FEMRA: Fuzzy Expert Model for Risk Assessment

2010 Fifth International Conference on Internet Monitoring and Protection Pub Date : 2010-05-09 DOI:10.1109/ICIMP.2010.15

Alireza Shameli Sendi, Masoume Jabbarifar, M. Shajari, M. Dagenais

{"title":"FEMRA: Fuzzy Expert Model for Risk Assessment","authors":"Alireza Shameli Sendi, Masoume Jabbarifar, M. Shajari, M. Dagenais","doi":"10.1109/ICIMP.2010.15","DOIUrl":null,"url":null,"abstract":"Risk assessment is a major part of the ISMS Process. The Information Security Management System standards specify guidelines and a general framework for risk assessment. In many existing standards, such as NIST and ISO27001, risk assessment is described however, while these standards present some guidelines, there are no details on how to implement it in an organization. In a complex organization, risk assessment is a complicated process and involves a lot of assets. In this paper, we present the FEMRA model, which uses fuzzy expert systems to assess risk in organizations. The risk assessment varies considerably with the context, the metrics used as dependent variables, and the opinions of the persons involved. Fuzzy logic thus represents an excellent model for this application. Organizations can use FEMRA as a tool to improve the ISMS implementation. One of the interesting characteristics of FEMRA is that it can represent each risk with a numerical value. The managers can detect higher risks by comparing these values and develop a good strategy to reduce them","PeriodicalId":314947,"journal":{"name":"2010 Fifth International Conference on Internet Monitoring and Protection","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"30","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 Fifth International Conference on Internet Monitoring and Protection","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIMP.2010.15","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 30

Abstract

Risk assessment is a major part of the ISMS Process. The Information Security Management System standards specify guidelines and a general framework for risk assessment. In many existing standards, such as NIST and ISO27001, risk assessment is described however, while these standards present some guidelines, there are no details on how to implement it in an organization. In a complex organization, risk assessment is a complicated process and involves a lot of assets. In this paper, we present the FEMRA model, which uses fuzzy expert systems to assess risk in organizations. The risk assessment varies considerably with the context, the metrics used as dependent variables, and the opinions of the persons involved. Fuzzy logic thus represents an excellent model for this application. Organizations can use FEMRA as a tool to improve the ISMS implementation. One of the interesting characteristics of FEMRA is that it can represent each risk with a numerical value. The managers can detect higher risks by comparing these values and develop a good strategy to reduce them

查看原文本刊更多论文

风险评估的模糊专家模型

风险评估是ISMS流程的重要组成部分。资讯保安管理系统标准订明风险评估的指引及一般架构。然而，在许多现有的标准中，如NIST和ISO27001，都描述了风险评估，虽然这些标准提供了一些指导方针，但没有详细说明如何在组织中实现风险评估。在一个复杂的组织中，风险评估是一个复杂的过程，涉及到很多资产。本文提出了利用模糊专家系统对企业风险进行评估的FEMRA模型。风险评估随环境、作为因变量使用的度量标准以及相关人员的意见而有很大差异。因此，模糊逻辑为这个应用程序提供了一个很好的模型。组织可以使用FEMRA作为改进ISMS实施的工具。FEMRA的一个有趣的特点是它可以用数值表示每个风险。管理者可以通过比较这些值来发现更高的风险，并制定一个好的策略来降低风险

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2010 Fifth International Conference on Internet Monitoring and Protection

自引率

0.00%

发文量