Selection of Safeguards for Fuzzified Risk Management in Information Systems

  • Eloy Vicente
  • Alfonso Mateos
  • Antonio Jiménez-Martín
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 275)


This paper deals with the selection of failure transmission, preventive and palliative safeguards that minimize the maximum risk caused by threats to the assets of an information system (IS) for a given budget. We assume that all the elements in the IS, i.e., the degree of dependence between assets, the valuations of the assets, the severity and frequency of the threats, and the effect induced by safeguards, can be valuated using a fuzzy linguistic scale. This is less stressful on experts and suitable for accounting for imprecision and/or vagueness about the inputs. We model and solve the respective fuzzy optimization problem by means of the simulated annealing metaheuristic and give an example to illustrate the safeguard selection process.


Selection of safeguards risk analysis information systems fuzzy logic 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bortolan, G., Degani, R.: A Review of Some Methods for Ranking Subsets. Fuzzy Sets Syst. 15, 1–19 (1985)CrossRefMATHMathSciNetGoogle Scholar
  2. 2.
    Brunelli, M., Mezei, J.: How Different are Ranking Methods for Fuzzy Numbers? A Numerical Study. Int. J. Approx. Reason. 54, 627–639 (2013)CrossRefMathSciNetGoogle Scholar
  3. 3.
    CCTA Risk Analysis and Management Method (CRAMM), Version 5.0. London: Central Computing and Telecommunications Agency, CCTA (2003)Google Scholar
  4. 4.
    ISO/IEC 17799:2005, Information Technology - Security Techniques - Code of Practice for Information Security Management. Geneva: International Organization for Standardization (2005)Google Scholar
  5. 5.
    ISO/IEC 27005:2011, Information Technology - Security Techniques - Information Security Risk Management. Geneva: International Organization for Standardization (2005)Google Scholar
  6. 6.
    Kirkpatrick, S., Gelatt, C.D., Vecchi, C.D.: Optimization by Simulated Annealing. Sci. 220, 671–680 (1983)CrossRefMATHMathSciNetGoogle Scholar
  7. 7.
    López Crespo, F., Amutio-Gómez, M.A., Candau, J., Mañas, J.A.: Methodology for Information Systems Risk. Analysis and Management (MAGERIT version 2). Books I, II and III. Madrid: Ministerio de Administraciones Públicas (2006a)Google Scholar
  8. 8.
    Murakami, S., Maeda, S., Imamura, S.: Fuzzy Decision Analysis on the Development of Centralized Regional Energy Control System. In: IFAC Symposium on Fuzzy Information Knowledge Representation and Decision Analysis, pp. 363–368. Pergamon Press, New York (1983)Google Scholar
  9. 9.
    Stoneburner, G., Gougen, A.: NIST 800-30 Risk Management. Guide for Information Technology Systems, pp. 800–830. National Institute of Standard and Technology, Gaithersburg (2002)Google Scholar
  10. 10.
    Vicente, E., Jiménez, A., Mateos, A.: A Fuzzy Approach to Risk Analysis in Information Systems. In: Proceedings of the 2nd International Conference on Operations Research and Enterprise Systems, pp. 130–133. Scitepress, Barcelona (2013a)Google Scholar
  11. 11.
    Vicente, E., Jiménez, A., Mateos, A.: An Interactive Method of Fuzzy Probability Elicitation in Risk Analysis. In: Intelligent Systems and Decision Making for Risk Analysis and Crisis Response, pp. 223–228. CRC Press, New York (2013b)Google Scholar
  12. 12.
    Wang, X., Kerre, E.E.: Reasonable Properties for the Ordering of Fuzzy Quantities (I and II). Fuzzy Sets Syst. 118, 375–385 (2001)CrossRefMATHMathSciNetGoogle Scholar
  13. 13.
    Zadeh, L.A.: Fuzzy Sets. Inform. Control 8, 338–353 (1965)CrossRefMATHMathSciNetGoogle Scholar
  14. 14.
    Zadeh, L.A.: The Concept of a Linguistic Variable and its Application to Approximate Reasoning. Parts 1, 2 and 3, Inform. Sci. 8, 199–249 (1975)CrossRefMATHMathSciNetGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Eloy Vicente
    • 1
  • Alfonso Mateos
    • 1
  • Antonio Jiménez-Martín
    • 1
  1. 1.Decision Analysis and Statistics GroupUniversidad Politécnica de MadridMadridSpain

Personalised recommendations