Risk analysis in information systems: a fuzzification of the MAGERIT Methodology

Vicente Cestero, Eloy; Mateos Caballero, Alfonso y Jiménez Martín, Antonio (2014). Risk analysis in information systems: a fuzzification of the MAGERIT Methodology. "Knowledge-Based Systems", v. 66 ; pp. 1-12. ISSN 0950-7051. https://doi.org/10.1016/j.knosys.2014.02.018.

Descripción

Título: Risk analysis in information systems: a fuzzification of the MAGERIT Methodology
Autor/es:
  • Vicente Cestero, Eloy
  • Mateos Caballero, Alfonso
  • Jiménez Martín, Antonio
Tipo de Documento: Artículo
Título de Revista/Publicación: Knowledge-Based Systems
Fecha: 2014
Volumen: 66
Materias:
Palabras Clave Informales: Risk analysis; Information systems; Trapezoidal fuzzy numbers; MAGERIT methodology; Selection of safeguards
Escuela: E.T.S. de Ingenieros Informáticos (UPM)
Departamento: Inteligencia Artificial
Licencias Creative Commons: Reconocimiento - Sin obra derivada - No comercial

Texto completo

[img]
Vista Previa
PDF (Document Portable Format) - Se necesita un visor de ficheros PDF, como GSview, Xpdf o Adobe Acrobat Reader
Descargar (1MB) | Vista Previa

Resumen

Several methodologies based on ISO/IEC 27000 international standard have been developed to deal with risk analysis in information systems (IS). These methodologies do not, however, consider imprecise valuations, but use precise values on different, usually percentage, scales. We propose an extension of the MAGERIT methodology based on classical fuzzy computational models. A linguistic term scale is used to represent asset values, their dependencies and frequency and asset degradation associated with threats. Computations are based on trapezoidal fuzzy numbers associated with linguistic terms. A similarity function is used to associate a linguistic term on the previously defined scale to the trapezoidal fuzzy numbers resulting from computations. Finally, regarding the selection of preventive safeguards to reduce risks in IS, we propose a dynamic programming-based method that incorporates simulated annealing to tackle optimizations problems with the aim of minimizing costs while keeping the risk at acceptable levels. An example of an administrative unit using in-house and third-party information systems internally and to provide public information services is used to illustrate the methodology.

Proyectos asociados

TipoCódigoAcrónimoResponsableTítulo
Comunidad de MadridS2009/ESP-1685RIESGOSSin especificarRiesgos, análisis, gestión y aplicaciones
Sin especificar28983-C03-03MTM2011Universidad Politécnica de MadridSin especificar

Más información

ID de Registro: 41447
Identificador DC: http://oa.upm.es/41447/
Identificador OAI: oai:oa.upm.es:41447
Identificador DOI [BETA]: 10.1016/j.knosys.2014.02.018
URL Oficial: http://www.sciencedirect.com/science/article/pii/S0950705114000732
Depositado por: Memoria Investigacion
Depositado el: 10 Ene 2017 11:33
Ultima Modificación: 10 Ene 2017 11:33
  • Open Access
  • Open Access
  • Sherpa-Romeo
    Compruebe si la revista anglosajona en la que ha publicado un artículo permite también su publicación en abierto.
  • Dulcinea
    Compruebe si la revista española en la que ha publicado un artículo permite también su publicación en abierto.
  • Recolecta
  • e-ciencia
  • Observatorio I+D+i UPM
  • OpenCourseWare UPM