Information security risk analysis model using fuzzy decision theory
作者:
Highlights:
• A risk analysis model for information security was proposed.
• The model is based on fuzzy decision theory.
• A taxonomy of events and scenarios using ETA methodology was developed.
• Alternatives can be ranked based on the criticality of the risk.
• The model provides information regarding the criticality causes of attacks.
• Results show that deliberate external database attack is the most risky alternative.
摘要
•A risk analysis model for information security was proposed.•The model is based on fuzzy decision theory.•A taxonomy of events and scenarios using ETA methodology was developed.•Alternatives can be ranked based on the criticality of the risk.•The model provides information regarding the criticality causes of attacks.•Results show that deliberate external database attack is the most risky alternative.
论文关键词:Information security,Risk analysis,Fuzzy decision theory
论文评审过程:Received 29 July 2015, Revised 6 September 2015, Accepted 12 September 2015, Available online 26 October 2015, Version of Record 26 October 2015.
论文官网地址:https://doi.org/10.1016/j.ijinfomgt.2015.09.003
