IDEAS home Printed from https://ideas.repec.org/a/eee/ininma/v34y2014i6p733-740.html
   My bibliography  Save this article

A multidimensional approach to information security risk management using FMEA and fuzzy theory

Author

Listed:
  • Silva, Maisa Mendonça
  • de Gusmão, Ana Paula Henriques
  • Poleto, Thiago
  • Silva, Lúcio Camara e
  • Costa, Ana Paula Cabral Seixas

Abstract

Because of the evolution and widespread use of the Internet, organisations are becoming more susceptible to attacks on Information Technology Systems. These attacks result in data losses and alterations, and impact services and business operations. Therefore, to minimise these potential failures, this paper presents an approach to information security risk management, encompassing Failure Mode and Effects Analysis (FMEA) and fuzzy theory. This approach analyses five dimensions of information security: access to information and systems, communication security, infrastructure, security management and secure information systems development. To illustrate the proposed model, it was applied to a University Research Group project. The results show that the most important aspects of information security risk are communication security, followed by infrastructure.

Suggested Citation

  • Silva, Maisa Mendonça & de Gusmão, Ana Paula Henriques & Poleto, Thiago & Silva, Lúcio Camara e & Costa, Ana Paula Cabral Seixas, 2014. "A multidimensional approach to information security risk management using FMEA and fuzzy theory," International Journal of Information Management, Elsevier, vol. 34(6), pages 733-740.
  • Handle: RePEc:eee:ininma:v:34:y:2014:i:6:p:733-740
    DOI: 10.1016/j.ijinfomgt.2014.07.005
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0268401214000735
    Download Restriction: Full text for ScienceDirect subscribers only

    File URL: https://libkey.io/10.1016/j.ijinfomgt.2014.07.005?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. R. E. Bellman & L. A. Zadeh, 1970. "Decision-Making in a Fuzzy Environment," Management Science, INFORMS, vol. 17(4), pages 141-164, December.
    2. Bojanc, Rok & Jerman-Blažič, Borka, 2008. "An economic modelling approach to information security risk management," International Journal of Information Management, Elsevier, vol. 28(5), pages 413-422.
    3. Ozkan, Sevgi & Karabacak, Bilge, 2010. "Collaborative risk method for information security management practices: A case context within Turkey," International Journal of Information Management, Elsevier, vol. 30(6), pages 567-572.
    4. Patel, Sandip C. & Graham, James H. & Ralston, Patricia A.S., 2008. "Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements," International Journal of Information Management, Elsevier, vol. 28(6), pages 483-491.
    5. Yeniman Yildirim, Ebru & Akalp, Gizem & Aytac, Serpil & Bayram, Nuran, 2011. "Factors influencing information security management in small- and medium-sized enterprises: A case study from Turkey," International Journal of Information Management, Elsevier, vol. 31(4), pages 360-365.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Haqaf, Husam & Koyuncu, Murat, 2018. "Understanding key skills for information security managers," International Journal of Information Management, Elsevier, vol. 43(C), pages 165-172.
    2. Baillette, Paméla & Barlette, Yves & Leclercq-Vandelannoitte, Aurélie, 2018. "Bring your own device in organizations: Extending the reversed IT adoption logic to security paradoxes for CEOs and end users," International Journal of Information Management, Elsevier, vol. 43(C), pages 76-84.
    3. Henriques de Gusmão, Ana Paula & Mendonça Silva, Maisa & Poleto, Thiago & Camara e Silva, Lúcio & Cabral Seixas Costa, Ana Paula, 2018. "Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory," International Journal of Information Management, Elsevier, vol. 43(C), pages 248-260.
    4. de Gusmão, Ana Paula Henriques & e Silva, Lúcio Camara & Silva, Maisa Mendonça & Poleto, Thiago & Costa, Ana Paula Cabral Seixas, 2016. "Information security risk analysis model using fuzzy decision theory," International Journal of Information Management, Elsevier, vol. 36(1), pages 25-34.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Haqaf, Husam & Koyuncu, Murat, 2018. "Understanding key skills for information security managers," International Journal of Information Management, Elsevier, vol. 43(C), pages 165-172.
    2. Henriques de Gusmão, Ana Paula & Mendonça Silva, Maisa & Poleto, Thiago & Camara e Silva, Lúcio & Cabral Seixas Costa, Ana Paula, 2018. "Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory," International Journal of Information Management, Elsevier, vol. 43(C), pages 248-260.
    3. Vuciterna, Rina & Thomsen, Michael & Popp, Jennie & Musliu, Arben, 2017. "Efficiency and Competitiveness of Kosovo Raspberry Producers," 2017 Annual Meeting, February 4-7, 2017, Mobile, Alabama 252770, Southern Agricultural Economics Association.
    4. Gourav Gupta & Shivani & Deepika Rani, 2024. "Neutrosophic goal programming approach for multi-objective fixed-charge transportation problem with neutrosophic parameters," OPSEARCH, Springer;Operational Research Society of India, vol. 61(3), pages 1274-1300, September.
    5. Berna Tektas Sivrikaya & Ferhan Cebi & Hasan Hüseyin Turan & Nihat Kasap & Dursun Delen, 2017. "A fuzzy long-term investment planning model for a GenCo in a hybrid electricity market considering climate change impacts," Information Systems Frontiers, Springer, vol. 19(5), pages 975-991, October.
    6. Collan, Mikael, 2008. "New Method for Real Option Valuation Using Fuzzy Numbers," Working Papers 466, IAMSR, Åbo Akademi.
    7. Kim, Jong Soon & Whang, Kyu-Seung, 1998. "A tolerance approach to the fuzzy goal programming problems with unbalanced triangular membership function," European Journal of Operational Research, Elsevier, vol. 107(3), pages 614-624, June.
    8. Berna Tektaş & Hasan Hüseyin Turan & Nihat Kasap & Ferhan Çebi & Dursun Delen, 2022. "A Fuzzy Prescriptive Analytics Approach to Power Generation Capacity Planning," Energies, MDPI, vol. 15(9), pages 1-26, April.
    9. Chen, Lisa Y. & Wang, Tien-Chin, 2009. "Optimizing partners' choice in IS/IT outsourcing projects: The strategic decision of fuzzy VIKOR," International Journal of Production Economics, Elsevier, vol. 120(1), pages 233-242, July.
    10. Víctor G. Alfaro-García & Anna M. Gil-Lafuente & Gerardo G. Alfaro Calderón, 2017. "A fuzzy approach to a municipality grouping model towards creation of synergies," Computational and Mathematical Organization Theory, Springer, vol. 23(3), pages 391-408, September.
    11. Aghayi, Nazila & Maleki, Bentolhoda, 2016. "Efficiency measurement of DMUs with undesirable outputs under uncertainty based on the directional distance function: Application on bank industry," Energy, Elsevier, vol. 112(C), pages 376-387.
    12. Wenyao Niu & Yuan Rong & Liying Yu & Lu Huang, 2022. "A Novel Hybrid Group Decision Making Approach Based on EDAS and Regret Theory under a Fermatean Cubic Fuzzy Environment," Mathematics, MDPI, vol. 10(17), pages 1-30, August.
    13. de Andres-Sanchez, Jorge, 2007. "Claim reserving with fuzzy regression and Taylor's geometric separation method," Insurance: Mathematics and Economics, Elsevier, vol. 40(1), pages 145-163, January.
    14. Mikhailov, L., 2004. "A fuzzy approach to deriving priorities from interval pairwise comparison judgements," European Journal of Operational Research, Elsevier, vol. 159(3), pages 687-704, December.
    15. Hongyi Sun & Bingqian Zhang & Wenbin Ni, 2022. "A Hybrid Model Based on SEM and Fuzzy TOPSIS for Supplier Selection," Mathematics, MDPI, vol. 10(19), pages 1-19, September.
    16. Liu, Yong-Jun & Zhang, Wei-Guo, 2015. "A multi-period fuzzy portfolio optimization model with minimum transaction lots," European Journal of Operational Research, Elsevier, vol. 242(3), pages 933-941.
    17. Sakawa, Masatoshi & Kato, Kosuke, 1998. "An interactive fuzzy satisficing method for structured multiobjective linear fractional programs with fuzzy numbers," European Journal of Operational Research, Elsevier, vol. 107(3), pages 575-589, June.
    18. Sajid Ali & Sang-Moon Lee & Choon-Man Jang, 2017. "Determination of the Most Optimal On-Shore Wind Farm Site Location Using a GIS-MCDM Methodology: Evaluating the Case of South Korea," Energies, MDPI, vol. 10(12), pages 1-22, December.
    19. David Opresnik & Maurizio Fiasché & Marco Taisch & Manuel Hirsch, 0. "An evolving fuzzy inference system for extraction of rule set for planning a product–service strategy," Information Technology and Management, Springer, vol. 0, pages 1-17.
    20. Bogdana Stanojević & Milan Stanojević & Sorin Nădăban, 2021. "Reinstatement of the Extension Principle in Approaching Mathematical Programming with Fuzzy Numbers," Mathematics, MDPI, vol. 9(11), pages 1-16, June.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ininma:v:34:y:2014:i:6:p:733-740. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-information-management .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.