Developing an Information Security Risk Taxonomy and an Assessment Model using Fuzzy Petri Nets

2018 ◽  
Vol 20 (3) ◽  
pp. 48-69
Author(s):  
Dhanya Pramod ◽  
S. Vijayakumar Bharathi
Keyword(s):  
Risk Assessment ◽  
Information Security ◽  
Petri Nets ◽  
Assessment Model ◽  
Unique Contribution ◽  
Security Risk ◽  
Fuzzy Petri Nets ◽  
Information Security Risk ◽  
Security Risk Assessment ◽  
Risk Taxonomy

In the digital era, organization-wide information security risk assessment has gained importance because it can impact businesses in many ways. In this article, the authors propose a model to assess the information security risk using Fuzzy Petri Nets (FPN). Deeply rooted in the OCTAVE framework, this research presents a taxonomy of risk practice areas and risk factors. The authors apply the constituents of the taxonomy to risk assessment through a well-defined FPN model. The primary motive of the article is to extend the usability of FPNs to newer and less explored domains like audit and evaluation of information security risks. The unique contribution of this article is the definition and development of a comprehensive and measurable model of risk assessment and quantification. The model can also serve as a tool to capture the risk perception of the respondents for validating the criticality of risk and facilitate the top management to invest in information security control eco-system judiciously.

Assessment Model and Method Research of Information Security Risk

2014 ◽  
Vol 496-500 ◽  
pp. 2170-2173
Author(s):  
Zhen Lu ◽  
Zhen Xiong ◽  
Ke Qin Tu
Keyword(s):  
Risk Assessment ◽  
Information System ◽  
Information Security ◽  
Risk Model ◽  
System Engineering ◽  
Assessment Model ◽  
Security Risk ◽  
Information Safety ◽  
Information Security Risk ◽  
Security Risk Assessment

Security management of information system is one of the important contents of system engineering management, especially the security risk assessment, which places the core center of system engineering. Through risk assessment of an information system can help analyze system safety and find out the potential risk. Build risk model of information safety can provide necessary guidance for security strategy design and the implementation. This article researches the assessment model and method of information security risk.

scholarly journals Information Security Risk Assessment Model Based on Computing with Words

MENDEL ◽  
2017 ◽  
Vol 23 (1) ◽  
pp. 119-124
Author(s):  
Oleg Tymchuk ◽  
Maryna Iepik ◽  
Artyom Sivyakov
Keyword(s):  
Risk Factors ◽  
Risk Assessment ◽  
Information Security ◽  
Assessment Model ◽  
Computing With Words ◽  
Risk Assessment Model ◽  
It Services ◽  
Security Risk ◽  
Information Security Risk ◽  
Security Risk Assessment

The basis for company IT infrastructure security is information security risks assessment of IT services. The increased complexity, connectivity and rapid changes occurring in IT services make it impossible to apply traditional models of quantitative/qualitative risk assessment. Existing quantitative assessment models are time-consuming, at the same time, qualitative assessment models do not take into account the subjective expert assessments and the uncertainty of risk factors. This paper presents the new information security risk assessment model for IT services based on computing with words. The model methodology is based on OWASP risk rating methodology for web applications. To evaluate risk factors, it is proposed to use dictionary consisting of 16/32 granular terms (words). Problems of uncertainty in perceptual assessments of risk factors are taken into account using methods of the theory of discrete interval type-2 fuzzy sets and systems.

Sign in / Sign up

Export Citation Format

Share Document