Application of fuzzy set theory to evaluate the rate of aggregative risk in information security

Organizations use different types of information system to reach their goals. Decision makers are required to allocate a security budget and treatment strategy based on the risk priority of information systems. Each of the information systems has different components or assets. However, there is difficulty in aggregating the risk of each component. In this research a model is created to aggregate the risk of information system components to support decisions. Since there is uncertainty in the information security risk analysis area, we used fuzzy set theory in our model.

[1]  Mohammed Ketel IT security risk management , 2008, ACM-SE 46.

[2]  Mohd Sapiyan Bin Baba,et al.  Information security - Professional perceptions of knowledge-sharing intention under self-efficacy, trust, reciprocity, and shared-language , 2013, Comput. Educ..

[3]  He-Yau Kang,et al.  A green supplier selection model for high-tech industry , 2009, Expert Syst. Appl..

[4]  Amy Hsin-I Lee,et al.  Analysis of priority mix planning for semiconductor fabrication under uncertainty , 2006 .

[5]  Richard Bellman,et al.  Decision-making in fuzzy environment , 2012 .

[6]  Rawaa Dawoud Al-Dabbagh,et al.  Genetic Algorithm Approach for Risk Reduction of Information Security , 2012 .

[7]  Chen-Tung Chen,et al.  A fuzzy approach for supplier evaluation and selection in supply chain management , 2006 .

[8]  Jan H. P. Eloff,et al.  Risk analysis modelling with the use of fuzzy logic , 1996, Comput. Secur..

[9]  Amy H. I. Lee,et al.  Analysis of priority mix planning for the fabrication of semiconductors under uncertainty , 2006 .

[10]  Grant Purdy,et al.  ISO 31000:2009—Setting a New Standard for Risk Management , 2010, Risk analysis : an official publication of the Society for Risk Analysis.

[11]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[12]  Lotfi A. Zadeh,et al.  Fuzzy Sets , 1996, Inf. Control..

[13]  Edward Humphreys,et al.  Information security management standards: Compliance, governance and risk management , 2008, Inf. Secur. Tech. Rep..

[14]  Rawaa Dawoud Al-Dabbagh,et al.  GENETIC ALGORITHM APPROACH FOR RISK REDUCTION OF INFORMATIONSECURITY , 2012 .

[15]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[16]  James Stevens,et al.  Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process , 2007 .

[17]  Thomas Peltier,et al.  Information Security Risk Analysis: A Pedagogic Model Based on a Teaching Hospital , 2006 .

[18]  Alireza Tamjidyamcholo Information security risk reduction based on genetic algorithm , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[19]  Loren Paul Rees,et al.  Decision support for Cybersecurity risk planning , 2011, Decis. Support Syst..