Cyber Security Risk Modeling in Distributed Information Systems

Round 1

Reviewer 1 Report

The subject of the article is interesting and corresponds to the goals and scope of the journal.

Here are my detailed comments:

1)    There are many grammar and typo errors in English for example:

-        Page 2 line 81 – Literarure should be corrected to Literature.

-       Page 8 line 335 - A necesary conditions should be corrected to- The necessary conditions.

2)    The literature survey is too long.

3)    The authors should compare their proposed method with other methods. What does it add to the subject area compared to other published material?

4)   Fig. 10. Fragment of the training dataset - This Figure must be edited.

5)   Page 11 - Equation (1) -  Give an explanation for the index -1,2,...,n

6)   Page 13 equation (4) must be corrected.

7)   Page 14 – "terminals, and other critical infrastructure listed in the table below". Fig. 9.  Or table 1?  

8)    Page 19 – "The effectiveness of the proposed solution is 80%, which demonstrates a high level of the accuracy of the model in the tasks of intelligent evaluation and classification." It is not clear to me how the authors state this conclusion. Please provide a calculation that supports this claim.

9)    The conclusion section is not at a satisfactory level. There is an insufficient reference to the contributions and uniqueness of the research and in addition, there is no reference to the limitations. the authors should provide a general interpretation of the rustles, the unique contributions of the paper, limitations of the research, managerial implications, and the impact that the paper might have on future research and on policy decisions.

 

10)   The authors must add updated articles with 3 to 5 references from the “Applied Sciences" journal.

Author Response

Answer in attachment

Author Response File: Author Response.docx

Reviewer 2 Report

This paper provides aggregate information on various risk assessment methodologies such as quantitative, qualitative, and hybrid methods, a comparison of their advantages and disadvantages, as well as analysis of the possibility of application in distributed information systems. Generally speaking, it is well written and easy to follow. However, I have some comments as follows.

1. In figure 2, the authors indicates key factors during measuring the level of cyber risks according to “The Marsh Microsoft 2019 Global Cyber Risk Perception Survey” (September 2019). Could they provide more up-to-date data?

2. For figure 3, Could the authors improve the clarity of the words?

3. Why do the authors choose the decision tree algorithm? What are the advantages and disadvantages of this method? Why do they think the decision tree as an appropriate method? How is the well-known neural network method?

4. For figure 11, I think it is unnecessary to display the code for the method.

5. The authors are also required to summarize the contributions of this paper.

6. The literature review should be improved by citing more relevant papers. Just list several as follows.

Sensing Data Supported Traffic Flow Prediction via Denoising Schemes and ANN: A Comparison. IEEE Sensors Journal 20(23): 14317-14328.

Exploring influence mechanism of bikesharing on the use of public transportation — a case of Shanghai, Transportation Letters, DOI: 10.1080/19427867.2022.2093287

Author Response

Answer in attachment

Author Response File: Author Response.docx

Reviewer 3 Report

this needs to be published asap, it is very timely.  Aligning the risk framework to ethics would have been good, as there is a need to include ethics in these frameworks.

Author Response

Answer in attachment

Author Response File: Author Response.docx

Round 2

Reviewer 2 Report

Dear authors, thank you for modifying the paper according to my comments. I think it can be published in the current form.