IDEAS home Printed from https://ideas.repec.org/a/bdd/journl/v18y2024i2p170-185.html
   My bibliography  Save this article

Using the Fuzzy FMEA Method Risk Analysis in Information Security

Author

Listed:
  • Merve Yildiz YESILCIMEN
  • Ozlem Muge TESTIK

Abstract

The rapid development of the Internet and information technologies increases the dependence of organizations on information systems in their business processes, making them more vulnerable to information technology threats. In light of these circumstances, it is imperative for organisations to proactively manage information security risks and ensure business continuity by maintaining a reliable and trustworthy corporate image. In order to identify and prevent risks in information security, this paper presents the Failure Mode and Effect Analysis (FMEA) method with a fuzzy approach. Fuzzy FMEA is preferred as a more practical and flexible risk assessment method than classical FMEA. The aim of the study is to identify the risks that may arise in the confidentiality, integrity and accessibility elements of information security in portable media and devices in an organization and to provide solutions to prevent or mitigate these risks. The study was conducted with a team of 7 experts in the field of information security. While determining the failure modes, the precautionary items under the heading 'Portable Device and Media Security' in the Information and Communication Security Guide prepared by the Digital Transformation Office of the Presidency of the Republic of Turkey were utilized and 21 failure modes were determined. The probability, severity and detectability parameters of the error modes were evaluated by experts on 10 different linguistic scales. In order to eliminate outliers, calculations were made on the median. Classical and Fuzzy FMEA were compared and it was concluded that there is a strong agreement between the two methods, but Fuzzy FMEA is more flexible and practical.

Suggested Citation

  • Merve Yildiz YESILCIMEN & Ozlem Muge TESTIK, 2024. "Using the Fuzzy FMEA Method Risk Analysis in Information Security," Journal of BRSA Banking and Financial Markets, Banking Regulation and Supervision Agency, vol. 18(2), pages 170-185.
    • Handle: RePEc:bdd:journl:v:18:y:2024:i:2:p:170-185
    as

    Download full text from publisher

    File URL: https://www.bddk.org.tr/Content/docs/bddkDergiTr/dergi_0036_05.pdf
    Download Restriction: no
    ---><---

    More about this item

    Keywords

    Information Security; Risk Analysis; FMEA; Fuzzy FMEA.;
    All these keywords.

    JEL classification:

    • M15 - Business Administration and Business Economics; Marketing; Accounting; Personnel Economics - - Business Administration - - - IT Management
    • D81 - Microeconomics - - Information, Knowledge, and Uncertainty - - - Criteria for Decision-Making under Risk and Uncertainty
    • C44 - Mathematical and Quantitative Methods - - Econometric and Statistical Methods: Special Topics - - - Operations Research; Statistical Decision Theory

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:bdd:journl:v:18:y:2024:i:2:p:170-185. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sumeyye Azize CENGIZ (email available below). General contact details of provider: https://edirc.repec.org/data/bddgvtr.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.