| Summary: | 碩士 === 正修科技大學 === 電機工程研究所 === 104 === This thesis derives fuzzy economic models for the effectiveness evaluation of different Information System Security (ISS) alternatives. The Net Present Value (NPV) and Benefit/Cost Ratio (BCR) models are proposed for the execution of cost-benefit analysis. Since fuzzy results are in the form of a complex nonlinear representation, and do not always provide a totally ordered set in the same way that crisp numbers do, the current paper approximates the resulting fuzzy profitability indexes by a triangular fuzzy number initially, and then uses the Mellin Transform to obtain the means and variances of the approximated fuzzy numbers in order to determine their relative ranking in a decision-making process. The performance of the proposed models is verified by considering their application to a practical ISS program.
Given the information-intense characteristics of a modern economy, whatever kind, scale of firms they are undergoing electronic business activities. The continued growth in the use of information technologies makes firms increasingly dependent on their information systems. However, firm’s information assets are susceptible to risk by virtue of the fact that the information system is connected to third party networks, typically the Internet. Some people and firms deal with highly sensitive information that could potentially threaten a certain people or nation. Corporations have trade secrets and business processes they do not want publicly disclosed.
Any successful attack on information system and its eventual crash
could result in a serious loss of data, services and business operations. This is the main reason why modern organizations are investing in information security system (ISS). The ISS should protect the confidentiality, integrity, and availability of the information system. It should be no surprise to learn that ISS is a growing spending priority among most companies. This growth in ISS is occurring in a variety of areas including software to detect viruses, firewalls, sophisticated encryption techniques, intrusion detection systems, automated data backup, and hardware devices.
In order to determine how much an organization should spend on ISS and data protection it is important to know the value of the assets to be protected. This is usually done by risk management, which provides the organization with information about the consequences if appropriate protection and security solutions are not provided and about the potential losses in the case of security incident and the impact it may have on the company’s overall productivity. Nowadays, the question is not whether organizations need more security, but how much to spend for added security.
|
|---|
