Risk analysis in information systems: A Fuzzy approach

Author

Vicente, E. ; Mateos, Alfonso ; Jimenez, Alvaro

Author_Institution

Grupo de Analisis de Decisiones y Estadistica., Univ. Politec. de Madrid, Madrid, Spain

fYear

2013

fDate

19-22 June 2013

Firstpage

1

Lastpage

7

Abstract

Assets are interrelated in risk analysis methodologies for information systems promoted by international standards. This means that an attack on one asset can be propagated through the network and threaten an organization´s most valuable assets. It is necessary to valuate all assets, the direct and indirect asset dependencies, as well as the probability of threats and the resulting asset degradation. However, the experts in charge to assign such values often provide only vague and uncertain information. Fuzzy logic can be very helpful in such situation, but it is not free of some difficulties, such as the need of a proper arithmetic to the model under consideration or the establishment of appropriate similarity measures. Throughout this paper we propose a fuzzy treatment for risk analysis models promoted by international methodologies through the establishment of such elements.

Keywords

fuzzy logic; information systems; risk analysis; security of data; standards; direct asset dependencies; fuzzy logic; fuzzy treatment; indirect asset dependencies; information systems; international methodologies; international standards; risk analysis methodologies; threat probability; uncertain information; Abstracts; Information systems; Nickel; Risk analysis; Silicon; Silicon compounds; Tiles; análisis de riesgos; números difusos trapezoidales; sistemas de información;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Systems and Technologies (CISTI), 2013 8th Iberian Conference on

Conference_Location

Lisboa

Type

conf

Filename

6615747