Science topic

Vulnerability Analysis - Science topic

Explore the latest questions and answers in Vulnerability Analysis, and find Vulnerability Analysis experts.
Questions related to Vulnerability Analysis
  • asked a question related to Vulnerability Analysis
Question
5 answers
Can electricity consumption (KWh) be used as an indicator or proxy variable for drought vulnerability assessment? What is the relationship between electricity consumption and drought vulnerability?
Relevant answer
Answer
We have worked on the technological package of crops (including electrical consumption) in these manuscripts that can serve you:
  • asked a question related to Vulnerability Analysis
Question
9 answers
I am a Master's Student who specialized in development economics (especially rural development), now I am eager to publish my thesis in an academic journal. The topic is about determinants of vulnerability and roles of livelihood assets, so at this time, I would like to ask what kind of journal (paper) is more suitable? if possible, I would like to publish a high rank in terms of impact factors. thank you in advance.
Relevant answer
  • asked a question related to Vulnerability Analysis
Question
10 answers
Hello!
I’m Jonathan, an MSc student studying Cyber Security at Edge Hill University. As part of my project thesis, I’m conducting a short questionnaire on small and medium enterprise cyber security and, in particular, the opinions of professional individuals on the topic of vulnerability assessment and penetration testing as a way of securing IT infrastructure. The survey also details some features of the project, including the active design and development of an autonomous VAPT tool for SMEs.
Your help on providing answers and opinions is greatly appreciated and will deliver a fundamental basis for my research. Permission is also granted if you wish to notify others that may be interested in the project.
If you wish to contribute, you can do so using this link: https://vaptian.com/go/survey. The survey is hosted by Qualtrics.
The survey is entirely optional, and all data collected is anonymous. You can terminate your participation at any time for any reason.
Thank you in advance.
Relevant answer
Answer
Dr. MOHAMMAD FAISAL currently working at the department of computer science and IT, University of Malakand Pakistan, received his M.S. degree in information security management from SZABIST, Pakistan, in 2012, and the Ph.D. degree in network security from the Department of Computer Science and Information Technology, University of Malakand in 2018. His research interests include ML and security of wireless ad hoc networks MANETs, VANETs, IoT, Cloud, Fog, Edge, Blockchain and digital forensics.
  • asked a question related to Vulnerability Analysis
Question
3 answers
I wanted to do a Principal Component Analysis to reduce the number of variables used in the vulnerability analysis. Before running the PCA, it's necessary to standardize the variables collected in nominal (Yes/No) and in ordinal (rank). How can I do that? Any suggestion will be appreciated.
Relevant answer
Answer
Hello Husen,
Standardizing typically means adjusting scores to have a specific distributional characteristic. This could include: (a) fixing the range (e.g., to fall between 0,1); (b) fixing the mean or median to some constant value; (c) fixing the variance or spread to some constant value; (d) some combination (as in the case of z-scores, which fix the values to have a mean of 0 and variance or SD of 1).
Normalizing has multiple meanings, which could include making the shape of a score distribution match that of a normal (Gaussian) distribution, transforming the values so that the sum of squared values = 1 (vector arithmetic), and others. In general, you'll never get a categorical variable to have a normal distribution.
For dichotomous variables, just code them as 0,1 (or 1,2). Any linear transformation of these values (e.g., to z-scores) will not change either the shape of the distribution or the correlation of scores on that variable with those of any other variable. For PCA based on correlations, rescaling via linear transforms will not impact the resultant structure or solution. For PCA based on covariances, yes, variables having larger variances will have larger initial communality estimates and other parts of the solution will differ. The fix for that is simple: Use correlation-based PCA (which automatically standardizes all variables).
For categorical variables with more than two levels, you'll have to re-express those as a set of k - 1 dummy variates (or similar), for a variable with k levels. So, there's really no standardizing that would make much sense for these for the same reason as that of a dichotomous variable.
Good luck with your work.
  • asked a question related to Vulnerability Analysis
Question
44 answers
We're working on vulnerability studies of electric power systems and we found in some papers that the MATCASC software can be used in those studies. But we can't find where to download it.
Relevant answer
Answer
MATCASC is an open source MATLAB based tool to analyse cascading failures in power grids.
Regards
  • asked a question related to Vulnerability Analysis
Question
6 answers
1- I plan to do the vulnerability analysis of a pipleline subjected to debris flow. Apparently, I am unable to find research articles in this area. Please help me in finding some research articles in this area.
2- Can you please direct me towards some latest methods used for this vulnerability analsysIs?
3- How can I validate this vulnerability analysis?
I am a newbee in research and will appreciate any help in this regard.
Relevant answer
Answer
The following articles will give you an idea on vulnerability analysis of Debris flow and its validation
DOI: 10.5194/nhess-13-869-2013
  • asked a question related to Vulnerability Analysis
Question
11 answers
What reference studies (Book, Article, Tesis etc) you know used ER Method was applied using the Vertical Electrical Survey (SEV) technique (Wenner-Schlumberger, dipole-dipole arrays) for definition of intrinsic vulnerability index to water contamination underground?
Are there any studies that have used this method to set parameters for analyzing groundwater vulnerability to contamination por geoelectric layers?
  • asked a question related to Vulnerability Analysis
Question
4 answers
I'm learning about IT Security, mainly looking into the offensive side (PenTesting/Red Teaming).
I've been looking into PenTesting and some professional guidelines like these:
I've also seen some YouTube videos talking about what PenTesters do generally. However, I'd like to see some engagements (real or simulated) show what real PenTesting jobs are like and for all the main steps of the process. (like the ones listed in the links)
Is there somewhere I can read or watch about realistic PenTesting/Red Teaming engagements with details about each main step of the process?
Relevant answer
Answer
Hello, John Zhau
Usually the pentesters follow up the certain methodology (Framework), step by step test product and reflect results of the testing by creating mindmap. Summarized results of the testing are displayed after in the report for the customers.
The Penetration testing framework is here http://www.vulnerabilityassessment.co.uk/ . It provides very comprehensive hands-on penetration testing guide. It also lists the testing tools in each testing category. On the right side you can find Report template.
Examples of mindmapping are below or just google "mindmap for pentesters". In mindmap display both successful and failed test results.
  • asked a question related to Vulnerability Analysis
Question
13 answers
Dear Researchers!
It is known that methods such as: GOD (Foster) and DRASTIC (Aller et al) and others are widely used. But are there new methods developed to evaluate the intrinsic vulnerability of the physical environment to loads or pollutants? and with easy application (accessible parameters)?
Relevant answer
Answer
There is no method that can fit every case of study. DRASTIC request several factors that are not available in many countries; the spatial resolution of data is another problem. GOD is made for aquifers that have a large extension; it is not the best solution for small aquifers or where lateral and vertical lithological variations are frequent. SINTACS is the italian little brother of DRASTIS; it has thus the same shortcomings. AVI is based on permeability which is generally not available or the measurement points are poorly distributed...
Since geophysical data are mostly available or surveys could be done, we suggest a geophysical method for countries where data are lacking.
Please check this recent paper:
Regards
  • asked a question related to Vulnerability Analysis
Question
4 answers
I need to define a topic,It should not be so extensive to be able to cover in a good way.My idea is to make a security comparison between two IoT technologies,however i feel the topic stills too much extensive
Relevant answer
Answer
Try to look on security in communication protocols, LoRa and NB-IoT. These two protocols are widely used, so take a look at there security management. Security is so important especially when sending important data
  • asked a question related to Vulnerability Analysis
Question
3 answers
When we want to write a paper about Social vulnerability index, climate vulnerability index etc. we have to calculate index score first. But after that for finding out weighted index score we have to multiply the index score with the variables domain standard score like Demographic (25).
Now my question is where can i get all the variables list and domains weighted value for each vulnerability index?
Relevant answer
Answer
Dear Hasanuzzaman,
As salamu alaikum. You can read our paper for getting idea about vulnerability assessment by using IPCC framework.
Best wishes,
Sarker
  • asked a question related to Vulnerability Analysis
Question
3 answers
I have 10 nodes in my network. I calculated the size of the largest component in my network, using the below formula:
Size of the largest component (when node 1 is deleted) = Number of nodes in the largest component, after node 1 is deleted/ Number of nodes in the largest component
Size of largest component, node 1 is deleted = 0.53
Size of largest component, node 2 is deleted = 0.85
Size of largest component, node 3 is deleted = 0.88
Size of largest component, node 4 is deleted = 0.94
Size of largest component, node 5 is deleted = 0.94
Size of largest component, node 6 is deleted = 0.94
Size of largest component, node 7 is deleted = 0.94
When I want to calculate robustness, do I have to average of all the above values?
Thank you
Priya
Relevant answer
@Joseph Isabona. I have 10 nodes. Can I also calculate robustness, by calculating the size of largest component for few interested nodes and divide by the total number of nodes in the original network? Is it a right way to calculate robustness?
  • asked a question related to Vulnerability Analysis
Question
3 answers
I am conducting a research on flood vulnerability and i want to know if the PAR model is the best or there is a more recent one now thanks.
Relevant answer
Answer
I believe the PAR model is the best we have now. It is not flawless though. But you can use it to identify social constructs in DRR.
  • asked a question related to Vulnerability Analysis
Question
6 answers
I am doing research involving implementation of a security framework which can analyse 6LoWPAN (Network Layer in Internet of Things) and CoAP (Application Layer in Internet of things) for security weaknesses.
I have been able to find names of a few software like OMNET++, NS3, NS2 for network simulation, but I have no idea on how to simulate attacks on them. I also have Nessi2 which can simulate agent based security analysis, but I am not sure if I will be able to implement IOT layer security testing framework on it.
Any heads up on where to start and what to do next will be very helpful.
Relevant answer
Answer
You could also try NetSim - it has support for COAP protocol along with specialized frameworks for setting up attacks in IOT networks. You could look at https://tetcos.com/file-exchange.html for more information
  • asked a question related to Vulnerability Analysis
Question
4 answers
I am working on environmental babaseline studies on a soil creep environment in Nigeria. I am dividing the work into 3
1- Geotechnical analysis of the soil
2-- Application of hazard and vulnerability analysis on this hazards prone area
3- The environmental and socioeconomic impacts on the residents
Please I need scientific directions on how to go about it.
Thanks
Relevant answer
Answer
Hi Johnson, this paper on research gate would provide some underpins to your research. https://www.researchgate.net/.../230504947_Soil_creep_Problems_raised_by_a_23_year...
  • asked a question related to Vulnerability Analysis
  • asked a question related to Vulnerability Analysis
Question
7 answers
Vulnerability analysis
Relevant answer
Answer
I deal with the same point! Using ArcGIS ... which variables you will use
  • asked a question related to Vulnerability Analysis
Question
11 answers
Working on a current project, I was wondering if there were a large difference between the effect of (meteorological) droughts in mountain and plain regions. I am particularly interested here in possible negative effects on local farming and pastoralist production systems. 
Any help on this point will be highly appreciated. 
Relevant answer
Answer
I have found in my own research in Tanzania that often mountain ecosystems can help people cope with drought easier because of the different microclimates around the mountains.  For example, while there may not be pasture in the lower dryland areas during drought, the higher elevations may still provide some pasture for livestock.
  • asked a question related to Vulnerability Analysis
Question
7 answers
can anyone suggest me the best method for assessing coastal vulnerability to climate change? Is there any standard protocol to fix the vulnerability index?
Relevant answer
Answer
Thank you v.much Dr.Annes and Dr.Rajiv Pandey for providing your valuable comments and suggestions.
  • asked a question related to Vulnerability Analysis
Question
8 answers
please mention the tools used and also how vulnerable a community is.
Relevant answer
Answer
Brownly, 
I believe you need to define multiple parameters before you choose the proper tool to asses communities' post-disaster vulnerability.
First, which dimension are you looking at; physical infrastructure, social, economic, or environmental? All of the three dimensions are impacted by disasters, and in fact amplify the disaster impact on the community. 
Moreover, you should also determine if you are looking for vulnerability due to exposure to risk (proximity to hazards) or due to internal/inherent properties of the community. Even though some vulnerability assessment tools account for both in the same model (Environmental Vulnerability Index), I believe it is crucial to define your need. Exposure to risk vulnerability assessment is mostly beneficial for choosing where to rebuild. While inherent vulnerability helps in determining factors that needs to be enhanced to decrease future vulnerability to hazards. 
Furthermore, the level of analysis. Most tools focus on aggregated vulnerability assessment; countries and cities (Economic Resilience Index for OCED countries). However, there are tools that can calculate and assess vulnerability on the block level (Social Vulnerability Index by Cutter et. al 2003). 
Below are a list of some of the tools that I would recommend for such assessment: 
Environmental:
  1. Environmental Vulnerability Index - http://www.vulnerabilityindex.net/  community level assessment for exposure and inherent vulnerability to hazards. 
  2. Environmental Sustainability Index - http://sedac.ciesin.columbia.edu/data/collection/esi/  a more large scale assessment of communities' sustainability and resilience.
Social: 
  1. Social Vulnerability Index - http://webra.cas.sc.edu/hvri/products/sovi.aspx a community level vulnerability assessment to environmental hazards
  2. Disaster Resilience of place (DROP) - http://lbrr.covalentwords.com/assets/docs/33.pdf  a framework for enhancing community resilience to hazards.
Economic: 
  1. Economic Resilience Index - http://www.oecd.org/economy/growth/economic-resilience.htm a large scale resilience assessment for economic shocks (both natural and man made)
  2. Economic Resilience to Disaster (Rose 2007; 2009) - http://www.sciencedirect.com/science/article/pii/S1747789107000555 an industry level resilience assessment to disaster. 
  • asked a question related to Vulnerability Analysis
Question
23 answers
Dear colleagues,
We know, everywhere and in everything the hazard exists without us, as a potential threat to all environmental and socio-economic components, in particular to humans and their welfare plus the vulnerability, immediately brings the negative consequences, exposure and susceptibility to losses cause the risk probability of hazard occurrence and in the end have the disaster, which makes the realization of a risk.
What is the ratio between hazard and risk when the vulnerability is at very low, low, modrate and high levels?
Thank you very much for opinion in advance!
Regards,
Relevant answer
Answer
If the word danger refers to threat, the equation that relates the threat, risk and vulnerability is:
R = T * V
-R = risk index
-T = threat index
-V = vulnerability index
Therefore, if the vulnerability is very low, the risk will be very low (if the vulnerability or threat is 0 the risk will be 0). If the vulnerability or threat is high, the risk is also high. If the vulnerability is low, and the threat is high or vice versa, the risk will be high or low depending on what values have the threat and vulnerability.
The equation of the disaster is: 
Disaster = threat * vulnerability / social preparation
  • asked a question related to Vulnerability Analysis
Question
6 answers
 sir/ madam i m working as a researcher on the topic  “Assessment of Livestock Owners - Wildlife Conflict in the Vicinity of National Park”.
 I want to develop a index on livelihood vulnerability index, if any one have knowledge regarding this ,please share with me.
  • asked a question related to Vulnerability Analysis
Question
10 answers
 Identifying assets is the primary, and most critical step in threat modeling, because assets are essentially threat targets. 
So, How we could determine that the list of assets is complete and be sure that we have not overlooked relevant assets? 
Relevant answer
Answer
In addition to the above great feedbacks, you should also take in consideration all dependencies(1st, 2nd, etc... Order Levels) that each asset leverages and how many assets may share common dependencies. 
  • asked a question related to Vulnerability Analysis
Question
17 answers
I am interested in:
  • synthesis of evidence for the elements that make up the model
  • research on the introduction of S-V as a form of psychoeducation
  • development of multimedia methods of explaining the model
  • patient outcomes as a result of being exposed to S-V psychoeducation 
I have found the patient acceptability for the model to be very high, but I foresee problems in being able to demonstrate patient outcomes - other than knowledge acquisition.
Thanks in advance,
Richard.
Relevant answer
Answer
Many are now calling it resilience research used in different context - veterans health, mass disasters, children and women's health i nthe context of early trauma, aging, HIV, etc
  • asked a question related to Vulnerability Analysis
Question
1 answer
I have been studying vulnerability discovery models (VDMs) for a time. Most VDMs are focusing on predicting the number of vulnerabilities of a software. But I am  focusing on predicting the location of vulnerabilities. A software is composed of several modules. By learning the vulnerability history of a software, it is possible to build a model that can predict the location where the next vulnerability will occur, or predict the probabilities for each module that the next vulnerability will occur.
Therefore, I am searching for a vulnerability data set that not only contains the vulnerability's ID and its occurrence time, but also the location where it occurs. Vulnerability databases such as NVD contains the description of vulnerabilites. It is possible to confirm the location of each vulnerability. But that is a labrious work since so many pieces of vulnerability should be processed. Therefore, I am looking for such an avaiable data set? Do you have any information or suggestions?
Relevant answer
Answer
What you are looking for is very specific to a particular product . There is no way but to build it . You could identify an open source project like Firefox, OpenSSL, Linux Kernel etc for which the bugs (and vulnerabilities) are tracked publicly on their bug tracking systems. So you can pull the locations and build models around that. It is very specific to the project and may not be generic. 
We did similar work some time back not specifically on vulnerabilities but bugs in general , feel free to check out here . https://ece.uwaterloo.ca/~lintan/publications/imbalanced-icse15.pdf
Check this interesting paper in similar lines
  • asked a question related to Vulnerability Analysis
Question
8 answers
I prepared physical and social vulnerability maps of Seoul and Busan megacities. But I could not find the methods to validate those maps.
Relevant answer
Answer
I do not work with social modelling, but I would use old data and analyse them against the predictor variables (environmental and others). And based on this statistic I would create a predictive models and then used a second old dataset to validate, or rather evaluate, the predictive model. But that requires that the data used for happening is within the range of the data used for creating the model, if not you can not trust the predictive model if you  do not fully trust the interpolation that is made.
  • asked a question related to Vulnerability Analysis
Question
8 answers
I want to develop a framework to assess regional vulnerability taking into consideration climate change impacts to natural resources.
Relevant answer
Answer
Hi Asimina
In case you are interested in the vulnerability of communities which highly depend on natural resources, I can recommend the following two documents:
  • asked a question related to Vulnerability Analysis
Question
6 answers
1) I would like to know various mathematical and statistical methods used to check the accuracy of vulnerability maps generated by groundwater vulnerability assessment models such as DRASTIC, GOD, AVI and so on
2) How to validate the geospatial maps generated by vulnerability assessment models?
Kindly let me if there is any relevant paper for this purpose.
Also, is the physical investigation only option to validate the theoretical results obtained by vulnerability assessment models?
Relevant answer
Answer
Hi
Take a look to my paper entitled: ''Modelling nonpoint source pollution by nitrate of soil in the Mateur plain, northeast of Tunisia". 
  • asked a question related to Vulnerability Analysis
Question
17 answers
Usually an Internet search would return billions of results when the following keywords are looked up, 'disaster statistics' or 'natural hazard statistics'. Further exploration reveals official and unofficial numbers. To complicate matters there are various news reports which  furnish unverified  figures. Although I believe it may not be that easy to come to a consensus on putting a numerical figure on the losses but still where does one look for the right sources.
Having said that, I would appreciate if I can get some help in identifying the legitimate sources. It doesn't matter if it is at the International, national, regional or even local level.
Relevant answer
There are no reliable data about disasters, as all sources have both (avoidable and unavoidable) technical problems, scope, and not least self interest in manipulating the information (political, financial or otherwise). In addition, you have serious problem of aggregation across events, countries and over time when, especially but not only, using panel data. As long as you are aware of these deep failures, you can entertain some loose thought experiments. But my recommendation would be that you should be extremely careful from reading, let alone interpreting, too much from available data. Have a look at my 2013 book (Routledge) “Disasters and the Networked Economy” (especially Chapter 1: The Problem with Quantitative Studies).
  • asked a question related to Vulnerability Analysis
Question
23 answers
In recent years, the term resilience has gained importance in the literature on climate change replacing the concept of vulnerability which, for several decades, allowed to reveal the social origin of disasters but, How can the participation of society can be addressed in each of them? Or are they just antonyms?
En los últimos años, el término resiliencia ha cobrado importancia en la literatura sobre cambio climático, reemplazando al concepto de vulnerabilidad el cual, desde hace algunas décadas permitió revelar el origen social de los desastres, pero ¿cómo se puede abordar la participación de la sociedad en cada uno de ellos? O ¿simplemente son antónimos?
Relevant answer
Answer
I agree with Fabiola. Resilience and vulnerability are not opposites. One can be vulnerability yet resilient at the same time. For example it's well known that social cohesion in informal settlements are much higher than in well off areas. This cohesion contributes greatly to resilience. In the same vain someone which we might perceive to be not vulnerable at all (e.g. rich urban dwellers) might not be able to cope at all if they are faced by a significant event (i.e. losing everything). Although I am not an ecologist I also believe we should be looking at socio-ecological resilience because these two domains are so inextricably linked. Resilience is thus not only a human attribute but rather a collective characteristic. Some interesting reading on the subject:
 Frerks, G., Warner, J., & Weijs, B. 2011. The politics of vulnerability and resilience. Ambiente & Sociedade. SciELO Brasil. 14(2):105–122.
Cannon, T. & Müller-Mahn, D. 2010. Vulnerability, resilience and development discourses in context of climate change. Nat Hazards. 55(3):621–635.
Folke, C., Carpenter, S.R., Walker, B., Scheffer, M., Chapin, T., & Rockström, J. 2010. Resilience thinking: integrating resilience, adaptability and transformability. E&S. HarperCollins Publishers. 15(4):20.
O'Brien, G., O'Keefe, P., Rose, J., & Wisner, B. 2006. Climate change and disaster management. Disasters. Blackwell Science Ltd. 30(1):64–80.
Klein, R.J.T., Nicholls, R.J., & Thomalla, F. 2003. Resilience to natural hazards: How useful is this concept? Environmental Hazards. 5(1):35–45.
Keck, M. & Sakdapolrak, P. 2013. What is social resilience? Lessons learned and ways forward. Erdkunde. 67(1):5–19.
  • asked a question related to Vulnerability Analysis
Question
21 answers
Penetration testing is a very difficult and complex task in network security testing. How can we automate this process? Which tools or demo and test versions are available?
Relevant answer
Answer
Penetration testing tools are used to automate several tasks in order to improve testing performance and identify those security issues, which are harder to discover with manual testing analysis approaches. There are two general types of penetration testing tools: static and dynamic analysis. These both kind of tools are used with veracode to determine security susceptibilities. In addition, veracode’s binary scanning methodology is more accurate and result oriented that controls the false positive. The veracode can help small to large types of organization for handling the security risk. The penetration testing should be set in such a way to control the weak and vulnerable points of environment within the organization. The goal of incorporating penetration testing is the only way to secure the cyber-attacks and hacking.
So, the appropriate option is to make suitable change with Firewall and incorporate the penetration test features that can automate the testing process for security enhancement. The second option for automation of penetration testing is to employ with intrusion detection system (IDS) for handling the false positive. But I think Veracode-Platform does this function automatically.
  • asked a question related to Vulnerability Analysis
Question
6 answers
Assessment of human exposure is widely considered the starting point for social vulnerability mapping. Despite increasing efforts in building exposure databases even on global scale, there are still no commonly accepted definitions..
Relevant answer
Answer
Ok, I agree with Mr Holand's answer; however the answer to the question becomes more tricky if we are concerned with technological hazards (probably as Na-tech hazard. In this case exposure is not only a geographical property and there can be a confusion between exposure and vulnerability. Think for instance a young driver who is obsessed with high speeds and driving dangerously. He is of course exposed to a high probability of a car accident, i.e. exposed to a specific case of technical hazard. However, the factors of his exposure are intermingled with those of his vulnerability (he is in a sense an unconscious driver, susceptible to car accidents.