Fuzzy Based Threat Analysis in Total Hospital Information System
This research attempts to develop fuzzy based threat analysis model in which; linguistic variable, fuzzy number and fuzzy weighted average are applied to deal with the uncertainty problem in potential threats evaluation in Total Hospital Information System (THIS) environment. In fuzzification process, Triangular Average Number technique using two sets of membership functions was applied to evaluate “likelihood” and “consequence” of THIS threat variables upon a particular THIS asset. Then, each security threat level was aggregated using Efficient Fuzzy Weighted Average (EFWA) algorithm. Finally, Best Fit Technique is used in defuzzification process to translate a single fuzzy value to linguistic terms that indicates the overall security threat level impact on THIS asset. To confirm the effectiveness of this adopted model, prototype is developed and verified using scenario method. Finding shown that this model, is capable to perform threat analysis with incomplete information and uncertain in THIS environment.
KeywordsTotal Hospital Information System (THIS) Risk Analysis Threats Information Security Fuzzy logic
Unable to display preview. Download preview PDF.
- 1.Narayana Samy, G., Ahmad, R., Ismail, Z.: Security Threats Categories in Healthcare Information Systems. In: 14th International Symposium on Health Information Management Research, Sweden, pp. 109–117 (2009)Google Scholar
- 2.Maglogiannis, I., Zafiropoulos, E.: Modeling risk in distributed healthcare information systems. In: 28th Annual International Conference of the IEEE on Engineering in Medical and Biology Society, pp. 5447–5450. IEEE Press, New York (2006)Google Scholar
- 3.Ahmad, R., Narayana Samy, G., Bath, P.A., Ismail, Z., Ibrahim, N.Z.: Threats Identification in Healthcare Information Systems using Genetic Algorithm and Cox Regression. In: 5th International Conference on Information Assurance and Security, pp. 757–760. IEEE Computer Society, China (2009)CrossRefGoogle Scholar
- 4.Fu, Y., Qin, Y., Wu, X.: A method of information security risk assessment using fuzzy number operations. In: 4th International Conference on Wireless Communications, Networking and Mobile Computing. IEEE, China (2008)Google Scholar
- 6.Pan, C., Cai, X.: A Model of Enterprise Strategic Risk Assessment: Based on the Theory of Multi-Objective Fuzzy Optimization. In: 4th International Conference on Wireless Communications, Networking and Mobile Computing. IEEE, China (2008)Google Scholar
- 8.Issues in Informing Science and Information Technology, http://proceedings.informingscience.org/InSITE2007/IISITv4p053-061Sodi261.pdf
- 9.Zimmermann, H.J.: Fuzzy Sets, Decision Making and Expert Systems. Kluwer Academic Publishers, USA (1987)Google Scholar
- 10.International Organization for Standardization: ISO/IEC 27005: Information Security Risk Management Standard. ISO Publication, London (2008) Google Scholar
- 11.Council of Standards Australia: AS/NZS 4360:1999 Australian Standard Risk Management. Standards Association of Australia, NSW (1999) Google Scholar
- 12.Bones, E., Hasvold, P., Henriksen, E., Strandenaes, T.: Risk analysis of information security in mobile instant messaging and presence system for healthcare. IJMI 76, 677–687 (2007)Google Scholar