Title :
Risk analysis in information systems: A Fuzzy approach
Author :
Vicente, E. ; Mateos, Alfonso ; Jimenez, Alvaro
Author_Institution :
Grupo de Analisis de Decisiones y Estadistica., Univ. Politec. de Madrid, Madrid, Spain
Abstract :
Assets are interrelated in risk analysis methodologies for information systems promoted by international standards. This means that an attack on one asset can be propagated through the network and threaten an organization´s most valuable assets. It is necessary to valuate all assets, the direct and indirect asset dependencies, as well as the probability of threats and the resulting asset degradation. However, the experts in charge to assign such values often provide only vague and uncertain information. Fuzzy logic can be very helpful in such situation, but it is not free of some difficulties, such as the need of a proper arithmetic to the model under consideration or the establishment of appropriate similarity measures. Throughout this paper we propose a fuzzy treatment for risk analysis models promoted by international methodologies through the establishment of such elements.
Keywords :
fuzzy logic; information systems; risk analysis; security of data; standards; direct asset dependencies; fuzzy logic; fuzzy treatment; indirect asset dependencies; information systems; international methodologies; international standards; risk analysis methodologies; threat probability; uncertain information; Abstracts; Information systems; Nickel; Risk analysis; Silicon; Silicon compounds; Tiles; análisis de riesgos; números difusos trapezoidales; sistemas de información;
Conference_Titel :
Information Systems and Technologies (CISTI), 2013 8th Iberian Conference on
Conference_Location :
Lisboa
