Abstract
Quantification is a highly successful paradigm in many technical and engineering disciplines. Security quantification is the representation and analysis of information security in a quantitative manner. The exponential growth of information technology and the prospect of increased public access to the computing, communications, and storage resources have made these systems more vulnerable to attacks. The need to protect these systems is fueling the need of quantifying security metrics to determine the exact level of security assurances. This paper presents a quantitative framework based on Fuzzy Analytic Hierarchy Process (FAHP) to quantify the security performance of an information system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Geer Jr., D., Hoo, K.S., Jaquith, A.: Information Security: Why the Future Belongs to the Quants. IEEE Journal on Security & Privacy 1(4), 24–32 (2003)
Chang, D.Y.: Applications of the extent analysis method on fuzzy-AHP. European Journal of Operational Research 95(3), 649–655 (1996)
Salmeron, J.L., Herrero, I.: An AHP-based methodology to rank critical success factors of executive information systems. Computer Standards & Interfaces 28(1), 1–12 (2005)
Zadeh, L.A.: Fuzzy sets. Information and Control 8(3), 338–353 (1965)
Chen, M.F., Tzeng, G.H., Ding, C.G.: Combining fuzzy AHP with MDS in identifying the preference similarity of alternatives. Applied Soft Computing 8(1), 110–117 (2008)
Van Laarhoven, P.J.M., Pedrycz, W.: A fuzzy extension of Saaty’s priority theory. Fuzzy Sets and Systems 11(1-3), 199–227 (1983)
Chew, E., Swanson, M., Stine, K., Bartol, N., Brown, A., Robinson, W.: NIST performance measurement guide for information security. Technical report, NIST (September 2008)
Saaty, T.: The Analytic Hierarchy Process. McGraw-Hill (1980)
Thalia, S., Tuteja, A., Dutta, M.: An algorithm design to evaluate the security level of an information system. In: Das, V.V., Stephen, J., Chaba, Y. (eds.) CNC 2011. CCIS, vol. 142, pp. 69–75. Springer, Heidelberg (2011)
WISSRR Workshop Proceedings, Security System Scoring and Ranking (May 2001)
Introduction to ISO 27004 / ISO27004, http://www.27000.org/iso-27004.htm
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Thalia, S., Tuteja, A., Dutta, M. (2011). Towards Quantification of Information System Security. In: Das, V.V., Thankachan, N. (eds) Computational Intelligence and Information Technology. CIIT 2011. Communications in Computer and Information Science, vol 250. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25734-6_34
Download citation
DOI: https://doi.org/10.1007/978-3-642-25734-6_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25733-9
Online ISBN: 978-3-642-25734-6
eBook Packages: Computer ScienceComputer Science (R0)