Abstract
Information systems can be represented by acyclic directed graphs where the nodes denote assets and the arcs connecting nodes represent the degree of dependency between assets. Threats are events that can trigger an incident in the organization, causing damage or intangible material loss to assets, and safeguards are measures for addressing threats. In this paper, we propose a fuzzy approach for selecting safeguards that minimizes costs while keeping the degree of dependency between support assets and terminal assets within acceptable levels. The approach is based on dynamic programming and uses the simulated annealing metaheuristic to solve optimization problems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cerny, V.: Thermodynamical approach to the traveling salesman problem: an efficient simulation algorithm. J. Optim. Theory Appl. 45, 41–51 (1985)
Chen, S.-M.: New methods for subjective mental workload assessment and fuzzy risk analysis. Cybern. Syst. 27, 449–472 (1996)
Chen, S.-J., Chen, S.-M.: Fuzzy risk analysis based on similarity measures of generalized fuzzy numbers. IEEE Trans. Fuzzy Syst. 11, 45–56 (2003)
Chen, S.-J., Chen, S.-M.: Fuzzy risk analysis based on the ranking of generalized trapezoidal fuzzy numbers. Appl. Intell. 26, 1–11 (2007)
CCTA Risk Analysis and Management Method (CRAMM), Version 5.0. Central Computing and Telecommunications Agency (CCTA), London, 2003 (2009)
Finetti, B.: Foresight: its logical laws, its subjective sources. In: Kyburg, H.E., Smokler, H.E. (eds.) Studies in Subjective Probability. Wiley, New York (1964)
Gomathi, V.L., Sivaraman, G.: A novel similarity measure between generalized fuzzy numbers. Int. J. Comput. Theory Eng. 4, 448–450 (2012)
ISO/IEC Serie 27000 International Organization for Standardization
Hejazi, S.R., Doostparast, A., Hosseini, S.M.: An improved fuzzy risk analysis based on a new similarity measures of generalized fuzzy numbers. Expert Syst. Appl. 38, 9179–9185 (2011)
Kirkpatrick, S., Gelatt, C.D., Vecchi, M.P.: Optimization by simulated annealing. Science 220(4598), 671–680 (1983)
López Crespo, F., Amutio-Gómez, M.A., Candau, J., Mañas, J.A.: Methodology for Information Systems Risk. Analysis and Management (MAGERIT Version 2). Book I, Book II and Book III. Ministerio de Administraciones Públicas, Madrid (2006)
Savage, L.J.: The Foundations of Statistics. Wiley, New York (1954)
Sridevi, B., Nadarajan, R.: Fuzzy similarity measure for generalized fuzzy numbers. Int. J. Open Probl. Comp. Sci. Math. 2, 111–116 (2009)
Stoneburner, G., Gougen, A.: NIST 800–30 Risk Management. Guide for Information Technology Systems. National Institute of Standard and Technology, Gaithersburg (2002)
Vicente, E., Jiménez, A., Mateos, A.: A Fuzzy Approach to risk analysis in information systems. In: Proceedings of the 2nd International Conference on Operations Research and Enterprise Systems, pp. 130–133 (2013)
Vicente, E., Mateos, A., Jiménez, A.: A new similarity function for generalized trapezoidal fuzzy numbers. In: Rutkowski, L., Korytkowski, M., Scherer, R., Tadeusiewicz, R., Zadeh, L.A., Zurada, J.M. (eds.) ICAISC 2013, Part I. LNCS, vol. 7894, pp. 400–411. Springer, Heidelberg (2013)
Vicente, E., Jiménez, A., Mateos, A.: An interactive method of fuzzy probability elicitation in risk analysis. In: Intelligent Systems and Decision Making for Risk Analysis and Crisis Response, pp. 223–228. CRC Press, New York (2013)
Xu, Z., Shang, S., Qian, W., Shu, W.: A method for fuzzy risk analysis based on the new similarity of trapezoidal fuzzy numbers. Expert Syst. Appl. 37, 1920–1927 (2010)
Zu, L., Xu, R.: Fuzzy risk analysis based on similarity measure of generalized fuzzy numbers. Springer, Berlin/Heidleberg (2012)
Acknowledgements
The paper was supported by Madrid Government project S-2009/ESP-1685 and the Ministry of Science project MTM2011-28983-CO3-03.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Vicente, E., Mateos, A., Jiménez-Martin, A. (2015). A Fuzzy Model for Selecting Safeguards to Reduce Risks in Information Systems. In: Pinson, E., Valente, F., Vitoriano, B. (eds) Operations Research and Enterprise Systems. ICORES 2014. Communications in Computer and Information Science, vol 509. Springer, Cham. https://doi.org/10.1007/978-3-319-17509-6_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-17509-6_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17508-9
Online ISBN: 978-3-319-17509-6
eBook Packages: Computer ScienceComputer Science (R0)