Risk analysis in information systems: a fuzzification of the MAGERIT Methodology

Vicente Cestero, Eloy and Mateos Caballero, Alfonso and Jiménez Martín, Antonio (2014). Risk analysis in information systems: a fuzzification of the MAGERIT Methodology. "Knowledge-Based Systems", v. 66 ; pp. 1-12. ISSN 0950-7051. https://doi.org/10.1016/j.knosys.2014.02.018.

Description

Title: Risk analysis in information systems: a fuzzification of the MAGERIT Methodology
Author/s:
  • Vicente Cestero, Eloy
  • Mateos Caballero, Alfonso
  • Jiménez Martín, Antonio
Item Type: Article
Título de Revista/Publicación: Knowledge-Based Systems
Date: 2014
ISSN: 0950-7051
Volume: 66
Subjects:
Freetext Keywords: Risk analysis; Information systems; Trapezoidal fuzzy numbers; MAGERIT methodology; Selection of safeguards
Faculty: E.T.S. de Ingenieros Informáticos (UPM)
Department: Inteligencia Artificial
Creative Commons Licenses: Recognition - No derivative works - Non commercial

Full text

[img]
Preview
PDF - Requires a PDF viewer, such as GSview, Xpdf or Adobe Acrobat Reader
Download (1MB) | Preview

Abstract

Several methodologies based on ISO/IEC 27000 international standard have been developed to deal with risk analysis in information systems (IS). These methodologies do not, however, consider imprecise valuations, but use precise values on different, usually percentage, scales. We propose an extension of the MAGERIT methodology based on classical fuzzy computational models. A linguistic term scale is used to represent asset values, their dependencies and frequency and asset degradation associated with threats. Computations are based on trapezoidal fuzzy numbers associated with linguistic terms. A similarity function is used to associate a linguistic term on the previously defined scale to the trapezoidal fuzzy numbers resulting from computations. Finally, regarding the selection of preventive safeguards to reduce risks in IS, we propose a dynamic programming-based method that incorporates simulated annealing to tackle optimizations problems with the aim of minimizing costs while keeping the risk at acceptable levels. An example of an administrative unit using in-house and third-party information systems internally and to provide public information services is used to illustrate the methodology.

Funding Projects

TypeCodeAcronymLeaderTitle
Madrid Regional GovernmentS2009/ESP-1685RIESGOSUnspecifiedRiesgos, análisis, gestión y aplicaciones
Unspecified28983-C03-03MTM2011Universidad Politécnica de MadridUnspecified

More information

Item ID: 41447
DC Identifier: http://oa.upm.es/41447/
OAI Identifier: oai:oa.upm.es:41447
DOI: 10.1016/j.knosys.2014.02.018
Official URL: http://www.sciencedirect.com/science/article/pii/S0950705114000732
Deposited by: Memoria Investigacion
Deposited on: 10 Jan 2017 11:33
Last Modified: 10 Jan 2017 11:33
  • Logo InvestigaM (UPM)
  • Logo GEOUP4
  • Logo Open Access
  • Open Access
  • Logo Sherpa/Romeo
    Check whether the anglo-saxon journal in which you have published an article allows you to also publish it under open access.
  • Logo Dulcinea
    Check whether the spanish journal in which you have published an article allows you to also publish it under open access.
  • Logo de Recolecta
  • Logo del Observatorio I+D+i UPM
  • Logo de OpenCourseWare UPM