Fuzzified Risk Management: Selection of Safeguards to Minimize the Maximum Risk

Eloy Vicente1, Alfonso Mateos1 and Antonio Jiménez-Martín1

  1. Decision Analysis and Statistics Group, Departamento de Inteligencia Artificial
    Universidad Politecnica de Madrid, Avda. Ramiro de Maeztu 7, 28040, Madrid, Spain
    fe.vicentecestero, alfonso.mateos, antonio.jimenezg@upm.es

Abstract

Threats can trigger incidents in information systems (IS) causing damage or intangible material loss to assets. A good selection of safeguards is critical for reducing risks caused by threats. This paper deals with the selection of failure transmission, preventive and palliative safeguards that minimize the maximum risk of an IS for a specified budget. We assume that all the elements in the IS are valuated using a linguistic scale, which is capable of accounting for imprecision and/or vagueness concerning the inputs. Trapezoidal fuzzy numbers are associated with these linguistic terms, and risk analysis and management is consequently based on trapezoidal fuzzy number arithmetic. We model and solve the respective fuzzy optimization problem by means of the simulated annealing metaheuristic and give an example to illustrate the safeguard selection process.

Key words

Selection of safeguards, risk analysis, information systems, fuzzy logic

Digital Object Identifier (DOI)

https://doi.org/10.2298/CSIS140925017V

Publication information

Volume 12, Issue 2 (June 2015)
Year of Publication: 2015
ISSN: 2406-1018 (Online)
Publisher: ComSIS Consortium

Full text

DownloadAvailable in PDF
Portable Document Format

How to cite

Vicente, E., Mateos, A., Jiménez-Martín, A.: Fuzzified Risk Management: Selection of Safeguards to Minimize the Maximum Risk. Computer Science and Information Systems, Vol. 12, No. 2, 567-585. (2015), https://doi.org/10.2298/CSIS140925017V