The quantification of information security risk using fuzzy logic and Monte Carlo simulation.

The quantification of information security risk using fuzzy logic and Monte Carlo simulation.

The quantification of information security risks is currently highly subjective. Values for information such as impact and probability, which are estimated during risk analysis, are mostly estimated by people or experts internal or external to the organization. Because the estimation of these values...

Full description

Bibliographic Details
Main Author: Vorster, Anita
Published: 2008
Subjects:
Risk assessment
Monte Carlo method
Fuzzy logic
Computer security
Information technology risk assessment
Online Access:http://hdl.handle.net/10210/527
id ndltd-netd.ac.za-oai-union.ndltd.org-uj-uj-8851
record_format oai_dc
spelling ndltd-netd.ac.za-oai-union.ndltd.org-uj-uj-88512017-09-17T03:59:32ZThe quantification of information security risk using fuzzy logic and Monte Carlo simulation.Vorster, AnitaRisk assessmentMonte Carlo methodFuzzy logicComputer securityInformation technology risk assessmentThe quantification of information security risks is currently highly subjective. Values for information such as impact and probability, which are estimated during risk analysis, are mostly estimated by people or experts internal or external to the organization. Because the estimation of these values is done by people, all with different backgrounds and personalities, the values are exposed to subjectivity. The chance of any two people estimating the same value for risk analysis information is rare. There will always be a degree of uncertainty and imprecision in the values estimated. It is therefore during the data-gathering phase of risk analysis that the problem of subjectivity lies. To address the problem of subjectivity, techniques that mathematically deal with and present uncertainty and imprecision are used to estimate values for probability and impact. During this research a model for the objective estimation of probability was developed. The model uses mostly input values that are entirely objective, but also a small number of subjective input values. It is in these subjective input values that fuzzy logic and Monte Carlo simulation come into play. Fuzzy logic takes a qualitative subjective value and gives it an objective value, and Monte Carlo simulation complements fuzzy logic by giving a cumulative distribution function to the uncertain, imprecise input variable. In this way subjectivity is dealt with and the result of the model is a probability value that is estimated objectively. The same model that was used for the objective estimation of probability was used to estimate impact objectively. The end result of the research is the combination of the models to use the objective impact and probability values in a formula that calculates risk. The risk factors are then calculated objectively. A prototype was developed as proof that the process of objective information security risk quantification can be implemented in practice.Prof. L. Labuschagne2008-06-04T11:27:02ZThesisuj:8851http://hdl.handle.net/10210/527
collection NDLTD
sources NDLTD
topic Risk assessment
Monte Carlo method
Fuzzy logic
Computer security
Information technology risk assessment
spellingShingle Risk assessment
Monte Carlo method
Fuzzy logic
Computer security
Information technology risk assessment
Vorster, Anita
The quantification of information security risk using fuzzy logic and Monte Carlo simulation.
description The quantification of information security risks is currently highly subjective. Values for information such as impact and probability, which are estimated during risk analysis, are mostly estimated by people or experts internal or external to the organization. Because the estimation of these values is done by people, all with different backgrounds and personalities, the values are exposed to subjectivity. The chance of any two people estimating the same value for risk analysis information is rare. There will always be a degree of uncertainty and imprecision in the values estimated. It is therefore during the data-gathering phase of risk analysis that the problem of subjectivity lies. To address the problem of subjectivity, techniques that mathematically deal with and present uncertainty and imprecision are used to estimate values for probability and impact. During this research a model for the objective estimation of probability was developed. The model uses mostly input values that are entirely objective, but also a small number of subjective input values. It is in these subjective input values that fuzzy logic and Monte Carlo simulation come into play. Fuzzy logic takes a qualitative subjective value and gives it an objective value, and Monte Carlo simulation complements fuzzy logic by giving a cumulative distribution function to the uncertain, imprecise input variable. In this way subjectivity is dealt with and the result of the model is a probability value that is estimated objectively. The same model that was used for the objective estimation of probability was used to estimate impact objectively. The end result of the research is the combination of the models to use the objective impact and probability values in a formula that calculates risk. The risk factors are then calculated objectively. A prototype was developed as proof that the process of objective information security risk quantification can be implemented in practice. === Prof. L. Labuschagne
author Vorster, Anita
author_facet Vorster, Anita
author_sort Vorster, Anita
title The quantification of information security risk using fuzzy logic and Monte Carlo simulation.
title_short The quantification of information security risk using fuzzy logic and Monte Carlo simulation.
title_full The quantification of information security risk using fuzzy logic and Monte Carlo simulation.
title_fullStr The quantification of information security risk using fuzzy logic and Monte Carlo simulation.
title_full_unstemmed The quantification of information security risk using fuzzy logic and Monte Carlo simulation.
title_sort quantification of information security risk using fuzzy logic and monte carlo simulation.
publishDate 2008
url http://hdl.handle.net/10210/527
work_keys_str_mv AT vorsteranita thequantificationofinformationsecurityriskusingfuzzylogicandmontecarlosimulation
AT vorsteranita quantificationofinformationsecurityriskusingfuzzylogicandmontecarlosimulation
_version_ 1718537575555137536

Similar Items