Fuzzy Based Threat Analysis in Total Hospital Information System

  • Nurzaini Mohamad Zain
  • Ganthan Narayana Samy
  • Rabiah Ahmad
  • Zuraini Ismail
  • Azizah Abdul Manaf
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6059)


This research attempts to develop fuzzy based threat analysis model in which; linguistic variable, fuzzy number and fuzzy weighted average are applied to deal with the uncertainty problem in potential threats evaluation in Total Hospital Information System (THIS) environment. In fuzzification process, Triangular Average Number technique using two sets of membership functions was applied to evaluate “likelihood” and “consequence” of THIS threat variables upon a particular THIS asset. Then, each security threat level was aggregated using Efficient Fuzzy Weighted Average (EFWA) algorithm. Finally, Best Fit Technique is used in defuzzification process to translate a single fuzzy value to linguistic terms that indicates the overall security threat level impact on THIS asset. To confirm the effectiveness of this adopted model, prototype is developed and verified using scenario method. Finding shown that this model, is capable to perform threat analysis with incomplete information and uncertain in THIS environment.


Total Hospital Information System (THIS) Risk Analysis Threats Information Security Fuzzy logic 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Narayana Samy, G., Ahmad, R., Ismail, Z.: Security Threats Categories in Healthcare Information Systems. In: 14th International Symposium on Health Information Management Research, Sweden, pp. 109–117 (2009)Google Scholar
  2. 2.
    Maglogiannis, I., Zafiropoulos, E.: Modeling risk in distributed healthcare information systems. In: 28th Annual International Conference of the IEEE on Engineering in Medical and Biology Society, pp. 5447–5450. IEEE Press, New York (2006)Google Scholar
  3. 3.
    Ahmad, R., Narayana Samy, G., Bath, P.A., Ismail, Z., Ibrahim, N.Z.: Threats Identification in Healthcare Information Systems using Genetic Algorithm and Cox Regression. In: 5th International Conference on Information Assurance and Security, pp. 757–760. IEEE Computer Society, China (2009)CrossRefGoogle Scholar
  4. 4.
    Fu, Y., Qin, Y., Wu, X.: A method of information security risk assessment using fuzzy number operations. In: 4th International Conference on Wireless Communications, Networking and Mobile Computing. IEEE, China (2008)Google Scholar
  5. 5.
    Ngai, E.W.T., Wat, F.K.T.: Fuzzy Decision Support System for Risk Analysis in E-Commerce Development. Decision Support Sys. 40(2), 235–255 (2005)CrossRefGoogle Scholar
  6. 6.
    Pan, C., Cai, X.: A Model of Enterprise Strategic Risk Assessment: Based on the Theory of Multi-Objective Fuzzy Optimization. In: 4th International Conference on Wireless Communications, Networking and Mobile Computing. IEEE, China (2008)Google Scholar
  7. 7.
    Liao, Y., Ma, C., Zhang, C.: A New Fuzzy Risk Assessment Method for the Network Security Based on Fuzzy Similarity Measure. In: The Sixth World Congress on Intelligent Control and Automation, pp. 8486–8490. IEEE, China (2006)CrossRefGoogle Scholar
  8. 8.
    Issues in Informing Science and Information Technology,
  9. 9.
    Zimmermann, H.J.: Fuzzy Sets, Decision Making and Expert Systems. Kluwer Academic Publishers, USA (1987)Google Scholar
  10. 10.
    International Organization for Standardization: ISO/IEC 27005: Information Security Risk Management Standard. ISO Publication, London (2008) Google Scholar
  11. 11.
    Council of Standards Australia: AS/NZS 4360:1999 Australian Standard Risk Management. Standards Association of Australia, NSW (1999) Google Scholar
  12. 12.
    Bones, E., Hasvold, P., Henriksen, E., Strandenaes, T.: Risk analysis of information security in mobile instant messaging and presence system for healthcare. IJMI 76, 677–687 (2007)Google Scholar
  13. 13.
    Lee, D.H., Park, D.: An efficient algorithm for fuzzy weighted average. Fuzzy Sets and Systems 87(1), 39–45 (1997)CrossRefMathSciNetGoogle Scholar
  14. 14.
    Huang, Y.M., Kuo, Y.H., Lin, Y.T., Cheng, S.C.: Toward interactive mobile synchronous learning environment with context-awareness service. Comp. & Edu. 51(3), 1205–1226 (2008)CrossRefGoogle Scholar
  15. 15.
    Sommerville, I.: Software Engineering. Pearson Education Limited, England (2007)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Nurzaini Mohamad Zain
    • 1
  • Ganthan Narayana Samy
    • 2
  • Rabiah Ahmad
    • 1
  • Zuraini Ismail
    • 3
  • Azizah Abdul Manaf
    • 3
  1. 1.Centre for Advanced Software Engineering (CASE), Faculty of Computer Science and Information SystemsUniversiti Teknologi Malaysia (UTM)Malaysia
  2. 2.Department of Computer Systems and Communications, Faculty of Computer Science & Information SystemsUniversiti Teknologi Malaysia (UTM)Malaysia
  3. 3.Department of Science, College of Science and TechologyUniversiti Teknologi Malaysia (UTM)Malaysia

Personalised recommendations