A multidimensional approach to information security risk management using FMEA and fuzzy theory |
| |
| Institution: | 1. Lappeenranta University of Technology, School of Industrial Engineering and Management, P.O. Box 20, 53851 Lappeenranta, Finland;2. VIRTUAL VEHICLE Research Center, Inffeldgasse 21A, 8010 Graz, Austria;1. University of Toronto, Mechanical and Industrial Engineering, 5 King''s College Road, Toronto, ON M5S 3G8, Canada;2. University of Toronto, School of Environment, Rm 1016V, 33 Willcocks St., Toronto, ON M5S 3E8, Canada;1. Department of Management Engineering, Universidade Federal de Pernambuco, Av. Prof. Moraes Rego 1235, Recife, Brazil;2. Service de Mathématiques de la Gestion (SMG), Université Libre de Bruxelles, Campus de la Plaine – CP210/01, 1050 Bruxelles, Belgium;1. Faculty of Accountancy, Universiti Teknologi MARA, 40450 Shah Alam, Malaysia;2. Accounting Research Institute, Universiti Teknologi MARA, 40450 Shah Alam, Malaysia |
| |
| Abstract: | Because of the evolution and widespread use of the Internet, organisations are becoming more susceptible to attacks on Information Technology Systems. These attacks result in data losses and alterations, and impact services and business operations. Therefore, to minimise these potential failures, this paper presents an approach to information security risk management, encompassing Failure Mode and Effects Analysis (FMEA) and fuzzy theory. This approach analyses five dimensions of information security: access to information and systems, communication security, infrastructure, security management and secure information systems development. To illustrate the proposed model, it was applied to a University Research Group project. The results show that the most important aspects of information security risk are communication security, followed by infrastructure. |
| |
| Keywords: | Information security Risk management FMEA Fuzzy theory |
| 本文献已被 ScienceDirect 等数据库收录! |
|
