an information systems security risk assessment model under uncertain environment

Download An information systems security risk assessment model under uncertain environment

Post on 04-Sep-2016




2 download

Embed Size (px)


  • Journal Identication = ASOC Article Identication = 911 Date: July 5, 2011 Time: 1:46 am

    Applied Soft Computing 11 (2011) 43324340

    Contents lists available at ScienceDirect

    Applied Soft Computing

    j ourna l ho me p age: www.elsev ier .co

    An info ntenviron

    Nan FengDepartment of nivers

    a r t i c l

    Article history:Received 21 AAccepted 13 JuAvailable onlin

    Keywords:Information syRisk assessmeEvidence theoFuzzy measureEvidential con

    nty inf grementuantiin evssignstencer deeliabi

    1. Introdu

    Organizations are increasingly relying on information sys-tems (IS) to enhance business operations, facilitate managementdecision-making, and deploy business strategies. The dependencehas increased in current business environments where a varietyof transactions involving trading of goods and services are accom-plished elecon the IS hamation systissue that hand practiti

    In ordertrols (and vvarious patnerable to tare often notrol weakneISS risk man

    In practithe uncertacess of asseeffectivenesin order to mation, the

    CorresponE-mail add


    process of assessment.To address these aforementioned issues, we propose an ISS risk

    assessment model based on the improved evidence theory. In thispaper, the model provides a new way to dene the basic beliefassignment in fuzzy measure for dealing with the uncertain evi-

    1568-4946/$ doi:10.1016/j.tronically [1,2]. Increasing organizational dependences led to a corresponding increase in the impact of infor-ems security (ISS) abuses. Therefore, the ISS is a criticalas attracted much attention from both IS researchersoners.

    to prevent security breaches, businesses use con-arious countermeasures) to safeguard their assets fromterns of threats by identifying the IS assets that are vul-hreats. But, even in the presence of controls, the assetst fully protected from threats because of inherent con-sses. Thus, the risk assessment is a critical step for theagement [3].ce, the ISS risk assessment is quite complex and full ofinty as well [4]. The uncertainty, existing in the pro-ssment, has been the primary factor that inuences thes of the ISS risk assessment to a large extent. Therefore,deal with the incompleteness and vagueness of infor-

    uncertainty must be taken into account in the ISS risk

    ding author. Tel.: +86 22 27404796; fax: +86 22 27404796.ress: fengnan (M. Li).

    dence found in the ISS risk assessment. Moreover, we add a processof testing the evidential consistency to the existing evidence theorymethod. This process can effectively reduce the uncertainty derivedfrom the conicts of evidence provided by experts.

    The rest of this paper is organized as follows: Section 2 reviewsthe related work. In the next section, the basic concepts of evidencetheory are explained. Then, we discuss the process of developingan ISS risk assessment model in detail in Section 4. The model isfurther demonstrated and validated in Section 5 via a case study.Finally, we summarize our contributions and present our furtherresearch.

    2. Related work

    The existing approaches for the ISS risk assessment can begrouped into three major categories: the quantitative approaches,the qualitative approaches, and the combination of quantitativeand qualitative approaches.

    The quantitative approaches consider the IS risk exposure asa function of the probability of a threat and the expected lossdue to the vulnerability of the organization to this threat [5,6].The stochastic dominance (SD) approach [7] focuses on answer-

    see front matter 2010 Elsevier B.V. All rights reserved.asoc.2010.06.005rmation systems security risk assessmement

    , Minqiang Li

    Information Management and Management Science, School of Management, Tianjin U

    e i n f o

    pril 2010ne 2010e 18 June 2010

    stems securityntry


    a b s t r a c t

    Given there is a great deal of uncertaiment, the handling of uncertainty is opaper, we propose an ISS risk assessestablish the ISS index system and qconstructed. To deal with the uncertaa new way to dene the basic belief amethod of testing the evidential consiof evidence. Finally, the model is furthanalysis is employed to validate the r

    ction assessmassessmm/l ocate /asoc

    model under uncertain

    ity, 92 Weijin Road, Nankai District, Tianjin 300072, PR China

    the process of information systems security (ISS) risk assess-at signicance for the effectiveness of risk assessment. In this

    model based on the improved evidence theory. Firstly, wefy index weights, based on which the evidential diagram isidence found in the ISS risk assessment, this model providesment in fuzzy measure. Moreover, the model also provides ay, which can reduce the uncertainty derived from the conictsmonstrated and validated via a case study, in which sensitivitylity of the proposed model.

    2010 Elsevier B.V. All rights reserved.

    . However, most existing approaches applied to the ISS have some drawbacks on handling uncertainty in the

  • Journal Identication = ASOC Article Identication = 911 Date: July 5, 2011 Time: 1:46 am

    N. Feng, M. Li / Applied Soft Computing 11 (2011) 43324340 4333

    ing the specic question of what contingency plan should be usedto prevent losses if a disaster occurs. To achieve this goal, the SDcompares the costs associated with various backup and recoveryoptions during the entire disaster recovery process in all areas ofthe organizassess the for how to amultiple thstructure tointo its subcinterrelatiosists of vetraining samforward provalue is smaing is stoppapproach hthe acquisittional methsamples forassessmentparametric security brebilities as wenvironmenof the moduinformationing the uncexistence o

    In the quthe Delphi only the estysis dependprocess andsubjective [

    As inforness, neithemodel the aapproachesapproachesNetworks (for risk ana(dene thetributions),evidence obtinually estThe approa[1820] is aISS risks usiapproach islating the chcapable to risk factorsin this papeconstructs tthe complexthat of one the above afrom the cowe proposecan reduce

    In this uncertaintyIn additionory, the prean evidenti

    variables such as the IS assets, the related threats, and the corre-sponding countermeasures. Next, the decision maker can input hisor her judgments about the presence or absence of threats and theimpact of countermeasures on the corresponding threats according

    ef funencines,telligsis oque [n imith te imo dewe imput

    the ocesictthe aprov


    his se not


    evidd on

    the of thpplieposees oftive

    by epresasic bd by:



    A is aions:



    icallyf diren a



    B is is in ation. However, it fails to provide guidance on how toailure of multiple controls pertaining to a single threatssess the failure and the impact of a single control onreats. The proposed approach in this paper provides a

    the ISS risk assessment process by decomposing riskomponents and identifying relevant controls and theirnships. The approach based on neural networks [8] con-

    phases: network parameter initialization, input theple and the expectation output, network self-learning,pagation, and back propagation. If the error functionller than the pre-established value, the network learn-ed, otherwise turn to the second phase. While this

    as the intelligent features such as the self-learning andion of knowledge, which is different from the conven-ods, it is very difcult to get a large numbers of training

    network self-learning in the process of the ISS risk. The modular attack trees [9] approach is specied asconstraints, which allow quantifying the probability ofaches that occur due to internal component vulnera-ell as vulnerabilities in the components deploymentt. Based on the attack probabilities and the structurelar attack trees, security risks can be estimated for the

    system. But, this approach has the difculties captur-ertainty in the ISS risk environment dealing with thef the incompleteness and vagueness of information.alitative approaches, such as the logic analysis [10] andmethod [11], the probability data is not required andimated potential loss is used. Since the qualitative anal-s to a great extend on the analysts experience, both the

    the result of the security risk assessment are relatively12].mation systems have become more complex in busi-r quantitative nor qualitative approaches can properlyssessment process alone. Therefore, the comprehensive

    combining both the quantitative and the qualitative are needed [13,14]. The approach using the BayesianBNs) [1517] provides an objective and visible supportlysis. It consists of three phases: the BN initialization

    structure and the set of conditional probability dis- the risk monitoring, and the risk analysis. Using newtained from information system, this approach can con-imate risk probability and identify the sources of based on the fuzzy comprehensive evaluation (FCE)

    mathematical method to comprehensively evaluate theng fuzzy set theory of fuzzy mathematics. Although this

    good at processing the ambiguous information by simu-aracteristic of human in making the judgment, it is not

    provide the graphical relationships among various ISS using ow charts or diagrams. The proposed approachr consists of the graphical representation of relevanthrough an evidential diagram, which can fully captureity of multiple controls dealing with one threat and alsocontrol dealing with multiple threats. In addition, bothpproaches are suffering from the uncertainty derivednict


View more >