A linguistic model for assessing information system risks
DOI:
https://doi.org/10.15587/1729-4061.2015.48239Keywords:
Coras methodology, asset, risk, fuzzy knowledge bases, linguistic variables. ReferencesAbstract
Modern trends in the development of information systems require more appropriate ways of providing information security. The most important step in devising complex information protection is to analyze the risks in the target information system.
The study has revealed that the existing methods have several disadvantages such as absence of facts testifying to uncertain security threats and probabilistic approaches that do not account for the complexity of processes occurring in the system.
Given the difficulties and shortcomings, the authors have suggested that risks should be analyzed through the theory of fuzzy sets and linguistic variables. The approach includes development of fuzzy models allowing to assess risks as probable or emerging and to evaluate whether the information system assets are satisfactory.
The suggested approach can help analyze the risks of an information system, using natural language that is understood by any owner of the assets; it adds experience in security design.
References
- Mironova, V. G. (2012). Seti Petri–Markova kak instrument sozdaniya analiticheskikh modelei dlya osnovnykh vidov nesanktsionirovannogo dostupa v informatsionnoi sisteme. Doklady TUSURa, 2 (1 (25)), 20–24.
- Lund, M. S., Solhaug, B., Stolen, K. (2011). Model-Driven Risk Analysis. Springer-Verlag. Berlin, 55–62. doi: 10.1007/978-3-642-12323-8
- Yaqub, S. C. (2007). Relating CORAS diagrams and Markov chains. Master thesis. University of Oslo.
- Zadeh, L. A. (1997). Toward a theory of fuzzy information granulation and its centrality in human reasoning and fuzzy logic. Fuzzy Sets and Systems, 90 (2), 111–127. doi: 10.1016/s0165-0114(97)00077-8
- Azhmukhamedov, I. M. (2009). Modelirovanie na osnove ekspertnykh suzhdenii protsessa otsenki informatsionnoi bezopasnosti. AGTU bulletin. Upravlenie, vychislitel'naya tekhnika i informatika, 2, 101–109.
- Nieto-Morote, A., Ruz-Vila, F. (2011). A fuzzy approach to construction project risk assessment. International Journal of Project Management, 29 (2), 220–231. doi: 10.1016/j.ijproman.2010.02.002
- Shaporin, V. O., Tishin, P. M., Kopytchuk, N. B., Shaporin, R. O. (2014). Razrabotka nechetkikh lingvisticheskikh modelei atak dlya analiza riskov v raspredelennykh informatsionnykh sistemakh. Sovremennye informatsionnye i elektronnye tekhnologii: 15-ya mezhdunarodnaya nauchno-prakticheskaya konferentsiya, 131–132.
- Shaporin, V. O., Tishin, P. M., Kopytchuk, N. B., Shaporin, R. O. (2013). Otsenka veroyatnosti provedeniya ataki na setevye resursy s ispol'zovaniem apparata nechetkoi logiki. Elektrotekhnicheskie i komp'yuternye sistemy, 12 (88), 95–101.
- Nesterenko, S. A., Tishin, P. M., Makovetskii, A. S. (2013). Model' ontologii apriornogo podkhoda prognozirovaniya problemnykh situatsii v slozhnykh vychislitel'nykh sistemakh. Elektrotekhnicheskie i komp'yuternye sistemy, 10 (86), 111–119.
- Kopytchuk, N. B., Tishin, P. M., Tsyurupa, M. V. (2014). Protsedura sozdaniya nechetkikh modelei analiza riskov v slozhnykh vychislitel'nykh sistemakh. Elektrotekhnicheskie i komp'yuternye sistemy, 13 (89), 215–222.
- Ryzhov, A. P. (2003). Elementy teorii nechetkikh mnozhestv i ee prilozhenii. Dialog – MGU, 53–65.
- Shtovba, S. D. (2003). Proektirovanie nechetkikh sistem sredstvami MATLAB. Goryachaya liniya – Telekom, 263–275.
- Azhmukhamedov, I. M. (2012). Reshenie zadach obespecheniya informatsionnoi bezopasnosti na osnove sistemnogo analiza i nechetkogo kognitivnogo modelirovaniya. Monografiya. Astrakhan', 344.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2015 Владимир Олегович Шапорин, Петр Металинович Тишин, Руслан Олегович Шапорин, Николай Борисович Копытчук
This work is licensed under a Creative Commons Attribution 4.0 International License.
The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.
A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.