INVESTIGATION OF THE METHOD OF EVALUATING THE EFFECTIVENESS OF THE INFORMATION SECURITY SYSTEM BASED ON FUZZY INFERENCE
DOI:
https://doi.org/10.37943/13DZEV3953Keywords:
information security, audit, fuzzy modeling, cybersecurity, penetration testingAbstract
As organizations increasingly rely on digital technology to operate, protecting their information and data has become a critical concern. Information security systems are designed to safeguard digital assets against unauthorized access, use, disclosure, disruption, modification, or destruction. However, evaluating the effectiveness of an information security system can be challenging due to the complexity of the system and the diversity of threats it faces. In recent years, researchers have proposed using fuzzy inference to evaluate the effectiveness of information security systems. Fuzzy inference is a mathematical approach that can handle uncertain and imprecise information, making it well-suited for evaluating the effectiveness of information security systems. This research aims to develop a method for evaluating the effectiveness of an information security system based on fuzzy inference. The proposed method uses a set of performance indicators to measure the effectiveness of the system, such as the number of security incidents detected, the response time to security incidents, and the number of false positives and false negatives [1]. These indicators are then combined using fuzzy inference to generate an overall effectiveness score for the system. The proposed method will be evaluated using a real-world case study of an information security system deployed in an organization. The effectiveness score generated by the fuzzy inference method will be compared to the results obtained using traditional evaluation methods, such as the cost-benefit analysis or the return-on-investment analysis. The results of the study will demonstrate the effectiveness and usefulness of the proposed method for evaluating information security systems.
References
Gnatyuk, S. (2016). Critical aviation information systems cybersecurity. NATO Science for Peace and Security. IOS Press Ebooks, 47(3), 308-316.
Aibekova, A., & Selvarajah, V. (2022, April). Offensive Security: Study on Penetration Testing Attacks, Methods, and their Types. In 2022 IEEE International Conference on Distributed Computing and Electrical Circuits and Electronics (ICDCECE) (pp. 1-9). IEEE. https://doi.org/10.1109/ICDCECE53908.2022.9792772
Slunjski, M., Sumina, D., Groš, S., & Erceg, I. (2022). Off-the-Shelf Solutions as Potential Cyber Threats to Industrial Environments and Simple-To-Implement Protection Methodology. IEEE Access, 10, 114735-114748. https://doi.org/10.1109/ACCESS.2022.3217797
Almubairik, N.A., & Wills, G. (2016, December). Automated penetration testing based on a threat model. In 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST) (pp. 413-414). IEEE. https://doi.org/10.1109/ICITST.2016.7856742
National Institute of Standards and Technology Special Publication. (Sep. 2008). Natl. Inst. Stand. Technol. Spec. Publ, 800-115, 80.
Goel, S., & Chen, V. (2005). Information security risk assessment –a matrix-based approach. University at Albany, SUNY.
Xu, Y., Yang, Y., Li, T., Ju, J., & Wang, Q. (2017, November). Review on cyber vulnerabilities of communication protocols in industrial control systems. In 2017 IEEE Conference on Energy Internet and Energy System Integration (EI2) (pp. 1-6). IEEE. https://doi.org/10.1109/EI2.2017.8245509
Svalin, K., Mellgren, C., Levander, M.T., & Levander, S. (2018). Police employees’ violence risk assessments: The predictive validity of the B-SAFER and the significance of protective actions. International journal of law and psychiatry, 56, 71–79. https://doi.org/10.1016/j.ijlp.2017.09.001
Wei, W.A. et al. Multi-hazard comprehensive risk assessment based on coupling incentive mechanism. China Saf. Sci. J. 29, 161–167 (2019). Wei, W.A.N.G., Chenhong, X.I.A., Donghui, M.A., & Jingyu, S.U. (2019). Multi-hazard comprehensive risk assessment based on coupling incentive mechanism. China Safety Science Journal, 29(3), 161. https://doi.org/10.16265/j.cnki.issn1003-3033.2019.03.027
Yang, B. (2019). Dynamic risk identification safety model based on fuzzy support vector machine and immune optimization algorithm. Safety science, 118, 205-211. https://doi.org/10.1016/j.ssci.2019.05.022
Xu, J., Du, X., Cai, W., Zhu, C., & Chen, Y. (2019). MeURep: A novel user reputation calculation approach in personalized cloud services. PloS one, 14(6), e0217933. https://doi.org/10.1371/journal.pone.0217933
Lu, Y., Fang, Y., & Qin, J. (2019, October). A trust assessment model based on recommendation and dynamic self-adaptive in cloud service. In Journal of Physics: Conference Series (Vol. 1325, No. 1, p. 012007). IOP Publishing. https://doi.org/10.1088/1742-6596/1325/1/012007
Huang, C., He, L., Liao, X., Dai, H., & Ji, M. (2016). Developing a trustworthy computing framework for clouds. International Journal of Embedded Systems, 8(1), 59-68. https://doi.org/10.1504/IJES.2016.073753
Kurdi, H., Alfaries, A., Al-Anazi, A., Alkharji, S., Addegaither, M., Altoaimy, L., & Ahmed, S. H. (2019). A lightweight trust management algorithm based on subjective logic for interconnected cloud computing environments. The Journal of Supercomputing, 75, 3534-3554. https://doi.org/10.1007/s11227-018-2669-y
Topaloğlu, F., & Pehlıvan, H. (2018, March). Comparison of Mamdani type and Sugeno type fuzzy inference systems in wind power plant installations. In 2018 6th international symposium on digital forensic and security (ISDFS) (pp. 1-4). IEEE. https://doi.org/10.1109/ISDFS.2018.8355384
Hamdaouy, A.E., Salhi, I., Belattar, A., & Doubabi, S. (2017). Takagi–Sugeno fuzzy modeling for three-phase micro hydropower plant prototype. International Journal of Hydrogen Energy, 42(28), 17782-17792. https://doi.org/10.1016/j.ijhydene.2017.02.167
Ebrahimnejad, A., & Verdegay, J.L. (2018). Fuzzy sets-based methods and techniques for modern analytics (Vol. 364). Cham: Springer. https://doi.org/10.1007/978-3-319-73903-8
Vimercati, S.D.C., Foresti, S., Livraga, G., Piuri, V., & Samarati, P. (2019). A fuzzy-based brokering service for cloud plan selection. IEEE Systems Journal, 13(4), 4101-4109. https://doi.org/10.1109/JSYST.2019.2893212
Shumsky, A.A., & Shelupanov, A.A. (2005). Sistemny analiz v zashchite informatsii [System Analysis in Information Security]. Moscow, Gelios ARV Publ.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Articles are open access under the Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Authors who publish a manuscript in this journal agree to the following terms:
- The authors reserve the right to authorship of their work and transfer to the journal the right of first publication under the terms of the Creative Commons Attribution License, which allows others to freely distribute the published work with a mandatory link to the the original work and the first publication of the work in this journal.
- Authors have the right to conclude independent additional agreements that relate to the non-exclusive distribution of the work in the form in which it was published by this journal (for example, to post the work in the electronic repository of the institution or publish as part of a monograph), providing the link to the first publication of the work in this journal.
- Other terms stated in the Copyright Agreement.