Title :
FEMRA: Fuzzy Expert Model for Risk Assessment
Author :
Sendi, Alireza Shameli ; Jabbarifar, Masoume ; Shajari, Mehdi ; Dagenais, Michel
Author_Institution :
Ecole Polytech. de Montreal Montreal, Montreal, QC, Canada
Abstract :
Risk assessment is a major part of the ISMS Process. The Information Security Management System standards specify guidelines and a general framework for risk assessment. In many existing standards, such as NIST and ISO27001, risk assessment is described however, while these standards present some guidelines, there are no details on how to implement it in an organization. In a complex organization, risk assessment is a complicated process and involves a lot of assets. In this paper, we present the FEMRA model, which uses fuzzy expert systems to assess risk in organizations. The risk assessment varies considerably with the context, the metrics used as dependent variables, and the opinions of the persons involved. Fuzzy logic thus represents an excellent model for this application. Organizations can use FEMRA as a tool to improve the ISMS implementation. One of the interesting characteristics of FEMRA is that it can represent each risk with a numerical value. The managers can detect higher risks by comparing these values and develop a good strategy to reduce them.
Keywords :
fuzzy logic; risk management; security of data; FEMRA; fuzzy expert model for risk assessment; fuzzy logic; information security management system standards; Authentication; Biometrics; Data privacy; Data security; Entropy; Fingerprint recognition; Information security; Polynomials; Protection; Risk management; asset; fuzzy; risk assessment; threat; vulnerability;
Conference_Titel :
Internet Monitoring and Protection (ICIMP), 2010 Fifth International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-1-4244-6726-6
DOI :
10.1109/ICIMP.2010.15
