Developing an Information Security Risk Taxonomy and an Assessment Model using Fuzzy Petri Nets

Developing an Information Security Risk Taxonomy and an Assessment Model using Fuzzy Petri Nets

Dhanya Pramod (Symbiosis Centre for Information Technology (SCIT), Symbiosis International (Deemed University), Pune, India) and S. Vijayakumar Bharathi (Symbiosis Centre for Information Technology (SCIT), Symbiosis International (Deemed University), Pune, India)
Copyright: © 2018 |Pages: 22
DOI: 10.4018/JCIT.2018070104

Abstract

In the digital era, organization-wide information security risk assessment has gained importance because it can impact businesses in many ways. In this article, the authors propose a model to assess the information security risk using Fuzzy Petri Nets (FPN). Deeply rooted in the OCTAVE framework, this research presents a taxonomy of risk practice areas and risk factors. The authors apply the constituents of the taxonomy to risk assessment through a well-defined FPN model. The primary motive of the article is to extend the usability of FPNs to newer and less explored domains like audit and evaluation of information security risks. The unique contribution of this article is the definition and development of a comprehensive and measurable model of risk assessment and quantification. The model can also serve as a tool to capture the risk perception of the respondents for validating the criticality of risk and facilitate the top management to invest in information security control eco-system judiciously.
Article Preview
Top

2. Literature Review

This section contains two broad parts. Section 2.1 covers the existing literature relating to information security risks and present a taxonomy of risk and risk factors in the assessment model. Section 2.2 deliberates about the current applications of FPN and also bids for the use of FPN as a risk assessment model among other risk assessment models for information security (Macedo, and Da Silva, 2012).

Complete Article List

Search this Journal:
Reset
Open Access Articles
Volume 22: 4 Issues (2020): 1 Released, 3 Forthcoming
Volume 21: 4 Issues (2019)
Volume 20: 4 Issues (2018)
Volume 19: 4 Issues (2017)
Volume 18: 4 Issues (2016)
Volume 17: 4 Issues (2015)
Volume 16: 4 Issues (2014)
Volume 15: 4 Issues (2013)
Volume 14: 4 Issues (2012)
Volume 13: 4 Issues (2011)
Volume 12: 4 Issues (2010)
Volume 11: 4 Issues (2009)
Volume 10: 4 Issues (2008)
Volume 9: 4 Issues (2007)
Volume 8: 4 Issues (2006)
Volume 7: 4 Issues (2005)
Volume 6: 1 Issue (2004)
Volume 5: 1 Issue (2003)
Volume 4: 1 Issue (2002)
Volume 3: 1 Issue (2001)
Volume 2: 1 Issue (2000)
Volume 1: 1 Issue (1999)
View Complete Journal Contents Listing