Abstract
This paper deals with the selection of failure transmission, preventive and palliative safeguards that minimize the maximum risk caused by threats to the assets of an information system (IS) for a given budget. We assume that all the elements in the IS, i.e., the degree of dependence between assets, the valuations of the assets, the severity and frequency of the threats, and the effect induced by safeguards, can be valuated using a fuzzy linguistic scale. This is less stressful on experts and suitable for accounting for imprecision and/or vagueness about the inputs. We model and solve the respective fuzzy optimization problem by means of the simulated annealing metaheuristic and give an example to illustrate the safeguard selection process.
The paper was supported by Madrid Government project S-2009/ESP-1685 and the Ministry of Science project MTM2011-28983-CO3-03.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bortolan, G., Degani, R.: A Review of Some Methods for Ranking Subsets. Fuzzy Sets Syst. 15, 1–19 (1985)
Brunelli, M., Mezei, J.: How Different are Ranking Methods for Fuzzy Numbers? A Numerical Study. Int. J. Approx. Reason. 54, 627–639 (2013)
CCTA Risk Analysis and Management Method (CRAMM), Version 5.0. London: Central Computing and Telecommunications Agency, CCTA (2003)
ISO/IEC 17799:2005, Information Technology - Security Techniques - Code of Practice for Information Security Management. Geneva: International Organization for Standardization (2005)
ISO/IEC 27005:2011, Information Technology - Security Techniques - Information Security Risk Management. Geneva: International Organization for Standardization (2005)
Kirkpatrick, S., Gelatt, C.D., Vecchi, C.D.: Optimization by Simulated Annealing. Sci. 220, 671–680 (1983)
López Crespo, F., Amutio-Gómez, M.A., Candau, J., Mañas, J.A.: Methodology for Information Systems Risk. Analysis and Management (MAGERIT version 2). Books I, II and III. Madrid: Ministerio de Administraciones Públicas (2006a)
Murakami, S., Maeda, S., Imamura, S.: Fuzzy Decision Analysis on the Development of Centralized Regional Energy Control System. In: IFAC Symposium on Fuzzy Information Knowledge Representation and Decision Analysis, pp. 363–368. Pergamon Press, New York (1983)
Stoneburner, G., Gougen, A.: NIST 800-30 Risk Management. Guide for Information Technology Systems, pp. 800–830. National Institute of Standard and Technology, Gaithersburg (2002)
Vicente, E., Jiménez, A., Mateos, A.: A Fuzzy Approach to Risk Analysis in Information Systems. In: Proceedings of the 2nd International Conference on Operations Research and Enterprise Systems, pp. 130–133. Scitepress, Barcelona (2013a)
Vicente, E., Jiménez, A., Mateos, A.: An Interactive Method of Fuzzy Probability Elicitation in Risk Analysis. In: Intelligent Systems and Decision Making for Risk Analysis and Crisis Response, pp. 223–228. CRC Press, New York (2013b)
Wang, X., Kerre, E.E.: Reasonable Properties for the Ordering of Fuzzy Quantities (I and II). Fuzzy Sets Syst. 118, 375–385 (2001)
Zadeh, L.A.: Fuzzy Sets. Inform. Control 8, 338–353 (1965)
Zadeh, L.A.: The Concept of a Linguistic Variable and its Application to Approximate Reasoning. Parts 1, 2 and 3, Inform. Sci. 8, 199–249 (1975)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Vicente, E., Mateos, A., Jiménez-Martín, A. (2014). Selection of Safeguards for Fuzzified Risk Management in Information Systems. In: Rocha, Á., Correia, A., Tan, F., Stroetmann, K. (eds) New Perspectives in Information Systems and Technologies, Volume 1. Advances in Intelligent Systems and Computing, vol 275. Springer, Cham. https://doi.org/10.1007/978-3-319-05951-8_26
Download citation
DOI: https://doi.org/10.1007/978-3-319-05951-8_26
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-05950-1
Online ISBN: 978-3-319-05951-8
eBook Packages: EngineeringEngineering (R0)