A Fuzzy Multi-criteria Decision Model for Information System Security Investment

  • Vincent C. S. Lee
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2690)


Decision on how much resources should be invested to curb information security threat at a specific risk level is contingent upon multiple criteria, some of which must be represented by linguistic variables. This paper aims to provide theoretical justifications for the various criteria and the need to use a fuzzy-logic based tool for their selection and classification.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Lee, V.C.S., Shao, L.: A Fuzzy Regression Inference design for optimal investment on enterprise information security ISDA 2003 (2003) (submitted to)Google Scholar
  2. 2.
    CERT/CC statistics (1988-2002),
  3. 3.
    Report of Internet, Technology and Telecommunications, Internet research of Morgan Stanley (August. 2002)Google Scholar
  4. 4.
    CIO magazine survey report, Security Spending: how much is enough (September 2002)Google Scholar
  5. 5.
    Briney, A.: Report of Information Security Survey (September 2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Vincent C. S. Lee
    • 1
  1. 1.School of Business SystemsMonash UniversityAustralia

Personalised recommendations