A Fuzzy Multi-Criteria Decision-Making Method for Managing Network Security Risk Perspective

A Fuzzy Multi-Criteria Decision-Making Method for Managing Network Security Risk Perspective

Suhel Ahmad Khan (Indira Gandhi National Tribal University, Amarkantak, India), Waris Khan (Babasaheb Bhimrao Ambedkar University, Lucknow, India) and Dhirendra Pandey (Babasaheb Bhimrao Ambedkar University, Lucknow, India)
Copyright: © 2021 |Pages: 26
DOI: 10.4018/978-1-7998-2764-1.ch006

Abstract

Security threats evaluation accepts a pivotal part in network security management. In this chapter, the author has depicted the significant measures and parameters with respect to huge industry/organizational prerequisites for building up a secure network. The existing fuzzy model is a combination of fuzzy techniques and expert's opinions. The work aims to manage network security risks during D2D data communication through the network to optimize security assurance. The idea is to provide a means of security risk assessment during D2D data communication through the network. Security risks are those that prevent the accomplishment of the objectives specified by developers as well as organizations. The basic idea of the proposed work is to identify and prioritize the security risks methods, which is used to find the problems and fix them only to minimize cost, rework, and time. The work examines the effect of multi-criteria decision analysis methods for security risk assessment.
Chapter Preview
Top

Introduction

The modern world is critically reliant on a broad range of network communication. Dependency on networking is so high that life cannot be imagined without them. With all the advantages of networking and the web applications running on them, there is fear too. News headlines are scaring us over data and information theft nowadays. In April 2011, data theft has been reported in Sony Play Station, where hackers have stolen about 77 million subscriber’s personal data. This was due to the privacy breach in Sony’s Play Station Network. According to security experts, this breach of privacy was among the biggest recorded. It took the $171 million cost to restore its systems and provide its customers with credit protection services (Agrafiotis et al., 2018; Dark Reading, 2011; Wilton, 2017). These incidents raise questions about the security status of stored data, processed by networking that is shared via the Internet. Security is characterized as the set of laws, rules, and practices that govern an organization's management, security, and dissemination of sensitive information. This applies to maintaining confidentiality, integrity, authenticity, availability and non-repudiation etc. (Khan et al., 2018a; Khan et al., 2018b; Punter et al., 2016).

Focusing on network security during data sharing could protect the network against unauthorized use, access, disclosure and modification. The attackers can not be blamed exclusively for the incidences discussed; the same responsibility lies with designers and developers. Attackers do not create security holes on their own; they just exploit vulnerabilities present in the network. Vulnerabilities are the defects that are introduced during D2D communication. The presence of even a single vulnerability may cause irreparable loss to the organization in terms of money and reputation (Abomhara & Køien, 2015; Charles & Pñeeger, 2012; Kizza, 2013; Roozbahani & Azad, 2015). Even after so many life-threatening security incidents, when interacting D2D network, it is still viewed as an afterthought (Nitti et al., 2015). Security features are often sprayed onto the fully developed structure of the network. The drawback is that the security professionals can never be sure of identifying and patching all the security holes. Consequently, security has become a major challenge. Today practitioners will think not only of consumers but also of adversaries to succeed in this competitive era. Addressing security at each data communication process is called network protection (Ahmad & Habib, 2010; Awodele et al., 2012; Berner, 2011; Daya, 2010; Kizza, 2005; Krishnan, 2004; Stallings, 2011).

For successful project control, information about the project should be objective and quantitative, ranging from the development process to the management process. The need for the process to have quantitative data requires the use of methods. It is a valuable tool that helps security professionals to incorporate security features in the network. In addition, optimization models are prevalent in the quantification and assessment of security risks. They have become the basic foundation for informed security risk-related decision making. An optimization model based on classic set theory, however, may not be able to describe some security risks in a meaningful and practical manner. Lack of knowledge data intertwined with cause-and-effect relationships and imprecise data makes it difficult to determine the presentation level of some security risk model using only traditional optimisation models. Sometimes the origin of the security risk and its characteristics may be incompletely understood, even with a robust quantitative security risk model tailored to data experience (Birge et al., 2018; Chen et al., 2018; Viduto et al., 2012).

Complete Chapter List

Search this Book:
Reset