永田 清 経営学部 経営学科 教授
Method to Select Effective Risk Mitigation Controls Using Fuzzy Outranking
In an information-oriented society, the security of information related assets in organizations is one of chief concerns and the importance of security evaluation system to grasp their security level is increasing. We also consider that the magnitude of risk to information assets is highly dependent on the scales, forms, treat etc. of the organization, and should be evaluated by reflecting these characteristics. Standing on this concept, we adopted OCTAVESM as the basic information system and already proposed two fuzzy-based methods integrated in it. One is to determine the set of critical assets using fuzzy decision making methodology by multi-participants. The other is to calculate the degree of risks along with the given threat path as a crisp value using fuzzy inference mechanism and so on. In this paper, we propose a system for selecting some mitigation controls considered to be more effective than others as an application of fuzzy outranking.
Kiyoshi Nagata, Michio Amagasa, Yutaka Kigawa, and Dongmei Cui
共著 Proceedings of the 9th International Conference on Intelligent Systems Design and Applications, 30 November - 2 December, 2009, Pisa, Italy pp.479-484 2009/11
Copyright(C) 2011 Daito Bunka University, All rights reserved.