For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
Maintenance Simulation and Maintainability Design Based on Virtual Reality
p.457
A Study on the X-Ray Image Quality Evaluation Method Based on Weighted Local Entropy
p.462
Integrated Input Training Neural Network PCA and RBF for Chemical Process Modelling
p.469
The Price of Anarchy of Non-Uniform Altruism Traffic Assignment
p.475
A Hybrid Approach for Information Systems Security Risk Assessment under Uncertain Environment
p.481
An Improved Locally Linear Embedding Method for Feature Extraction
p.487
Micro-Simulation System on Passengers of the PDL Station Design
p.493
Realization of Interactive Communication among Multi-Sensors Based on CAN Bus
p.497
Comparative Study on Moving Object Detection Method of Video Surveillance System in China High-Speed Railway Transport Hub
p.503

A Hybrid Approach for Information Systems Security Risk Assessment under Uncertain Environment

Article Preview

Abstract:

In electronic business environment, it is critical for an enterprise to assess information systems security (ISS) risks. In this paper, we propose a hybrid approach for ISS risk assessment. Given there is a great deal of uncertainty in the ISS risk assessment, in the hybrid approach, we combine the evidence theory with fuzzy sets to deal with the uncertain evidence found in the ISS risk assessment. The proposed approach provides a new way to define the basic belief assignment in fuzzy measure. Moreover, the approach also provides a method of testing the evidential consistency, which can reduce the uncertainty derived from the conflicts of evidence. Finally, the approach is further demonstrated and validated via a case study, in which the effectiveness of the proposed approach is evaluated by comparing it with other methods.

You might also be interested in these eBooks
Materials, Mechatronics and Automation View Preview

Info:

Periodical:

Key Engineering Materials (Volumes 467-469)

Pages:

481-486

DOI:

https://doi.org/10.4028/www.scientific.net/KEM.467-469.481

Citation:

Cite this paper

Online since:

February 2011

Authors:

Nan Feng, Jing Xie, Ying Xin Wu

Keywords:

Evidence Theory, Fuzzy Set, Information System, Security Risk

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2011 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

References

[1] M. Karyda, E. Kiountouzis and S. Kokolakis: Information systems security policies: A contextual perspective. Computers and Security Vol. 24(3) (2005), pp.246-260.

DOI: 10.1016/j.cose.2004.08.011

Google Scholar

[2] R. L. Winkler: Uncertainty in probabilistic risk assessment. Reliability Engineering and System Safety Vol. 54(2-3) (1996), pp.127-132.

DOI: 10.1016/s0951-8320(96)00070-1

Google Scholar

[3] L. D. Bodin, L. A. Gordon and M. P. Loeb: Information security and risk management. Communications of the ACM Vol. 51(4) (2008), pp.64-68.

DOI: 10.1145/1330311.1330325

Google Scholar

[4] Y. Huanchun: Risk evaluation model on enterprises' complex information system: a study based on the BP neural network. Journal of Software Vol. 5(1) (2010), pp.99-106.

Google Scholar

[5] L. Grunske, D. Joyce: Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles. Journal of Systems and Software Vol. 81(8) (2008), pp.1327-1345.

DOI: 10.1016/j.jss.2007.11.716

Google Scholar

[6] W. G. de Ru, J. H. P. Eloff: Risk analysis modeling with the use of fuzzy logic. Computers and Security Vol. 15(3) (1996), pp.239-248.

DOI: 10.1016/0167-4048(96)00008-9

Google Scholar

[7] D. Xu, J. Sha, P. Zhang and B. Wan: Study of switch project construction risk identification evaluation and tacking based on Delphi method. System Engineering Theory and Practice Vol. 20(12) (2000), pp.113-118.

Google Scholar

[8] H. Salmela: Analysing business losses caused by information systems risk: a business process analysis approach. Journal of Information Technology Vol. 23(3) (2008), pp.185-202.

DOI: 10.1057/palgrave.jit.2000122

Google Scholar

[9] C. Fan, Y. Yu: BBN-based software project risk management. Journal of Systems and Software Vol. 73(2) (2004), pp.193-203.

DOI: 10.1016/j.jss.2003.12.032

Google Scholar

[10] T. R. Peltier: Information Security Risk Analysis (CRC press, Boca Raton 2007).

Google Scholar

[11] X. Yang, H. Luo, C. Fan, M. Chen and S. Zhou: Analysis of risk evaluation techniques on information system security. Journal of Computer Applications Vol. 28(8) (2008), p.1920-(1924).

Google Scholar

[12] L. Zhou, A. Vasconcelos and M. Nunes: Supporting decision making in risk management through an evidence-based information systems project risk checklist. Information Management and Computer Security Vol. 16(2) (2008), pp.166-186.

DOI: 10.1108/09685220810879636

Google Scholar

[13] A. L. Jousselme, D. Grenier and E. Bosse: A new distance between two bodies of evidence. Information Fusion Vol. 2(1) (2001), pp.91-101.

DOI: 10.1016/s1566-2535(01)00026-4

Google Scholar

[14] C. K. Murphy: Combining belief functions when evidence conflicts. Decision Support Systems Vol. 29(1) (2000), pp.1-9.

DOI: 10.1016/s0167-9236(99)00084-6

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.