Information Security Risk Assessment in Critical Infrastructure: A Hybrid MCDM Approach

The risk analysis has always been one of the essential procedures for any areas. The majority of security incidents occur because of ignoring risks or their inaccurate assessment. It is especially dangerous for critical infrastructures. Thus, the article is devoted to the description of the developed model of risk assessment for the essential infrastructures. The goal of the model is to provide a reliable method for multifaceted risk assessment of information infrastructure. The purpose of the article is to present a developed model based on integrated MCDM approaches that allow to correctly assess the risks of the critical information infrastructures.

[1]  Romualdas Ginevicius,et al.  A New Determining Method for the Criteria Weights in multicriteria Evaluation , 2011, Int. J. Inf. Technol. Decis. Mak..

[2]  S. French,et al.  25 years of MCDA in nuclear emergency management , 2013 .

[3]  Seyed Mojtaba Hosseini Bamakan,et al.  A Weighted Monte Carlo Simulation Approach to Risk Assessment of Information Security Management System , 2015, Int. J. Enterp. Inf. Syst..

[4]  Gintautas Dzemyda,et al.  Artificial Neural Network-Based Decision Support System for Development of an Energy-Efficient Built Environment , 2018 .

[5]  Jurgita Antucheviciene,et al.  An Extended Step-Wise Weight Assessment Ratio Analysis with Symmetric Interval Type-2 Fuzzy Sets for Determining the Subjective Weights of Criteria in Multi-Criteria Decision-Making Problems , 2018, Symmetry.

[6]  Jurgita Antucheviciene,et al.  HYBRID MULTIPLE CRITERIA DECISION MAKING METHODS: A REVIEW OF APPLICATIONS IN ENGINEERING , 2016 .

[7]  J. R. Taylor Automated HAZOP revisited , 2017 .

[8]  Wen-Ming Han,et al.  Discriminating risky software project using neural networks , 2015, Comput. Stand. Interfaces.

[9]  E. Zavadskas,et al.  Optimization of Weighted Aggregated Sum Product Assessment , 2012 .

[10]  Ben Gouldby,et al.  Adaptive Flood Risk Management Under Climate Change Uncertainty Using Real Options and Optimization , 2014, Risk analysis : an official publication of the Society for Risk Analysis.

[11]  James J. H. Liou,et al.  A novel multiple-criteria decision-making-based FMEA model for risk assessment , 2018, Appl. Soft Comput..

[12]  Gwo-Hshiung Tzeng,et al.  Risk Factor Assessment Improvement for China's Cloud Computing Auditing Using a New Hybrid MADM Model , 2017, Int. J. Inf. Technol. Decis. Mak..

[13]  Adiel Teixeira de Almeida,et al.  A review of the use of multicriteria and multi-objective models in maintenance and reliability , 2015 .

[14]  Francisco J. García-Peñalvo,et al.  An association rule mining method for estimating the impact of project management policies on software quality, development time and effort , 2008, Expert Syst. Appl..

[15]  Osvaldo Luiz Gonçalves Quelhas,et al.  Bow tie to improve risk management of natural gas pipelines , 2018 .

[16]  B. Boehm Software risk management: principles and practices , 1991, IEEE Software.

[17]  José Rui Figueira,et al.  A Multiple Criteria Decision Analysis Model Based on ELECTRE TRI-C for Erosion Risk Assessment in Agricultural Areas , 2014, Environmental Modeling & Assessment.

[18]  Ingrida GRABAUSKYTE,et al.  A Comparison of Decision Tree Induction with Binary Logistic Regression for the Prediction of the Risk of Cardiovascular Diseases in Adult Men , 2018, Informatica.

[19]  Zenonas Turskis,et al.  A Fuzzy Group Decision-making Model for Determining the Most Influential Persons in the Sustainable Prevention of Accidents in the Construction SMEs , 2019, Int. J. Comput. Commun. Control.

[20]  Anna Corinna Cagliano,et al.  Choosing project risk management techniques. A theoretical framework , 2015 .

[21]  Bertrand Galy,et al.  Fault tree analysis and risk mitigation strategies for mine hoists , 2018, Safety Science.

[22]  Jonas Siaulys,et al.  The Gerber-Shiu Discounted Penalty Function for the Bi-Seasonal Discrete Time Risk Model , 2018, Informatica.

[23]  Jayanath Ananda,et al.  A critical review of multi-criteria decision making methods with special reference to forest management and planning , 2009 .

[24]  Jurgita Antucheviciene,et al.  Selecting a Contractor by Using a Novel Method forMultiple Attribute Analysis: Weighted Aggregated SumProduct Assessment with Grey Values (WASPAS-G) , 2015 .

[25]  Michael McAleer,et al.  Risk Measurement and Risk Modelling using Applications of Vine Copulas , 2014 .

[26]  Seilkhan Boranbayev,et al.  The Modern State and the Further Development Prospects of Information Security in the Republic of Kazakhstan , 2018, ITNG 2018.

[27]  Edmundas Kazimieras Zavadskas,et al.  Selection of rational dispute resolution method by applying new step‐wise weight assessment ratio analysis (Swara) , 2010 .

[28]  Edmundas Kazimieras Zavadskas,et al.  An approach to multi‐attribute assessment of indoor environment before and after refurbishment of dwellings , 2009 .

[29]  Edmundas Kazimieras Zavadskas,et al.  Fuzzy Multiple Criteria Assessment of Construction Site Alternatives for Non-Hazardous Waste Incineration Plant in Vilnius City, Applying ARAS-F and AHP Methods , 2012 .

[30]  Gintautas Dzemyda,et al.  Processing of Undesirable Business Events in Advanced Production Planning Systems , 2012, Informatica.

[31]  Henrikas Sivilevičius,et al.  Quality Attributes And Complex Assessment Methodology of the Asphalt Mixing Plant , 2008 .

[32]  Abbas Afshar,et al.  Multi-objective reservoir operation under emergency condition: Abbaspour reservoir case study with non-functional spillways , 2014 .

[33]  Jurgita Antucheviciene,et al.  Hybrid multiple criteria decision-making methods: a review of applications for sustainability issues , 2016 .

[34]  Robert T. Eckenrode,et al.  Weighting Multiple Criteria , 1965 .

[35]  Hu-Chen Liu,et al.  Failure mode and effect analysis using MULTIMOORA method with continuous weighted entropy under interval-valued intuitionistic fuzzy environment , 2016, Soft Computing.

[36]  Abteen Ijadi Maghsoodi,et al.  Selection of Waste Lubricant Oil Regenerative Technology Using Entropy-Weighted Risk-Based Fuzzy Axiomatic Design Approach , 2018, Informatica.

[37]  J. Tamilselvi,et al.  FUZZY MULTI-CRITERIA RANDOM SEED AND CUTOFF POINT APPROACH FOR CREDIT RISK ASSESSMENT , 2018 .

[38]  S A Jozi,et al.  Health, safety, and environmental risk assessment of steel production complex in central Iran using TOPSIS , 2014, Environmental Monitoring and Assessment.

[39]  A. Clark,et al.  Enterprise Security Architecture: A Business-Driven Approach , 2005 .

[40]  Thomas L. Saaty,et al.  When is a Decision-Making Method Trustworthy? Criteria for Evaluating Multi-Criteria Decision-Making Methods , 2015, Int. J. Inf. Technol. Decis. Mak..

[41]  T. Sari,et al.  Risk management in automotive manufacturing process based on FMEA and grey relational analysis: A case study , 2018 .

[42]  Edmundas Kazimieras Zavadskas,et al.  Multi-criteria decision-making system for sustainable building assessment/certification , 2015 .

[43]  Igor Linkov,et al.  The value of information for managing contaminated sediments. , 2014, Environmental science & technology.

[44]  H. A. Lingstone,et al.  The Delphi Method: Techniques and Applications , 1976 .

[45]  Edmundas Kazimieras Zavadskas,et al.  Design of Products with Both International and Local Perspectives based on Yin-Yang Balance Theory and Swara Method , 2013 .

[46]  Arnas Kaceniauskas,et al.  Improvement of Security Costs Evaluation Process by Using Data Automatically Captured from BPMN and EPC Models , 2017, Business Process Management Workshops.

[47]  Davide Aloini,et al.  Risk assessment in ERP projects , 2012, Inf. Syst..

[48]  Kash Barker,et al.  Quantifying the risk of project delays with a genetic algorithm , 2015 .

[49]  Marjan Krisper,et al.  Diagnosing organizational risks in software projects: Stakeholder resistance , 2015 .

[50]  Jeff Kosseff Cybersecurity of the Person , 2018 .

[51]  Hossein Safari,et al.  Identifying and evaluating enterprise architecture risks using FMEA and fuzzy VIKOR , 2014, Journal of Intelligent Manufacturing.

[52]  Chin-Chen Chang,et al.  An Association Rule Mining Method for Spatial Database , 2002, ISDB.

[53]  Irem Y. Tumer,et al.  Implementation Procedures for the Risk in Early Design (RED) Method , 2008 .

[54]  Oluwarotimi Williams Samuel,et al.  Towards an efficient risk assessment in software projects-Fuzzy reinforcement paradigm , 2017, Comput. Electr. Eng..

[55]  D. Dubois,et al.  Operations on fuzzy numbers , 1978 .

[56]  Madjid Tavana,et al.  A hybrid fuzzy group decision support framework for advanced-technology prioritization at NASA , 2013, Expert Syst. Appl..

[57]  T. V. Garcez,et al.  Multidimensional Risk Assessment of Manhole Events as a Decision Tool for Ranking the Vaults of an Underground Electricity Distribution System , 2014, IEEE Transactions on Power Delivery.

[58]  Yacov Y. Haimes,et al.  Total Risk Management , 1991 .

[59]  Edmundas Kazimieras Zavadskas,et al.  Selection of Facade's Alternatives of Commercial and Public Buildings Based on Multiple Criteria , 2011 .

[60]  N. Goranin,et al.  THE METHODS AND TECHNOLOGIES OF RELIABILITY AND SECURITY OF INFORMATION SYSTEMS AND INFORMATION AND COMMUNICATION INFRASTRUCTURES , 2018 .

[61]  Qingji Zhou,et al.  Fuzzy and grey theories in failure mode and effect analysis for tanker equipment failure prediction , 2016 .

[62]  Astrid Allesch,et al.  Assessment methods for solid waste management: A literature review , 2014, Waste management & research : the journal of the International Solid Wastes and Public Cleansing Association, ISWA.

[63]  Xin Miao,et al.  Modeling of bilevel games and incentives for sustainable critical infrastructure system , 2010 .

[64]  Taufiq Immawan,et al.  Operational risk analysis with Fuzzy FMEA (Failure Mode and Effect Analysis) approach (Case study: Optimus Creative Bandung) , 2018 .

[65]  E Ferguson,et al.  From comparative risk assessment to multi-criteria decision analysis and adaptive management: recent developments and applications. , 2006, Environment international.

[66]  Edmundas Kazimieras Zavadskas,et al.  Multi-criteria selection of a deep-water port in the Eastern Baltic Sea , 2015, Appl. Soft Comput..

[67]  Robert LIN,et al.  NOTE ON FUZZY SETS , 2014 .

[68]  BamakanSeyed Mojtaba Hosseini,et al.  A Weighted Monte Carlo Simulation Approach to Risk Assessment of Information Security Management System , 2015 .

[69]  Jose M. Yusta,et al.  Methodologies and applications for critical infrastructure protection: State-of-the-art , 2011 .

[70]  Fang Yan,et al.  A set pair analysis based layer of protection analysis and its application in quantitative risk assessment , 2018, Journal of Loss Prevention in the Process Industries.

[71]  Paul L. Bannerman,et al.  Risk and risk management in software projects: A reassessment , 2008, J. Syst. Softw..

[72]  Yan Bai,et al.  Examining the Impact of Adverse Weather on Urban Rail Transit Facilities on the Basis of Fault Tree Analysis and Fuzzy Synthetic Evaluation , 2014 .

[73]  Dhananjay S. Phatak,et al.  Cybersecurity: Exploring core concepts through six scenarios , 2018, Cryptologia.

[74]  Baijian Yang,et al.  Internet of things: Survey on security , 2017, Inf. Secur. J. A Glob. Perspect..

[75]  Huayou Chen,et al.  Interval-valued intuitionistic fuzzy continuous weighted entropy and its application to multi-criteria fuzzy group decision making , 2014, Knowl. Based Syst..

[76]  Kannan Govindan,et al.  Interrelationships of risks faced by third party logistics service providers: A DEMATEL based approach , 2016 .

[77]  T.E. Bell Managing Murphy's law: engineering a minimum-risk system , 1989, IEEE Spectrum.

[78]  Jurgita Antucheviciene,et al.  A Hybrid Model Based on Fuzzy AHP and Fuzzy WASPAS for Construction Site Selection , 2015, Int. J. Comput. Commun. Control.

[79]  Seilkhan Boranbayev,et al.  Development of a software system to ensure the reliability and fault tolerance in information systems , 2018 .