A fuzzy decision model of risk assessment through fuzzy preference relations with users' confidence-interval

Risk assessment for security management is a complex process which linked to substantial ambiguous. However, existing techniques of risk analysis determine the solution by the probability distribution junction of threats and its impact loss. In fact, it is difficult for users to collect precise and adequate events to estimate the probability of threats and impact losses. Consequently, a fuzzy risk analysis model is developed to prioritize the risk ranking of assets. The proposed model uses pseudo-order preference model (POPM) to represent the imprecise preference degree of decision maker and determine the ranking of alternative using fuzzy majority concept. It extends the traditional risk analysis using fuzzy multiple-person decision making (MPDM) theory and POPM to risk analysis in fuzzy environment. Finally, a real case of risk assessment for the internet data center (IDC) is given to illustrate our approach.

[1]  J. Wang (International Joint Conference of CFSA/IFIS/SOFT 95 on Fuzzy Theory and Applications:065-070)A Fuzzy Outranking Approach for Design Evaluation in Conceptual Design , 1995 .

[2]  J. Kacprzyk,et al.  A `human-consistent' degree of consensus based on fuzzy login with linguistic quantifiers , 1989 .

[3]  J. Wang (International Journal of Production Research, 35(4):995-1010)A Fuzzy Outranking Method for Conceptual Design Evaluation , 1997 .

[4]  S. Orlovsky Decision-making with a fuzzy preference relation , 1978 .

[5]  John M. Carroll Decision support for risk analysis , 1983, Comput. Secur..

[6]  Francisco Herrera,et al.  Integrating three representation models in fuzzy multipurpose decision making based on fuzzy preference relations , 1998, Fuzzy Sets Syst..

[7]  Lotfi A. Zadeh,et al.  A COMPUTATIONAL APPROACH TO FUZZY QUANTIFIERS IN NATURAL LANGUAGES , 1983 .

[8]  T. Tanino Fuzzy preference orderings in group decision making , 1984 .

[9]  Gerald Shea,et al.  Risk Assessment and Decision Making in Business and Industry: A Practical Guide , 1999, Technometrics.

[10]  Shin Ta Liu,et al.  Risk Modeling, Assessment, and Management , 1999, Technometrics.

[11]  F. Herrera,et al.  A classification method of alternatives for multiple preference ordering criteria based on fuzzy majority. , 1996 .

[12]  Francisco Herrera,et al.  A rational consensus model in group decision making using linguistic assessments , 1997, Fuzzy Sets Syst..

[13]  Shyi-Ming Chen,et al.  Fuzzy group decision making for evaluating the rate of aggregative risk in software development , 2001, Fuzzy Sets Syst..

[14]  Dimitar Filev,et al.  On the issue of obtaining OWA operator weights , 1998, Fuzzy Sets Syst..

[15]  P. Vincke,et al.  Relational Systems of Preference with One or More Pseudo-Criteria: Some New Concepts and Results , 1984 .

[16]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[17]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[18]  Huey-Ming Lee,et al.  Group decision making using fuzzy sets theory for evaluating the rate of aggregative risk in software development , 1996, Fuzzy Sets Syst..