Research on Information Security Risk Assessment Method Based on Fuzzy Rule Set

With the increasing complexity of the network structure and the increasing size of the network, various network security incidents pose an increasing threat to the security of computer systems and the network. Especially, in the network environment, the diversified intrusion methods and application environment make the security of the network more fragile. In order to improve information security, based on fuzzy rule sets, this paper proposes a fuzzy association rule mining algorithm based on fuzzy matrix and applies it to security event correlation. In addition, this paper combines the embedded system to construct an information security risk assessment system and sets the system performance based on the actual situation. Finally, this paper carries out experimental design to verify the performance of the system and analyzes the experimental results by mathematical statistics. From the experimental research, it can be seen that the system constructed in this paper has a certain effect.

From rationale to lessons learned in the cloud information security risk assessment: a study of organizations in Sweden

Purpose This study aims to address the issue of practicing information security risk assessment (ISRA) on cloud solutions by studying municipalities and large organizations in Sweden. Design/methodology/approach Four large organizations and five municipalities that use cloud services and conduct ISRA to adhere to their information security risk management practices were studied. Data were gathered qualitatively to answer the study’s research question: How is ISRA practiced on the cloud? The Coat Hanger model was used as a theoretical lens to study and theorize the practices. Findings The results showed that the organizations aimed to follow the guidelines, in the form of frameworks or their own experience, to conduct ISRA; furthermore, the frameworks were altered to fit the organizations’ needs. The results further indicated that one of the main concerns with the cloud ISRA was the absence of a culture that integrates risk management. Finally, the findings also stressed the importance of a good understanding and a well-written legal contract between the cloud providers and the organizations using the cloud services. Originality/value As opposed to the previous research, which was more inclined to try out and evaluate various cloud ISRA, the study provides insights into the practice of cloud ISRA experienced by the organizations. This study represents the first attempt to investigate cloud ISRA that organizations practice in managing their information security.