Abstract
The purpose of this paper is to introduce a way to deal with uncertainties in risk analysis. Risk analysis is a key process in security management in that its result provides a decision-basis for safeguard implementation. However, it must often rely on speculation, educated guesses, incomplete data, and many unproven assumptions. Users of risk analysis often provide their uncertain subjective opinions as input values to risk analysis. Therefore, the consideration of uncertainties in input data should be made when performing a risk analysis. As a tool for expressing and dealing with uncertainties in input data, we suggest the use of belief functions. Weprovide examples of how to use belief functions in qualitative risk analysis methods.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
BS7799-Part2: Information security management part2-specification for information security management systems. British Standard Institution (1999)
CRAMM: CRAMM user guide (Issue 1.0). The Security Service, London (1996)
Cerullo, M. J., Cerullo V.: EDP risk analysis. Computer Audit J. 2 (1994) 9–30
Dubois, D., Grabisch, M., Prade, H., Smets, Ph.: Using the transferable belief model and a qualitative possibility theory approach on an illustrative example-the assessment of the value of a candidate. Intl. J. of Intelligent System (to appear)
ISO/IEC TR13335-1: Guideline for management of IT security Part1-Concepts and models for IT security (1996)
ISO/IEC TR 13335-2: Guideline for management of IT security Part2-Managing and planning of IT security (1997)
NIST Special Publication 800-12: The NIST Handbook-An introduction to computer security. National Institute of Standards and Technology (1995)
RiskWatch: Physical security training manual (Ver. 8.1). RiskWatch Inc. (1999)
Shafer, G. R.: A mathematical theory of evidence. Princeton Univ. Press, NJ (1976)
Smets, Ph., Kennes, R.: The transferable belief model. Artificial Intelligence 66 (1994) 191–234
Smets, Ph.: Varieties of ignorance and the need for well-founded theories. Information Sciences 57–58 (1991) 135–144
Srivastava, R. P., Shafer, G. R.: Belief-function formulas for audit risk. The Accounting Review 67 (1992) 249–283
Srivastava, R. P., Shenoy, P. P., Shafer, G. R.: Propagating belief functions in ANDtrees. Intl. J. of Intelligent Systems 10 (1995) 647–664
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cho, S., Ciechanowicz, Z. (2001). Dealing with Uncertainties in Risk Analysis Using Belief Functions. In: Qing, S., Okamoto, T., Zhou, J. (eds) Information and Communications Security. ICICS 2001. Lecture Notes in Computer Science, vol 2229. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45600-7_14
Download citation
DOI: https://doi.org/10.1007/3-540-45600-7_14
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42880-0
Online ISBN: 978-3-540-45600-1
eBook Packages: Springer Book Archive