DOI QR코드

DOI QR Code

Cost Risk Analysis for Preparing Budgets of Information Security using Fuzzy AHP

정보보안 예산 수립에서 퍼지 AHP의 적용을 통한 위험 비용 분석

  • Received : 2012.07.20
  • Accepted : 2012.09.11
  • Published : 2012.09.30

Abstract

Recently, the breakdown of online banking servers and the leakage of customer information give rise to much concern about the security of information systems in financial and banking companies in Korea. The enforcement of security for information system becomes much more important issue than earlier. However, the security reinforcement of information system is restricted by a budget. In addition, the activities' cost to secure information system from threatening are under uncertain circumstances and should be established by a human decision maker who is basically uncertain and vague. Thus, making the budget for information system is exposed to any extent of the risk for these reasons. First, we introduce brief fuzzy set theory and fuzzy AHP (Analytic Hierarchy Process) methodology. Then, the cost elements that comprise yearly budget are presented and the priorities among the cost elements are calculated by fuzzy AHP. The cost elements that are exposed to risk are evaluated from the both perspectives of the risk impact and risk occurrence possibility which are expressed as linguistic terms. To get information on the risk profiles-pessimistic, most likely, and optimistic-for each cost element, the evaluation is accomplished and the result is presented. At last, the budget ranges-minimum, mode, maximum-for each cost element are estimated with the consideration of the risk profiles.

Keywords

References

  1. 공희경, 전효정, 김태성, "AHP를 이용한 정보보호투자 의사결정에 대한 연구," Journal of Information Technology Application & Management, 제15권, 제1호, 2008, pp. 139-152.
  2. 김수영, 이승찬, "퍼지 AHP를 이용한 정보시스템 솔루션 선정 모델에 관한 연구," Entrue Journal of Information Technology, 제4권, 제1호, 2005, pp. 79-89.
  3. 이경근, 류시욱, "정보 보안 방안 선택을 위한 퍼지 AHP 방법의 비교 검토," 정보시스템연구, 제19권, 제3호, 2010, pp. 59-73.
  4. 정철용, 손동기, "AHP 기법을 활용한 정보시스템 개발 프로젝트 위험요인 평가에 관한 탐색적 연구," 정보시스템연구, 제15권, 제2호, 2006, pp. 77-93.
  5. 최철림, 송영재, "Fuzzy AHP를 적용한 클라우드 컴퓨팅 환경에서 보안 속성의 상대적 중요도 평가," 한국항행학회 논문지, 제15권, 제6호, 2011, pp. 1098-1103.
  6. 한국인터넷진흥원, "2010 국내 정보보안산업 실태조사," 2010.
  7. Bellman, R.E. and Zadeh, L.A., "Decision-Making in a Fuzzy Environment", Management Science, Vol.17, No.4, 1970, pp. 21-31.
  8. Buckley, J.J. (1985). "Ranking Alternatives using Fuzzy Numbers," Fuzzy Sets Systems, Vol.15, No.1, pp. 21-31. https://doi.org/10.1016/0165-0114(85)90013-2
  9. Chang, D.Y., "Application of the Extent Analysis Method on Fuzzy AHP," European Journal of Operational Research, Vol.95, 1996, pp. 649-655. https://doi.org/10.1016/0377-2217(95)00300-2
  10. Chen, M.K. and Wang, S.C., (2010). "The Critical Factors of Success for Information Service Industry in Developing Interantional Market: Using Analytic Hierarchy Process(AHP) Approach," Expert Systems with Applications, Vol.37, pp. 694-704. https://doi.org/10.1016/j.eswa.2009.06.012
  11. Cheng, C.H., "Evaluating Naval Tactical Missile Systems by Fuzzy AHP based on the Grade Value of Membership Function," European Journal of Operational Research, Vol.96, 1996, pp. 343-350.
  12. Dubios, D. and Prade, H. (1982). "A Class of Fuzzy Measures based on Triangular Norms," International Journal of General Systems, Vol.8, pp. 43-61. https://doi.org/10.1080/03081078208934833
  13. Saaty, T.L., The Analytic Hierarchy Process. New York, McGraw-Hill, 1980.
  14. Zadeh, L.A., (1965). "Fuzzy set," Information and Control, Vol.8, No.3, pp. 338-353. https://doi.org/10.1016/S0019-9958(65)90241-X
  15. Zhang, Y., Deng, X., Wei, D. and Deng, Y. (2012). "Assessment of E-Commerce Security using AHP and Evidential Reasoning," Expert Systems with Applications, Vol.39, pp. 3611-3623. https://doi.org/10.1016/j.eswa.2011.09.051
  16. Zhu, K.J., Jing, Y. and Chang, D.Y. (1999). "A Discussion on Extent Analysis Method and Application of Fuzzy AHP," European Journal of Operational Research, Vol.116, pp. 450-456. https://doi.org/10.1016/S0377-2217(98)00331-2

Cited by

  1. Customized Coupon Recommendation Model based on Fuzzy AHP Reflecting User Preference vol.12, pp.5, 2014, https://doi.org/10.14400/JDC.2014.12.5.395
  2. Evaluation of Inland Inundation Risk in Urban Area using Fuzzy AHP vol.47, pp.9, 2014, https://doi.org/10.3741/JKWRA.2014.47.9.789