Skip to main content
SpringerLink
Log in

A Fuzzy Model for Selecting Safeguards to Reduce Risks in Information Systems

  • Conference paper
  • First Online:
Operations Research and Enterprise Systems (ICORES 2014)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 509))

Included in the following conference series:

Abstract

Information systems can be represented by acyclic directed graphs where the nodes denote assets and the arcs connecting nodes represent the degree of dependency between assets. Threats are events that can trigger an incident in the organization, causing damage or intangible material loss to assets, and safeguards are measures for addressing threats. In this paper, we propose a fuzzy approach for selecting safeguards that minimizes costs while keeping the degree of dependency between support assets and terminal assets within acceptable levels. The approach is based on dynamic programming and uses the simulated annealing metaheuristic to solve optimization problems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Cerny, V.: Thermodynamical approach to the traveling salesman problem: an efficient simulation algorithm. J. Optim. Theory Appl. 45, 41–51 (1985)

    Article  MATH  MathSciNet  Google Scholar 

  2. Chen, S.-M.: New methods for subjective mental workload assessment and fuzzy risk analysis. Cybern. Syst. 27, 449–472 (1996)

    Article  MATH  Google Scholar 

  3. Chen, S.-J., Chen, S.-M.: Fuzzy risk analysis based on similarity measures of generalized fuzzy numbers. IEEE Trans. Fuzzy Syst. 11, 45–56 (2003)

    Article  Google Scholar 

  4. Chen, S.-J., Chen, S.-M.: Fuzzy risk analysis based on the ranking of generalized trapezoidal fuzzy numbers. Appl. Intell. 26, 1–11 (2007)

    Article  Google Scholar 

  5. CCTA Risk Analysis and Management Method (CRAMM), Version 5.0. Central Computing and Telecommunications Agency (CCTA), London, 2003 (2009)

    Google Scholar 

  6. Finetti, B.: Foresight: its logical laws, its subjective sources. In: Kyburg, H.E., Smokler, H.E. (eds.) Studies in Subjective Probability. Wiley, New York (1964)

    Google Scholar 

  7. Gomathi, V.L., Sivaraman, G.: A novel similarity measure between generalized fuzzy numbers. Int. J. Comput. Theory Eng. 4, 448–450 (2012)

    Google Scholar 

  8. ISO/IEC Serie 27000 International Organization for Standardization

    Google Scholar 

  9. Hejazi, S.R., Doostparast, A., Hosseini, S.M.: An improved fuzzy risk analysis based on a new similarity measures of generalized fuzzy numbers. Expert Syst. Appl. 38, 9179–9185 (2011)

    Article  Google Scholar 

  10. Kirkpatrick, S., Gelatt, C.D., Vecchi, M.P.: Optimization by simulated annealing. Science 220(4598), 671–680 (1983)

    Article  MATH  MathSciNet  Google Scholar 

  11. López Crespo, F., Amutio-Gómez, M.A., Candau, J., Mañas, J.A.: Methodology for Information Systems Risk. Analysis and Management (MAGERIT Version 2). Book I, Book II and Book III. Ministerio de Administraciones Públicas, Madrid (2006)

    Google Scholar 

  12. Savage, L.J.: The Foundations of Statistics. Wiley, New York (1954)

    MATH  Google Scholar 

  13. Sridevi, B., Nadarajan, R.: Fuzzy similarity measure for generalized fuzzy numbers. Int. J. Open Probl. Comp. Sci. Math. 2, 111–116 (2009)

    MathSciNet  Google Scholar 

  14. Stoneburner, G., Gougen, A.: NIST 800–30 Risk Management. Guide for Information Technology Systems. National Institute of Standard and Technology, Gaithersburg (2002)

    Google Scholar 

  15. Vicente, E., Jiménez, A., Mateos, A.: A Fuzzy Approach to risk analysis in information systems. In: Proceedings of the 2nd International Conference on Operations Research and Enterprise Systems, pp. 130–133 (2013)

    Google Scholar 

  16. Vicente, E., Mateos, A., Jiménez, A.: A new similarity function for generalized trapezoidal fuzzy numbers. In: Rutkowski, L., Korytkowski, M., Scherer, R., Tadeusiewicz, R., Zadeh, L.A., Zurada, J.M. (eds.) ICAISC 2013, Part I. LNCS, vol. 7894, pp. 400–411. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  17. Vicente, E., Jiménez, A., Mateos, A.: An interactive method of fuzzy probability elicitation in risk analysis. In: Intelligent Systems and Decision Making for Risk Analysis and Crisis Response, pp. 223–228. CRC Press, New York (2013)

    Google Scholar 

  18. Xu, Z., Shang, S., Qian, W., Shu, W.: A method for fuzzy risk analysis based on the new similarity of trapezoidal fuzzy numbers. Expert Syst. Appl. 37, 1920–1927 (2010)

    Article  Google Scholar 

  19. Zu, L., Xu, R.: Fuzzy risk analysis based on similarity measure of generalized fuzzy numbers. Springer, Berlin/Heidleberg (2012)

    Google Scholar 

Download references

Acknowledgements

The paper was supported by Madrid Government project S-2009/ESP-1685 and the Ministry of Science project MTM2011-28983-CO3-03.

Author information

Authors and Affiliations

  1. Artificial Intelligence Department, Technical University of Madrid, Madrid, Spain

    E. Vicente, A. Mateos & A. Jiménez-Martin

Authors
  1. E. Vicente
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. A. Mateos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. A. Jiménez-Martin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to A. Mateos .

Editor information

Editors and Affiliations

  1. IMA, LISA, Angers, France

    Eric Pinson

  2. Polytechnic Institute of SetĂşbal, SetĂşbal, Portugal

    Fernando Valente

  3. Complutense University, Madrid, Spain

    Begoña Vitoriano

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Vicente, E., Mateos, A., Jiménez-Martin, A. (2015). A Fuzzy Model for Selecting Safeguards to Reduce Risks in Information Systems. In: Pinson, E., Valente, F., Vitoriano, B. (eds) Operations Research and Enterprise Systems. ICORES 2014. Communications in Computer and Information Science, vol 509. Springer, Cham. https://doi.org/10.1007/978-3-319-17509-6_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-17509-6_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-17508-9

  • Online ISBN: 978-3-319-17509-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation