Information security risk analysis model using fuzzy decision theory. Issue 1 (February 2016)
- Record Type:
- Journal Article
- Title:
- Information security risk analysis model using fuzzy decision theory. Issue 1 (February 2016)
- Main Title:
- Information security risk analysis model using fuzzy decision theory
- Authors:
- de Gusmão, Ana Paula Henriques
e Silva, Lúcio Camara
Silva, Maisa Mendonça
Poleto, Thiago
Costa, Ana Paula Cabral Seixas - Abstract:
- Highlights: A risk analysis model for information security was proposed. The model is based on fuzzy decision theory. A taxonomy of events and scenarios using ETA methodology was developed. Alternatives can be ranked based on the criticality of the risk. The model provides information regarding the criticality causes of attacks. Results show that deliberate external database attack is the most risky alternative. Abstract: This paper proposes a risk analysis model for information security assessment, which identifies and evaluates the sequence of events – referred to as alternatives – in a potential accident scenario following the occurrence of an initiating event corresponding to abuses of Information Technology systems. In order to perform this evaluation, this work suggests the use of Event Tree Analysis combined with fuzzy decision theory. The contributions of the present proposal are: the development of a taxonomy of events and scenarios, the ranking of alternatives based on the criticality of the risk, considering financial losses, and finally, the provision of information regarding the causes of information system attacks of highest managerial relevance for organizations. We included an illustrative example regarding a data center aiming to illustrate the applicability of the proposed model. To assess its robustness, we analyzed twelve alternatives considering two different methods of setting probabilities of the occurrence of events. Results showed that deliberateHighlights: A risk analysis model for information security was proposed. The model is based on fuzzy decision theory. A taxonomy of events and scenarios using ETA methodology was developed. Alternatives can be ranked based on the criticality of the risk. The model provides information regarding the criticality causes of attacks. Results show that deliberate external database attack is the most risky alternative. Abstract: This paper proposes a risk analysis model for information security assessment, which identifies and evaluates the sequence of events – referred to as alternatives – in a potential accident scenario following the occurrence of an initiating event corresponding to abuses of Information Technology systems. In order to perform this evaluation, this work suggests the use of Event Tree Analysis combined with fuzzy decision theory. The contributions of the present proposal are: the development of a taxonomy of events and scenarios, the ranking of alternatives based on the criticality of the risk, considering financial losses, and finally, the provision of information regarding the causes of information system attacks of highest managerial relevance for organizations. We included an illustrative example regarding a data center aiming to illustrate the applicability of the proposed model. To assess its robustness, we analyzed twelve alternatives considering two different methods of setting probabilities of the occurrence of events. Results showed that deliberate external database services attack represent the most risky alternative. … (more)
- Is Part Of:
- International journal of information management. Volume 36:Issue 1(2016:Feb.)
- Journal:
- International journal of information management
- Issue:
- Volume 36:Issue 1(2016:Feb.)
- Issue Display:
- Volume 36, Issue 1 (2016)
- Year:
- 2016
- Volume:
- 36
- Issue:
- 1
- Issue Sort Value:
- 2016-0036-0001-0000
- Page Start:
- 25
- Page End:
- 34
- Publication Date:
- 2016-02
- Subjects:
- Information security -- Risk analysis -- Fuzzy decision theory
Social sciences -- Information services -- Periodicals
Social sciences -- Research -- Periodicals
Information science -- Periodicals
Management information systems -- Periodicals
Knowledge management -- Periodicals
Sciences sociales -- Documentation, Services de -- Périodiques
Sciences sociales -- Recherche -- Périodiques
Sciences de l'information -- Périodiques
Systèmes d'information de gestion -- Périodiques
Information science
Management information systems
Social sciences -- Information services
Social sciences -- Research
Periodicals
Electronic journals
025.52068 - Journal URLs:
- http://www.sciencedirect.com/science/journal/02684012 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.ijinfomgt.2015.09.003 ↗
- Languages:
- English
- ISSNs:
- 0268-4012
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4542.304900
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 23797.xml