Information Security Mitigation Controls with Fuzzy Linguistic Order  

Oleh:

Nagata, Kiyoshi ; Amagasa, Michihiro

Jenis: Article from Proceeding
Dalam koleksi: The 14th Asia Pacific Industrial Engineering and Management Systems Conference (APIEMS), 3-6 December 2013 Cebu, Philippines, page 1-8.
Topik: Information security; extended fuzzy outranking; mitigation controls; linguistic evaluation
Fulltext: 1095.pdf (362.49KB)

Isi artikel

Information system is one of the most important systems in any type of company, and they are always exposed to several kinds of risks which sometimes cause serious problems in business activities and sometimes charge high cost. There are many information risk evaluation and management systems proposed by researchers or organizations, and some of them include mitigation controls which are proposed to integrate in the system according to the companies’ characteristic, type of possible risks, properties of information asset critical to the company. The risks are evaluated using numerical and linguistic scales before choosing effective controls, and a certain method is applied to give the linkage between the risks and mitigation controls. We have already proposed a system for this purpose when the evaluation values are numerical values. Some researchers have proposed well-known methods to process linguistic values in decision making. In this paper, we propose a new system for the task of finding proper mitigation controls in case that the evaluations are done not only with numerical but also with linguistic values by applying the extended fuzzy outranking method. An illustrative example in an information security evaluation and management system is also given, and consider the effectiveness of mitigation controls output by each method.

Opini Anda

Klik untuk menuliskan opini Anda tentang koleksi ini!

Kembali