Skip to main content
SpringerLink
Log in

Risk Assessment for SWOP Telemonitoring System Based on Fuzzy Cognitive Maps

  • Conference paper
Multimedia Communications, Services and Security (MCSS 2013)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 368))

Abstract

For various IT systems security is considered to be a key quality factor. In particular, for health care systems security is of uttermost importance, as it is related to patients’ health and safety. Risk assessment is an important activity in security management; it aims at identifying assets, threats and vulnerabilities, analysis of implemented countermeasures and their effectiveness in mitigating risks. This paper discusses a new risk assessment method, in which risk calculation is based on Fuzzy Cognitive Maps (FCMs) approach. FCMs are used to capture dependencies between assets and FCM based reasoning is applied to aggregate risks assigned to lower-level assets (e.g. hardware, software modules, communications, people) to such high level assets as services, maintained data and processes. An application of the method is studied on an example of e-health system providing remote telemonitoring, data storage and teleconsultation services. Lessons learned indicate, that the proposed method is an efficient and low-cost approach, giving instantaneous feedback and enabling reasoning on effectiveness of security system.

This work is supported by the National Centre for Research and Development (NCBiR) under Grant No. NR13-0093-10.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. CRAMM, http://www.cramm.com/ (last accessed Januay 2013)

  2. Inventory of risk management / risk assessment methods, http://rm-inv.enisa.europa.eu/methods/rm_ra_methods.html (last accessed January 2013)

  3. Aguilar, J.: A Survey about Fuzzy Cognitive Maps Papers ( Invited Paper ). International Journal 3(2), 27–33 (2005)

    Google Scholar 

  4. Anderson, S., De Palma, A., Thisse, J.: Discrete Choice Theory of Product Differentiation. MIT Press (1992)

    Google Scholar 

  5. Axelrod, R.M.: Structure of Decision: The Cognitive Maps of Political Elites. Princeton University Press (1976)

    Google Scholar 

  6. Baudrit, C., Dubois, D., Guyonnet, D.: Joint propagation and exploitation of probabilistic and possibilistic information in risk assessment. Trans. Fuz. Sys. 14(5), 593–608 (2006)

    Article  Google Scholar 

  7. Birolini, A.: Reliability engineering: theory and practice, 3rd edn. (2000)

    Google Scholar 

  8. Bowles, J.B., Wan, C.: Software failure modes and effects analysis for a small embedded control system (2001)

    Google Scholar 

  9. Cervesato, I., Meadows, C.: Fault-tree representation of NPATRL security requirements (2003)

    Google Scholar 

  10. Chen, X.Z.: Hierarchical threat assessment and quantitative calculation method of network security threatening state. Journal of Software 17(4), 885–897 (2006)

    Article  MATH  Google Scholar 

  11. Chiang, F., Braun, R.: Self-adaptability and vulnerability assessment of secure autonomic communication networks. In: Ata, S., Hong, C.S. (eds.) APNOMS 2007. LNCS, vol. 4773, pp. 112–122. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  12. Craft, R., Vandewart, R., Wyss, G., Funkhouser, D.: An open framework for risk management, vol. 1 (1998)

    Google Scholar 

  13. Eom, J.-H., Park, S.-H., Han, Y.-J., Chung, T.-M.: Risk assessment method based on business process-oriented asset evaluation for information system security. In: Shi, Y., van Albada, G.D., Dongarra, J., Sloot, P.M.A. (eds.) ICCS 2007, Part III. LNCS, vol. 4489, pp. 1024–1031. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  14. Guttman, B., Roback, E.A.: An introduction to computer security: The NIST handbook. Security 800(12), 1–290 (1995)

    Google Scholar 

  15. Han, Y.J., Yang, J.S., Chang, B.H., Na, J.C., Chung, T.M.: The vulnerability assessment for active networks; model, policy, procedures, and performance evaluations. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 191–198. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  16. Hoo, K.J.S.: How much is enough? A risk-management approach to computer security. In: Economics and Information Security, pp. 1–99. U.C. Berkeley, CA (2000)

    Google Scholar 

  17. Hubbard, D., Evans, D.: Problems with scoring methods and ordinal scales in risk assessment. Journal of Research and Development 54(3), 1–10 (2010)

    Google Scholar 

  18. Institute for Computer Sciences and Technology: Guideline for automatic data processing risk analysis. National Bureau of Standards, Institute for Computer Sciences and Technology (1979)

    Google Scholar 

  19. ISO/IEC: Information technology – security techniques – information security risk management, ISO/IEC 27005:2011. Tech. rep., International Organization for Standardization (2011)

    Google Scholar 

  20. Jetter, A., Schweinfort, W.: Building scenarios with Fuzzy Cognitive Maps: An exploratory study of solar energy. Futures 43(1), 52–66 (2011)

    Article  Google Scholar 

  21. Kosko, B.: Fuzzy Cognitive maps. International Journal of Machine Studies 24, 65–75 (1986)

    Article  MATH  Google Scholar 

  22. Landoll, D.J.: The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments. Auerbach Publications (2005)

    Google Scholar 

  23. Maglogiannis, I., Zafiropoulos, E., Platis, A., Lambrinoudakis, C.: Risk analysis of a patient monitoring system using bayesian network modeling. J. of Biomedical Informatics 39(6), 637–647 (2006)

    Article  Google Scholar 

  24. Modarres, M., Kaminskiy, M., Krivtsov, V.: Reliability engineering and risk analysis

    Google Scholar 

  25. Papageorgiou, E.I.: Learning Algorithms for Fuzzy Cognitive Maps - A Review Study. Construction, 1–14 (2011)

    Google Scholar 

  26. Peng, L.X., et al.: Model danger theory based network risk assessment (2007)

    Google Scholar 

  27. Ross, R.S.: Guide for conducting risk assessments, NIST SP - 800-30rev1, vol. 85. NIST Special Publication (September 2011)

    Google Scholar 

  28. Sherwood Applied Business Security Architecture: SABSA, http://www.sabsa-institute.org/the-sabsa-method (last accessed January 2013)

  29. Stamatis, D.H.: Failure mode and effect analysis: FMEA from theory to execution. ASQ Quality Press, Milwaykee (2003)

    Google Scholar 

  30. Stathiakis, N., Chronaki, C., Skipenes, E., Henriksen, E., Charalambus, E., Sykianakis, A., Vrouchos, G., Antonakis, N., Tsiknakis, M., Orphanoudakis, S.: Risk assessment of a cardiology eHealth service in HYGEIAnet (2003)

    Google Scholar 

  31. Sun, L., Srivastava, R.P., Mock, T.J.: An information systems security risk assessment model under the Dempster-Shafer theory of belief functions. J. Manage. Inf. Syst. 22(4), 109–142 (2006)

    Article  Google Scholar 

  32. Vesely, W.E., Goldberg, F.F., Roberts, N.H., Haasl, D.F.: Fault Tree handbook, Technical Report NUREG-0492 (1981)

    Google Scholar 

  33. Wang, Y., et al.: Research on and application of the analyzing method of network security based on security case reasoning. Minitype Computer System 24(12), 2082–2085 (2003)

    Google Scholar 

  34. Zhuang, Y., Li, X., Xu, B., Zhou, B.: Information security risk assessment based on artificial immune danger theory. In: Proceedings of the 2009 Fourth International Multi-Conference on Computing in the Global Information Technology, ICCGI 2009, pp. 169–174. IEEE Computer Society, Washington, DC (2009)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. AGH University of Science and Technology, Poland

    Piotr Szwed, Pawel Skrzynski & Pawel Grodniewicz

Authors
  1. Piotr Szwed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pawel Skrzynski
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pawel Grodniewicz
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Telecommunications, AGH University of Science and Technology, al. Mickiewicza 30, 30-059, Krakow, Poland

    Andrzej Dziech

  2. Multimedia Systems Department, Gdansk University of Technology, Narutowicza 11/12, Gdansk, Poland

    Andrzej CzyĹĽewski

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Szwed, P., Skrzynski, P., Grodniewicz, P. (2013). Risk Assessment for SWOP Telemonitoring System Based on Fuzzy Cognitive Maps. In: Dziech, A., CzyĹĽewski, A. (eds) Multimedia Communications, Services and Security. MCSS 2013. Communications in Computer and Information Science, vol 368. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38559-9_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38559-9_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38558-2

  • Online ISBN: 978-3-642-38559-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation