Digital security vulnerabilities and threats implications for financial institutions deploying digital technology platforms and application: FMEA and FTOPSIS analysis

Digital disruptions have led to the integration of applications, platforms, and infrastructure. They assist in business operations, promoting open digital collaborations, and perhaps even the integration of the Internet of Things (IoTs), Big Data Analytics, and Cloud Computing to support data sourcing, data analytics, and storage synchronously on a single platform. Notwithstanding the benefits derived from digital technology integration (including IoTs, Big Data Analytics, and Cloud Computing), digital vulnerabilities and threats have become a more significant concern for users. We addressed these challenges from an information systems perspective and have noted that more research is needed identifying potential vulnerabilities and threats affecting the integration of IoTs, BDA and CC for data management. We conducted a step-by-step analysis of the potential vulnerabilities and threats affecting the integration of IoTs, Big Data Analytics, and Cloud Computing for data management. We combined multi-dimensional analysis, Failure Mode Effect Analysis, and Fuzzy Technique for Order of Preference by Similarity for Ideal Solution to evaluate and rank the potential vulnerabilities and threats. We surveyed 234 security experts from the banking industry with adequate knowledge in IoTs, Big Data Analytics, and Cloud Computing. Based on the closeness of the coefficients, we determined that insufficient use of backup electric generators, firewall protection failures, and no information security audits are high-ranking vulnerabilities and threats affecting integration. This study is an extension of discussions on the integration of digital applications and platforms for data management and the pervasive vulnerabilities and threats arising from that. A detailed review and classification of these threats and vulnerabilities are vital for sustaining businesses’ digital integration.

[1]  M. Francisca Hinarejos,et al.  RiskLaine: A Probabilistic Approach for Assessing Risk in Certificate-Based Security , 2018, IEEE Transactions on Information Forensics and Security.

[2]  Gunasekaran Manogaran,et al.  A new architecture of Internet of Things and big data ecosystem for secured smart healthcare monitoring and alerting system , 2017, Future Gener. Comput. Syst..

[3]  Kaveh Khalili Damghani,et al.  A hybrid fuzzy multiple criteria group decision making approach for sustainable project selection , 2013, Appl. Soft Comput..

[4]  Nickson M. Karie,et al.  Cloud-Centric Framework for isolating Big data as forensic evidence from IoT infrastructures , 2017, 2017 1st International Conference on Next Generation Computing Applications (NextComp).

[5]  W. Kuan Hon,et al.  Banking in the cloud: Part 1 - banks' use of cloud services , 2018, Comput. Law Secur. Rev..

[6]  Jamal Ghodousi,et al.  Safety barriers analysis of offshore drilling system by employing Fuzzy Event Tree Analysis , 2015 .

[7]  Muaz A. Niazi,et al.  Cloud identity management security issues & solutions: a taxonomy , 2014, Complex Adapt. Syst. Model..

[8]  Kim-Kwang Raymond Choo,et al.  Internet- and cloud-of-things cybersecurity research challenges and advances , 2018, Comput. Secur..

[9]  Brij B. Gupta,et al.  Security, privacy & efficiency of sustainable Cloud Computing for Big Data & IoT , 2018, Sustain. Comput. Informatics Syst..

[10]  Mathias Ekstedt,et al.  Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture , 2014, Comput. Secur..

[11]  Kevin Jones,et al.  A review of cyber security risk assessment methods for SCADA systems , 2016, Comput. Secur..

[12]  Lotfi A. Zadeh,et al.  Fuzzy Logic for Business, Finance, and Management , 1997, Advances in Fuzzy Systems - Applications and Theory.

[13]  Ana Paula Cabral Seixas Costa,et al.  A multidimensional approach to information security risk management using FMEA and fuzzy theory , 2014, Int. J. Inf. Manag..

[14]  Kyungmee O. Kim,et al.  General model for the risk priority number in failure mode and effects analysis , 2018, Reliab. Eng. Syst. Saf..

[15]  Jerry den Hartog,et al.  Security and privacy for innovative automotive applications: A survey , 2018, Comput. Commun..

[16]  George Bojadziev,et al.  Fuzzy Logic for Business, Finance, and Management - 2nd Edition , 2007, Advances in Fuzzy Systems - Applications and Theory.

[17]  Miguel P Caldas,et al.  Research design: qualitative, quantitative, and mixed methods approaches , 2003 .

[18]  Young-Sik Jeong,et al.  A survey on cloud computing security: Issues, threats, and solutions , 2016, J. Netw. Comput. Appl..

[19]  Mincong Tang,et al.  Information Security Engineering: a Framework for Research and Practices , 2013, Int. J. Comput. Commun. Control.

[20]  Péter Fehér,et al.  Using Design Thinking to Identify Banking Digitization Opportunities - Snapshot of the Hungarian Banking System , 2017, Bled eConference.

[21]  Mario Rapaccini,et al.  The role of digital technologies for the service transformation of industrial companies , 2018, Int. J. Prod. Res..

[22]  Zhenlong Li,et al.  Big Data and cloud computing: innovation opportunities and challenges , 2017, Int. J. Digit. Earth.

[23]  Cheng Zhang,et al.  Blockchain Empowered Arbitrable Data Auditing Scheme for Network Storage as a Service , 2020, IEEE Transactions on Services Computing.

[24]  Ioannis Mavridis,et al.  Information infrastructure risk prediction through platform vulnerability analysis , 2015, J. Syst. Softw..

[25]  Latifa Ben Arfa Rabai,et al.  A Security Risk Management Model for Cloud Computing Systems: Infrastructure as a Service , 2017, SpaCCS.

[26]  Amardeep Singh,et al.  Big Data: Hadoop framework vulnerabilities, security issues and attacks , 2019, Array.

[27]  Vidhyacharan Bhaskar,et al.  Identity and access management in cloud environment: Mechanisms and challenges , 2018 .

[28]  Margaret J. Robertson,et al.  Design and Analysis of Experiments , 2006, Handbook of statistics.

[29]  Umesh Kumar Singh,et al.  Information security risks management framework - A step towards mitigating security risks in university network , 2017, J. Inf. Secur. Appl..

[30]  P. Herbert Raj,et al.  Exploring Data Security Issues and Solutions in Cloud Computing , 2018 .

[31]  Mehdi Amiri-Aref,et al.  A general fuzzy TOPSIS based on new fuzzy positive and negative ideal solution , 2009, 2009 IEEE International Conference on Industrial Engineering and Engineering Management.

[32]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[33]  Tie Xu,et al.  Critical Infrastructure Vulnerabilities: Embracing a Network Mindset , 2016 .

[34]  Gang Chen,et al.  Model of Information Security Risk Assessment based on Improved Wavelet Neural Network , 2013, J. Networks.

[35]  M. B. Ferreira,et al.  Identity management for the requirements of the information security , 2013, 2013 IEEE International Conference on Industrial Engineering and Engineering Management.

[36]  Gary B. Wills,et al.  Integration of Cloud Computing with Internet of Things: Challenges and Open Issues , 2017, 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[37]  A. Hadi-Vencheh,et al.  Failure mode and effects analysis A fuzzy group MCDM approach , 2013 .

[38]  Nan Liu,et al.  Risk evaluation approaches in failure mode and effects analysis: A literature review , 2013, Expert Syst. Appl..

[39]  S. Seuring,et al.  Challenges and opportunities of digital information at the intersection of Big Data Analytics and supply chain management , 2017 .

[40]  Mahmood Hussain Shah,et al.  Information security management needs more holistic approach: A literature review , 2016, Int. J. Inf. Manag..

[41]  Alireza Askarian,et al.  An application of failure mode and effect analysis (FMEA) to assess risks in petrochemical industry in Iran , 2015 .

[42]  Ragib Hasan,et al.  Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things , 2015, 2015 IEEE World Congress on Services.

[43]  Daniel J. Power,et al.  Challenges for digital transformation – towards a conceptual decision support guide for managers , 2018, J. Decis. Syst..

[44]  Imran A. Zualkernan,et al.  Internet of things (IoT) security: Current status, challenges and prospective measures , 2015, 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST).

[45]  Mohsen Guizani,et al.  Smart Cities: A Survey on Data Management, Security, and Enabling Technologies , 2017, IEEE Communications Surveys & Tutorials.

[46]  Edmundo Roberto Mauro Madeira,et al.  Virtual network security: threats, countermeasures, and challenges , 2015, Journal of Internet Services and Applications.

[47]  Lotfi A. Zadeh,et al.  Fuzzy Sets , 1996, Inf. Control..

[48]  Farhan Ullah,et al.  Semantic interoperability for big-data in heterogeneous IoT infrastructure for healthcare , 2017 .

[49]  Athanasios V. Vasilakos,et al.  IoT-Based Big Data Storage Systems in Cloud Computing: Perspectives and Challenges , 2017, IEEE Internet of Things Journal.

[50]  Tadayoshi Kohno,et al.  Computer security for data collection technologies☆ , 2018, Development engineering.

[51]  Borka Jerman-Blazic,et al.  An economic modelling approach to information security risk management , 2008, Int. J. Inf. Manag..

[52]  Ali Ismail Awad,et al.  Security risk assessment within hybrid data centers: A case study of delay sensitive applications , 2018, J. Inf. Secur. Appl..

[53]  Muthu Ramachandran,et al.  Cloud Computing Adoption Framework – a security framework for business clouds , 2015 .

[54]  Hu-Chen Liu,et al.  Human reliability assessment for medical devices based on failure mode and effects analysis and fuzzy linguistic theory , 2014 .

[55]  Divine Quazie Agozie,et al.  Integrating Digital Innovation Capabilities Towards Value Creation: A Conceptual View , 2020, Int. J. Intell. Inf. Technol..

[56]  Silvia Carpitella,et al.  A combined multi-criteria approach to support FMECA analyses: A real-world case , 2018, Reliab. Eng. Syst. Saf..

[57]  Athanasios V. Vasilakos,et al.  Security in Software-Defined Networking: Threats and Countermeasures , 2016, Mobile Networks and Applications.

[58]  Nan Liu,et al.  Risk evaluation in failure mode and effects analysis with extended VIKOR method under fuzzy environment , 2012, Expert Syst. Appl..

[59]  Samuel Yousefi,et al.  An extended FMEA approach based on the Z-MOORA and fuzzy BWM for prioritization of failures , 2019, Appl. Soft Comput..

[60]  Yang Xu,et al.  A Blockchain-Based Nonrepudiation Network Computing Service Scheme for Industrial IoT , 2019, IEEE Transactions on Industrial Informatics.

[61]  John K. Zao,et al.  OpenFog security requirements and approaches , 2017, 2017 IEEE Fog World Congress (FWC).

[62]  Chen-Tung Chen,et al.  Extensions of the TOPSIS for group decision-making under fuzzy environment , 2000, Fuzzy Sets Syst..

[63]  Gang Liu,et al.  Multi-level decision-making model for product design based on Fuzzy set theory , 2006, 2006 First International Symposium on Pervasive Computing and Applications.

[64]  H. Schneider Failure mode and effect analysis : FMEA from theory to execution , 1996 .

[65]  Abhishek Narain Singh,et al.  Identifying factors of "organizational information security management" , 2014, J. Enterp. Inf. Manag..

[66]  Robert LIN,et al.  NOTE ON FUZZY SETS , 2014 .

[67]  Xiaofei Xing,et al.  Trustworthy Network Anomaly Detection Based on an Adaptive Learning Rate and Momentum in IIoT , 2020, IEEE Transactions on Industrial Informatics.

[68]  MousannifHajar,et al.  Access control in the Internet of Things , 2017 .