Title :
A fuzzy logic-based information security control assessment for organizations
Author :
Otero, A.R. ; Tejay, G. ; Otero, L.D. ; Ruiz-Torres, A.J.
Author_Institution :
Grad. Sch. of Comput. & Inf. Sci., Nova Southeastern Univ., Fort Lauderdale, FL, USA
Abstract :
For organizations, security of information is eminent as threats of information security incidents that could impact the information continue to increase. Alarming facts within the literature support the current lack of adequate information security practices and prompt for identifying additional methods to help organizations in protecting their sensitive and critical information. Research efforts shows inadequacies within traditional ISC assessment methodologies that do not promote an effective assessment, prioritization, and, therefore, implementation of ISC in organizations. This research-in-progress relates to the development of a tool that can accurately prioritize ISC in organizations. The tool uses fuzzy set theory to allow for a more accurate assessment of imprecise parameters than traditional methodologies. We argue that evaluating information security controls using fuzzy set theory leads to a more detailed and precise assessment and, therefore, supports an effective selection of information security controls in organizations.
Keywords :
fuzzy logic; fuzzy set theory; security of data; ISC assessment methodologies; critical information; fuzzy logic-based information security control assessment; fuzzy set theory; information security incidents; information security practices; organizations; sensitive information; Fuzzy reasoning; Fuzzy sets; Information security; Organizations; Standards organizations; assessment; evaluation; fuzzy logic; fuzzy set theory; information security; information security controls;
Conference_Titel :
Open Systems (ICOS), 2012 IEEE Conference on
Conference_Location :
Kuala Lumpur
Print_ISBN :
978-1-4673-1044-4
DOI :
10.1109/ICOS.2012.6417640
