Fuzzy Based Threat Analysis in Total Hospital Information System

This research attempts to develop fuzzy based threat analysis model in which; linguistic variable, fuzzy number and fuzzy weighted average are applied to deal with the uncertainty problem in potential threats evaluation in Total Hospital Information System (THIS) environment. In fuzzification process, Triangular Average Number technique using two sets of membership functions was applied to evaluate "likelihood" and "consequence" of THIS threat variables upon a particular THIS asset. Then, each security threat level was aggregated using Efficient Fuzzy Weighted Average (EFWA) algorithm. Finally, Best Fit Technique is used in defuzzification process to translate a single fuzzy value to linguistic terms that indicates the overall security threat level impact on THIS asset. To confirm the effectiveness of this adopted model, prototype is developed and verified using scenario method. Finding shown that this model, is capable to perform threat analysis with incomplete information and uncertain in THIS environment.

[1]  Shon Harris,et al.  CISSP All-in-One Exam Guide , 2001 .

[2]  Cunbao Ma,et al.  A New Fuzzy Risk Assessment Method for the Network Security Based on Fuzzy Similarity Measure , 2006, 2006 6th World Congress on Intelligent Control and Automation.

[3]  Xin Cai,et al.  A Model of Enterprise Strategic Risk Assessment: Based on the Theory of Multi-Objective Fuzzy Optimization , 2008, 2008 4th International Conference on Wireless Communications, Networking and Mobile Computing.

[4]  Salim Hariri,et al.  A proactive wireless self-protection system , 2008, ICPS '08.

[5]  Yen-Ting Lin,et al.  Toward interactive mobile synchronous learning environment with context-awareness service , 2008, Comput. Educ..

[6]  I. Maglogiannis,et al.  Modeling Risk in Distributed Healthcare Information Systems , 2006, 2006 International Conference of the IEEE Engineering in Medicine and Biology Society.

[7]  Witold Pedrycz,et al.  Fuzzy Systems Engineering - Toward Human-Centric Computing , 2007 .

[8]  Younes Benslimane,et al.  An exploration of wireless computing risks: Development of a risk taxonomy , 2004, Inf. Manag. Comput. Secur..

[9]  Yanlin Qin,et al.  A Method of Information Security Risk Assessment Using Fuzzy Number Operations , 2008, 2008 4th International Conference on Wireless Communications, Networking and Mobile Computing.

[10]  Eric W. T. Ngai,et al.  Fuzzy decision support system for risk analysis in e-commerce development , 2005, Decis. Support Syst..

[11]  Stasia Kahn,et al.  Medical Record Privacy and Security in a Digital Environment , 2008, IT Professional.

[12]  Dong Hoon Lee,et al.  An efficient algorithm for fuzzy weighted average , 1997, Fuzzy Sets Syst..

[13]  H. Zimmermann Fuzzy sets, decision making, and expert systems , 1987 .

[14]  Hung T. Nguyen,et al.  A First Course in Fuzzy Logic , 1996 .

[15]  A. S. Sodiya,et al.  Threat Modeling Using Fuzzy Logic Paradigm , 2007 .

[16]  Ganthan Narayana Samy,et al.  Security threats categories in healthcare information systems , 2010, Health Informatics J..

[17]  Per Hasvold,et al.  Risk analysis of information security in a mobile instant messaging and presence system for healthcare , 2007, Int. J. Medical Informatics.

[18]  M.F. Shipley,et al.  Managing risks to knowledge transference in information systems: a fuzzy rule-based model , 2005, Proceedings. 2005 IEEE International Engineering Management Conference, 2005..

[19]  Zdenko Kovacic,et al.  Fuzzy Controller Design: Theory and Applications , 2005 .

[20]  Peter A. Bath,et al.  Threats Identification in Healthcare Information Systems Using Genetic Algorithm and Cox Regression , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[21]  Terje Aven,et al.  Models and model uncertainty in the context of risk analysis , 2003, Reliab. Eng. Syst. Saf..