IDEAS home Printed from https://ideas.repec.org/a/eee/ininma/v43y2018icp248-260.html
   My bibliography  Save this article

Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory

Author

Listed:
  • Henriques de Gusmão, Ana Paula
  • Mendonça Silva, Maisa
  • Poleto, Thiago
  • Camara e Silva, Lúcio
  • Cabral Seixas Costa, Ana Paula

Abstract

Cybersecurity, which is defined as information security aimed at averting cyberattacks, which are among the main issues caused by the extensive use of networks in industrial control systems. This paper proposes a model that integrates fault tree analysis, decision theory and fuzzy theory to (i) ascertain the current causes of cyberattack prevention failures and (ii) determine the vulnerability of a given cybersecurity system. The model was applied to evaluate the cybersecurity risks involved in attacking a website, e-commerce and enterprise resource planning (ERP), and to assess the possible consequences of such attacks; we evaluate these consequences, which include data dissemination, data modification, data loss or destruction and service interruption, in terms of criteria related to financial losses and time for restoration. The results of the model application demonstrate its usefulness and illustrate the increased vulnerability of e-commerce to cybersecurity attacks, relative to websites or ERP, due partly to frequent operator access, credit transactions and users’ authentication problems characteristic of e-commerce.

Suggested Citation

  • Henriques de Gusmão, Ana Paula & Mendonça Silva, Maisa & Poleto, Thiago & Camara e Silva, Lúcio & Cabral Seixas Costa, Ana Paula, 2018. "Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory," International Journal of Information Management, Elsevier, vol. 43(C), pages 248-260.
  • Handle: RePEc:eee:ininma:v:43:y:2018:i:c:p:248-260
    DOI: 10.1016/j.ijinfomgt.2018.08.008
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S026840121830077X
    Download Restriction: Full text for ScienceDirect subscribers only

    File URL: https://libkey.io/10.1016/j.ijinfomgt.2018.08.008?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. R. E. Bellman & L. A. Zadeh, 1970. "Decision-Making in a Fuzzy Environment," Management Science, INFORMS, vol. 17(4), pages 141-164, December.
    2. Grant, Kevin & Edgar, David & Sukumar, Arun & Meyer, Martin, 2014. "‘Risky business’: Perceptions of e-business risk by UK small and medium sized enterprises (SMEs)," International Journal of Information Management, Elsevier, vol. 34(2), pages 99-122.
    3. Ali, Ali & Warren, Derrick & Mathiassen, Lars, 2017. "Cloud-based business services innovation: A risk management model," International Journal of Information Management, Elsevier, vol. 37(6), pages 639-649.
    4. Shin, Jinsoo & Son, Hanseong & Khalil ur, Rahman & Heo, Gyunyoung, 2015. "Development of a cyber security risk model using Bayesian networks," Reliability Engineering and System Safety, Elsevier, vol. 134(C), pages 208-217.
    5. Maisa Mendonça Silva & Thiago Poleto & Lúcio Camara e Silva & Ana Paula Henriques de Gusmao & Ana Paula Cabral Seixas Costa, 2016. "A Grey Theory Based Approach to Big Data Risk Management Using FMEA," Mathematical Problems in Engineering, Hindawi, vol. 2016, pages 1-15, August.
    6. de Gusmão, Ana Paula Henriques & e Silva, Lúcio Camara & Silva, Maisa Mendonça & Poleto, Thiago & Costa, Ana Paula Cabral Seixas, 2016. "Information security risk analysis model using fuzzy decision theory," International Journal of Information Management, Elsevier, vol. 36(1), pages 25-34.
    7. Adiel Teixeira de Almeida & Cristiano Alexandre Virgínio Cavalcante & Marcelo Hazin Alencar & Rodrigo José Pires Ferreira & Adiel Teixeira de Almeida-Filho & Thalles Vitelli Garcez, 2015. "Multicriteria and Multiobjective Models for Risk, Reliability and Maintenance Decision Analysis," International Series in Operations Research and Management Science, Springer, edition 127, number 978-3-319-17969-8, December.
    8. Bang, Youngsok & Lee, Dong-Joo & Bae, Yoon-Soo & Ahn, Jae-Hyeon, 2012. "Improving information security management: An analysis of ID–password usage and a new login vulnerability measure," International Journal of Information Management, Elsevier, vol. 32(5), pages 409-418.
    9. Huang, Yu-Lun & Cárdenas, Alvaro A. & Amin, Saurabh & Lin, Zong-Syun & Tsai, Hsin-Yi & Sastry, Shankar, 2009. "Understanding the physical and economic consequences of attacks on control systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 2(3), pages 73-83.
    10. Cooke, Roger M. & ElSaadany, Susie & Huang, Xinzheng, 2008. "On the performance of social network and likelihood-based expert weighting schemes," Reliability Engineering and System Safety, Elsevier, vol. 93(5), pages 745-756.
    11. Emanuele Borgonovo & Alessandra Cillo & Curtis L. Smith, 2018. "On the Relationship between Safety and Decision Significance," Risk Analysis, John Wiley & Sons, vol. 38(8), pages 1541-1558, August.
    12. Burmester, Mike & Magkos, Emmanouil & Chrissikopoulos, Vassilis, 2012. "Modeling security in cyber–physical systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 5(3), pages 118-126.
    13. Medeiros, C.P. & Alencar, M.H. & de Almeida, A.T., 2017. "Multidimensional risk evaluation of natural gas pipelines based on a multicriteria decision model using visualization tools and statistical tests for global sensitivity analysis," Reliability Engineering and System Safety, Elsevier, vol. 165(C), pages 268-276.
    14. Ratten, Vanessa, 2016. "Continuance use intention of cloud computing: Innovativeness and creativity perspectives," Journal of Business Research, Elsevier, vol. 69(5), pages 1737-1740.
    15. Soomro, Zahoor Ahmed & Shah, Mahmood Hussain & Ahmed, Javed, 2016. "Information security management needs more holistic approach: A literature review," International Journal of Information Management, Elsevier, vol. 36(2), pages 215-225.
    16. Amine Rahmani & Abdelmalek Amine & Reda Mohamed Hamou & Mohamed Amine Boudia & Hadj Ahmed Bouarara, 2016. "De-Identification of Unstructured Textual Data using Artificial Immune System for Privacy Preserving," International Journal of Decision Support System Technology (IJDSST), IGI Global, vol. 8(4), pages 34-49, October.
    17. Patel, Sandip C. & Graham, James H. & Ralston, Patricia A.S., 2008. "Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements," International Journal of Information Management, Elsevier, vol. 28(6), pages 483-491.
    18. Silva, Maisa Mendonça & de Gusmão, Ana Paula Henriques & Poleto, Thiago & Silva, Lúcio Camara e & Costa, Ana Paula Cabral Seixas, 2014. "A multidimensional approach to information security risk management using FMEA and fuzzy theory," International Journal of Information Management, Elsevier, vol. 34(6), pages 733-740.
    19. Abdul Rahman, Fariz & Varuttamaseni, Athi & Kintner-Meyer, Michael & Lee, John C., 2013. "Application of fault tree analysis for customer reliability assessment of a distribution power system," Reliability Engineering and System Safety, Elsevier, vol. 111(C), pages 76-85.
    20. Lopez-Nicolas, Carolina & Molina-Castillo, Francisco José, 2008. "Customer Knowledge Management and E-commerce: The role of customer perceived risk," International Journal of Information Management, Elsevier, vol. 28(2), pages 102-113.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Mohammad Taghi Taghavifard & Setareh Majidian, 2022. "Identifying Cloud Computing Risks based on Firm’s Ambidexterity Performance using Fuzzy VIKOR Technique," Global Journal of Flexible Systems Management, Springer;Global Institute of Flexible Systems Management, vol. 23(1), pages 113-133, March.
    2. Rodrigues, Ana Rita D. & Ferreira, Fernando A.F. & Teixeira, Fernando J.C.S.N. & Zopounidis, Constantin, 2022. "Artificial intelligence, digital transformation and cybersecurity in the banking sector: A multi-stakeholder cognition-driven framework," Research in International Business and Finance, Elsevier, vol. 60(C).
    3. Hooks, D. & Davis, Z. & Agrawal, V. & Li, Z., 2022. "Exploring factors influencing technology adoption rate at the macro level: A predictive model," Technology in Society, Elsevier, vol. 68(C).
    4. Alanen, Jarmo & Linnosmaa, Joonas & Malm, Timo & Papakonstantinou, Nikolaos & Ahonen, Toni & Heikkilä, Eetu & Tiusanen, Risto, 2022. "Hybrid ontology for safety, security, and dependability risk assessments and Security Threat Analysis (STA) method for industrial control systems," Reliability Engineering and System Safety, Elsevier, vol. 220(C).
    5. Ben Krishna & Satish Krishnan & M. P. Sebastian, 2023. "Examining the Relationship between National Cybersecurity Commitment, Culture, and Digital Payment Usage: An Institutional Trust Theory Perspective," Information Systems Frontiers, Springer, vol. 25(5), pages 1713-1741, October.
    6. Liseth Contreras Hernandez & Hanser S. Jiménez G. & Priscilla P. L. Dantas & Cristiano A. V. Cavalcante, 2022. "Using multi-criteria decision making for selecting picking strategies," Operational Research, Springer, vol. 22(4), pages 3265-3290, September.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. de Gusmão, Ana Paula Henriques & e Silva, Lúcio Camara & Silva, Maisa Mendonça & Poleto, Thiago & Costa, Ana Paula Cabral Seixas, 2016. "Information security risk analysis model using fuzzy decision theory," International Journal of Information Management, Elsevier, vol. 36(1), pages 25-34.
    2. Baillette, Paméla & Barlette, Yves & Leclercq-Vandelannoitte, Aurélie, 2018. "Bring your own device in organizations: Extending the reversed IT adoption logic to security paradoxes for CEOs and end users," International Journal of Information Management, Elsevier, vol. 43(C), pages 76-84.
    3. Haqaf, Husam & Koyuncu, Murat, 2018. "Understanding key skills for information security managers," International Journal of Information Management, Elsevier, vol. 43(C), pages 165-172.
    4. Thalles Vitelli Garcez & Helder Tenório Cavalcanti & Adiel Teixeira de Almeida, 2021. "A hybrid decision support model using Grey Relational Analysis and the Additive-Veto Model for solving multicriteria decision-making problems: an approach to supplier selection," Annals of Operations Research, Springer, vol. 304(1), pages 199-231, September.
    5. Mohammad Taghi Taghavifard & Setareh Majidian, 2022. "Identifying Cloud Computing Risks based on Firm’s Ambidexterity Performance using Fuzzy VIKOR Technique," Global Journal of Flexible Systems Management, Springer;Global Institute of Flexible Systems Management, vol. 23(1), pages 113-133, March.
    6. Pavía, Jose M. & Veres-Ferrer, Ernesto J. & Foix-Escura, Gabriel, 2012. "Credit card incidents and control systems," International Journal of Information Management, Elsevier, vol. 32(6), pages 501-503.
    7. Silva, Maisa Mendonça & de Gusmão, Ana Paula Henriques & Poleto, Thiago & Silva, Lúcio Camara e & Costa, Ana Paula Cabral Seixas, 2014. "A multidimensional approach to information security risk management using FMEA and fuzzy theory," International Journal of Information Management, Elsevier, vol. 34(6), pages 733-740.
    8. Medeiros, Cristina Pereira & da Silva, Lucas Borges Leal & Alencar, Marcelo Hazin & de Almeida, Adiel Teixeira, 2021. "A new method for managing multidimensional risks in Natural Gas Pipelines based on non-Expected Utility," Reliability Engineering and System Safety, Elsevier, vol. 214(C).
    9. Vuciterna, Rina & Thomsen, Michael & Popp, Jennie & Musliu, Arben, 2017. "Efficiency and Competitiveness of Kosovo Raspberry Producers," 2017 Annual Meeting, February 4-7, 2017, Mobile, Alabama 252770, Southern Agricultural Economics Association.
    10. Gourav Gupta & Shivani & Deepika Rani, 2024. "Neutrosophic goal programming approach for multi-objective fixed-charge transportation problem with neutrosophic parameters," OPSEARCH, Springer;Operational Research Society of India, vol. 61(3), pages 1274-1300, September.
    11. Berna Tektas Sivrikaya & Ferhan Cebi & Hasan Hüseyin Turan & Nihat Kasap & Dursun Delen, 2017. "A fuzzy long-term investment planning model for a GenCo in a hybrid electricity market considering climate change impacts," Information Systems Frontiers, Springer, vol. 19(5), pages 975-991, October.
    12. Wu, Shaomin & Wu, Di & Peng, Rui, 2023. "Considering greenhouse gas emissions in maintenance optimisation," European Journal of Operational Research, Elsevier, vol. 307(3), pages 1135-1145.
    13. Collan, Mikael, 2008. "New Method for Real Option Valuation Using Fuzzy Numbers," Working Papers 466, IAMSR, Åbo Akademi.
    14. Kim, Jong Soon & Whang, Kyu-Seung, 1998. "A tolerance approach to the fuzzy goal programming problems with unbalanced triangular membership function," European Journal of Operational Research, Elsevier, vol. 107(3), pages 614-624, June.
    15. Berna Tektaş & Hasan Hüseyin Turan & Nihat Kasap & Ferhan Çebi & Dursun Delen, 2022. "A Fuzzy Prescriptive Analytics Approach to Power Generation Capacity Planning," Energies, MDPI, vol. 15(9), pages 1-26, April.
    16. Chen, Lisa Y. & Wang, Tien-Chin, 2009. "Optimizing partners' choice in IS/IT outsourcing projects: The strategic decision of fuzzy VIKOR," International Journal of Production Economics, Elsevier, vol. 120(1), pages 233-242, July.
    17. Víctor G. Alfaro-García & Anna M. Gil-Lafuente & Gerardo G. Alfaro Calderón, 2017. "A fuzzy approach to a municipality grouping model towards creation of synergies," Computational and Mathematical Organization Theory, Springer, vol. 23(3), pages 391-408, September.
    18. Aghayi, Nazila & Maleki, Bentolhoda, 2016. "Efficiency measurement of DMUs with undesirable outputs under uncertainty based on the directional distance function: Application on bank industry," Energy, Elsevier, vol. 112(C), pages 376-387.
    19. Wenyao Niu & Yuan Rong & Liying Yu & Lu Huang, 2022. "A Novel Hybrid Group Decision Making Approach Based on EDAS and Regret Theory under a Fermatean Cubic Fuzzy Environment," Mathematics, MDPI, vol. 10(17), pages 1-30, August.
    20. de Andres-Sanchez, Jorge, 2007. "Claim reserving with fuzzy regression and Taylor's geometric separation method," Insurance: Mathematics and Economics, Elsevier, vol. 40(1), pages 145-163, January.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ininma:v:43:y:2018:i:c:p:248-260. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-information-management .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.