Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory. (December 2018)
- Record Type:
- Journal Article
- Title:
- Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory. (December 2018)
- Main Title:
- Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory
- Authors:
- Henriques de Gusmão, Ana Paula
Mendonça Silva, Maisa
Poleto, Thiago
Camara e Silva, Lúcio
Cabral Seixas Costa, Ana Paula - Abstract:
- Highlights: A model to evaluate cybersecurity risk of particular applications is proposed. Fault Tree Analysis, Decision Theory and Fuzzy Theory comprise the model. An illustrative example was applied to a website, e-commerce and enterprise resource planning (ERP). Results demonstrate that e-commerce may be more vulnerable to cybersecurity attacks. Abstract: Cybersecurity, which is defined as information security aimed at averting cyberattacks, which are among the main issues caused by the extensive use of networks in industrial control systems. This paper proposes a model that integrates fault tree analysis, decision theory and fuzzy theory to (i) ascertain the current causes of cyberattack prevention failures and (ii) determine the vulnerability of a given cybersecurity system. The model was applied to evaluate the cybersecurity risks involved in attacking a website, e-commerce and enterprise resource planning (ERP), and to assess the possible consequences of such attacks; we evaluate these consequences, which include data dissemination, data modification, data loss or destruction and service interruption, in terms of criteria related to financial losses and time for restoration. The results of the model application demonstrate its usefulness and illustrate the increased vulnerability of e-commerce to cybersecurity attacks, relative to websites or ERP, due partly to frequent operator access, credit transactions and users' authentication problems characteristic ofHighlights: A model to evaluate cybersecurity risk of particular applications is proposed. Fault Tree Analysis, Decision Theory and Fuzzy Theory comprise the model. An illustrative example was applied to a website, e-commerce and enterprise resource planning (ERP). Results demonstrate that e-commerce may be more vulnerable to cybersecurity attacks. Abstract: Cybersecurity, which is defined as information security aimed at averting cyberattacks, which are among the main issues caused by the extensive use of networks in industrial control systems. This paper proposes a model that integrates fault tree analysis, decision theory and fuzzy theory to (i) ascertain the current causes of cyberattack prevention failures and (ii) determine the vulnerability of a given cybersecurity system. The model was applied to evaluate the cybersecurity risks involved in attacking a website, e-commerce and enterprise resource planning (ERP), and to assess the possible consequences of such attacks; we evaluate these consequences, which include data dissemination, data modification, data loss or destruction and service interruption, in terms of criteria related to financial losses and time for restoration. The results of the model application demonstrate its usefulness and illustrate the increased vulnerability of e-commerce to cybersecurity attacks, relative to websites or ERP, due partly to frequent operator access, credit transactions and users' authentication problems characteristic of e-commerce. … (more)
- Is Part Of:
- International journal of information management. Volume 43(2018)
- Journal:
- International journal of information management
- Issue:
- Volume 43(2018)
- Issue Display:
- Volume 43, Issue 2018 (2018)
- Year:
- 2018
- Volume:
- 43
- Issue:
- 2018
- Issue Sort Value:
- 2018-0043-2018-0000
- Page Start:
- 248
- Page End:
- 260
- Publication Date:
- 2018-12
- Subjects:
- Cybersecurity -- Information security -- Risk analysis model -- Fuzzy decision theory -- Fault tree analysis
Social sciences -- Information services -- Periodicals
Social sciences -- Research -- Periodicals
Information science -- Periodicals
Management information systems -- Periodicals
Knowledge management -- Periodicals
Sciences sociales -- Documentation, Services de -- Périodiques
Sciences sociales -- Recherche -- Périodiques
Sciences de l'information -- Périodiques
Systèmes d'information de gestion -- Périodiques
Information science
Management information systems
Social sciences -- Information services
Social sciences -- Research
Periodicals
Electronic journals
025.52068 - Journal URLs:
- http://www.sciencedirect.com/science/journal/02684012 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.ijinfomgt.2018.08.008 ↗
- Languages:
- English
- ISSNs:
- 0268-4012
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4542.304900
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 11146.xml