation strategies were further examined.

The newly developed spatially explicit analytical technique, identified in this study as the Flood Risk-Adaptation Capacity Index-Adaptation Strategies (FRACIAS) Linkage/Integrated Model, allows the integration of flood risk and climate adaptation assessments which had been treated separately in the past. By applying the FRACIAS linkage/integrated model in the context of flood risk and climate adaptation capacity assessments, the authors established a framework for enhancing measures and adaptation strategies to increase urban community and critical infrastructure resilience to flood risk and climate-related events.

The aim of this study is o examine the advantages and disadvantages of different existing scoring systems in the cybersecurity domain and their applicability to the AEC industry and to systematically apply a scoring system to determine scores for some of the most significant construction participants.

This study proposes a methodology that uses the Common Vulnerability Scoring System (CVSS) to calculate scores and the likelihood of occurrence based on communication frequencies to ultimately determine risk categories for different paths in a construction network. As a proof of concept, the proposed methodology is implemented in a construction network from a real project found in the literature.

Results show that the proposed methodology could provide valuable information to assist project participants to assess the overall cybersecurity vulnerability of construction and assist during the vulnerability-management processes. For example, a project owner can use this information to get a better understanding of what to do to limit its vulnerability, which will lead to the overall improvement of the security of the construction network.

It has to be noted that the scoring systems, the scores and categories adopted in the study need not necessarily be an exact representation of all the construction participants or networks. Therefore, caution should be exercised to avoid generalizing the results of this study.

The proposed methodology can provide valuable information and assist project participants to assess the overall cyber-vulnerability of construction projects and support the vulnerability-management processes. For example, a project owner can use this approach to get a better understanding of what to do to limit its cyber-vulnerability exposure, which will ultimately lead to the overall improvement of the construction network's security. This study will also help raise more awareness about the cybersecurity implications of the digitalization and automation of the AEC industry among practitioners and construction researchers.

Given the amount of digitized services and tools used in the AEC industry, cybersecurity is increasingly becoming critical for society in general. In some cases, (e.g. critical infrastructure) incidents could have significant economic and societal or public safety implications. Therefore, proper consideration and action from the AEC research community and industry are needed.

To the authors' knowledge, this is the first attempt to measure and assess the cybersecurity of individual participants and the construction network as a whole by using the Common Vulnerability Scoring System.

The purpose of this paper is to develop and operationalize a process for prioritizing supply chain risks that is capable of capturing the value at risk (VaR), the maximum loss expected at a given confidence level for a specified timeframe associated with risks within a network setting.

The proposed “Worst Expected Best” method is theoretically grounded in the framework of Bayesian Belief Networks (BBNs), which is considered an effective technique for modeling interdependency across uncertain variables. An algorithm is developed to operationalize the proposed method, which is demonstrated using a simulation model.

Point estimate-based methods used for aggregating the network expected loss for a given supply chain risk network are unable to project the realistic risk exposure associated with a supply chain. The proposed method helps in establishing the expected network-wide loss for a given confidence level. The vulnerability and resilience-based risk prioritization schemes for the model considered in this paper have a very weak correlation.

This paper introduces a new “Worst Expected Best” method to the literature on supply chain risk management that helps in assessing the probabilistic network expected VaR for a given supply chain risk network. Further, new risk metrics are proposed to prioritize risks relative to a specific VaR that reflects the decision-maker's risk appetite.

The purpose of this paper is to examine the impact of affiliate marketing strategies as a tool for increasing customers' engagement and vulnerability over financial services. This is attempted by examining the connection between affiliate marketing factors and customers' brand engagement and vulnerability metrics.

The authors developed a three-staged methodological context, based on the 7 most known centralized payment network (CPN) firms' website analytical data, which begins with linear regression analysis, followed by hybrid modeling (agent-based and dynamic models), so as to simulate brand engagement and vulnerability factors' variation in a 180-day period. The deployed context ends by applying the cognitive modeling method of producing heatmaps and facial analysis of CPN websites to the selected 47 vulnerable website customers, for gathering more insights into their brand engagement.

Throughout the simulation results of the study, it becomes clear that a higher number of backlinks and referral domains tend to increase CPN firms' brand-engaged and vulnerable customers.

From the simulation modeling process, the implication for backlinks and referral domains as factors that enhance website customers' brand engagement and vulnerability has been highlighted. A higher number of brand-engaged website customers could mean that vulnerable categories of customers would be impacted by CPNs' affiliate marketing. Improving those customers' knowledge of the financial services utility is of utmost importance.

The outcomes of the research indicate that online banking service providers can increase their customers' engagement with their brands by adopting affiliate marketing techniques. To avoid the increase in customers' vulnerability, marketers should aim to apply affiliate marketing strategies to domains relevant to the provided financial services.

The paper's outcomes provide a new approach to the literature, where the website customer's brand engagement comes out as a valuable metric for estimating online banking sector customers' vulnerability.

The paper proposes looking at the automation of the incident response (IR) process, through formal, systematic and standardized methods for collection, normalization and correlation of security data (i.e. vulnerability, exploit and intrusion detection information).

The paper proposes the incident response intelligence system (IRIS) that models the context of discovered vulnerabilities, calculates their significance, finds and analyzes potential exploit code and defines the necessary intrusion detection signatures that combat possible attacks, using standardized techniques. It presents the IRIS architecture and operations, as well as the implementation issues.

The paper presents detailed evaluation results obtained from real‐world application scenarios, including a survey of the users' experience, to highlight IRIS contribution in the area of IR.

The paper introduces the IRIS, a system that provides detailed security information during the entire lifecycle of a security incident, facilitates decision support through the provision of possible attack and response paths, while deciding on the significance and magnitude of an attack with a standardized method.

The purpose of this study is to evaluate the impact of food access and other vulnerability measures on the COVID-19 progression to inform the public health decision-makers while setting priority rules for vaccine schedules.

In this paper, the authors used the Supplemental Nutrition Assistance Program (SNAP) data combined with the Centers for Disease Control and Prevention (CDC)’s social vulnerability score variables and diabetes and obesity prevalence in a set of models to assess the associations with the COVID-19 prevalence and case-fatality rates in the United States (US) counties. Using the case prevalence estimates provided by these models, the authors developed a COVID-19 vulnerability score. The COVID-19 vulnerability score prioritization is then compared with the pro-rata approach commonly used for vaccine distribution.

The study found that the population proportion residing in a food desert is positively correlated with the COVID-19 prevalence. Similarly, the population proportion registered to SNAP is positively correlated with the COVID-19 prevalence. The findings demonstrate that commonly used pro-rata vaccine allocation can overlook vulnerable communities, which can eventually create disease hot-spots.

The proposed methodology provides a rapid and effective vaccine prioritization scoring. However, this scoring can also be considered for other humanitarian programs such as food aid and rapid test distribution in response to the current and future pandemics.

Humanitarian logistics domain predominantly relies on equity measures, where each jurisdiction receives resources proportional to their population. This study provides a tool to rapidly identify and prioritize vulnerable communities while determining vaccination schedules.

Effective and efficient software security inspection is crucial as the existence of vulnerabilities represents severe risks to software users. The purpose of this paper is to empirically evaluate the potential application of Stochastic Gradient Boosting Trees (SGBT) as a novel model for enhanced prediction of vulnerable Web components compared to common, popular and recent machine learning models.

An empirical study was conducted where the SGBT and 16 other prediction models have been trained, optimized and cross validated using vulnerability data sets from multiple versions of two open-source Web applications written in PHP. The prediction performance of these models have been evaluated and compared based on accuracy, precision, recall and F-measure.

The results indicate that the SGBT models offer improved prediction over the other 16 models and thus are more effective and reliable in predicting vulnerable Web components.

This paper proposed a novel application of SGBT for enhanced prediction of vulnerable Web components and showed its effectiveness.

Malicious attackers frequently breach information systems by exploiting disclosed software vulnerabilities. Knowledge of these vulnerabilities over time is essential to decide the use of software products by organisations. The purpose of this paper is to propose a novel G-RAM framework for business organisations to assess and mitigate risks arising out of software vulnerabilities.

The G-RAM risk assessment module uses GARCH to model vulnerability growth. Using 16-year data across 1999-2016 from the National Vulnerability Database, the authors estimate the model parameters and validate the prediction accuracy. Next, the G-RAM risk mitigation module designs optimal software portfolio using Markowitz’s mean-variance optimisation for a given IT budget and preference.

Based on an empirical analysis, this study establishes that vulnerability follows a non-linear, time-dependent, heteroskedastic growth pattern. Further, efficient software combinations are proposed that optimise correlated risk. The study also reports the empirical evidence of a shift in efficient frontier of software configurations with time.

Existing assumption of independent and identically distributed residuals after vulnerability function fitting is incorrect. This study applies GARCH technique to measure volatility clustering and mean reversal. The risk (or volatility) represented by the instantaneous variance is dependent on the immediately previous one, as well as on the unconditional variance of the entire vulnerability growth process.

The volatility-based estimation of vulnerability growth is a risk assessment mechanism. Next, the portfolio analysis acts as a risk mitigation activity. Results from this study can decide patch management cycle needed for each software – individual or group patching. G-RAM also ranks them into a 2×2 risk-return matrix to ensure that the correlated risk is diversified. Finally the paper helps the business firms to decide what to purchase and what to avoid.

Contrary to the existing techniques which either analyse with statistical distributions or linear econometric methods, this study establishes that vulnerability growth follows a non-linear, time-dependent, heteroskedastic pattern. The paper also links software risk assessment to IT governance and strategic business objectives. To the authors’ knowledge, this is the first study in IT security to examine and forecast volatility, and further design risk-optimal software portfolios.