Open Access

A new lightweight method for security risk assessment based on fuzzy cognitive maps

Piotr Szwed
Piotr Szwed
 and 
Paweł Skrzyński
Paweł Skrzyński
   | Mar 25, 2014
International Journal of Applied Mathematics and Computer Science's Cover Image
International Journal of Applied Mathematics and Computer Science
Volume 24 (2014): Issue 1 (March 2014)
Selected Problems of Biomedical Engineering (special section, pp. 7 - 63), Marek Kowal and Józef Korbicz (Eds.)
About this article
Previous Article
Next Article
Cite
Published Online: Mar 25, 2014
Page range: 213 - 225
DOI: https://doi.org/10.2478/amcs-2014-0016
Keywords
This content is open access.

Aguilar, J. (2005). A survey about fuzzy cognitive maps papers, International Journal 3(2): 27-33.Search in Google Scholar

Anderson, S., De Palma, A. and Thisse, J. (1992). DiscreteChoice Theory of Product Differentiation,MIT Press, Boston, MA.10.7551/mitpress/2450.001.0001Search in Google Scholar

Axelrod, R.M. (1976). Structure of Decision: The CognitiveMaps of Political Elites, Princeton University Press, New York, NY.Search in Google Scholar

Baudrit, C., Dubois, D. and Guyonnet, D. (2006). Joint propagation and exploitation of probabilistic and possibilistic information in risk assessment, IEEETransactions on Fuzzy Systems 14(5): 593-608.10.1109/TFUZZ.2006.876720Search in Google Scholar

Birolini, A. (2000). Reliability Engineering: Theory and Practice, 3rd Edn., Springer-Verlag, Berlin.Search in Google Scholar

Bowles, J.B. and Wan, C. (2001). Software failure modes and effects analysis for a small embedded control system, Proceedings of the Annual Reliability and MaintainabilitySymposium, Philadelphia, PA, USA, pp. 1-6.Search in Google Scholar

Cervesato, I. and Meadows, C. (2003). Fault-tree representation of NPATRL security requirements, Proceedings of the 3rdWorkshop on Issues in the Theory of Security, Warsaw,Poland, pp. 1-10.Search in Google Scholar

Chen, X.Z. (2006). Hierarchical threat assessment and quantitative calculation method of network security threatening state, Journal of Software 17(4): 885-897.10.1360/jos170885Search in Google Scholar

Chiang, F. and Braun, R. (2007). Self-adaptability and vulnerability assessment of secure autonomic communication networks, Proceedings of the 10thAsia-Pacific Conference on Network Operations andManagement Symposium: Managing Next GenerationNetworks and Services, APNOMS’07, Sapporo, Japan, pp. 112-122.Search in Google Scholar

Craft, R., Vandewart, R., Wyss, G. and Funkhouser, D. (1998). An open framework for risk management 1, 21st NationalInformation Systems Security Conference, Arlington, VA,USA.Search in Google Scholar

Eom, J.-H., Park, S.-H., Han, Y.-J. and Chung, T.-M. (2007). Risk assessment method based on business process-oriented asset evaluation for information system security, Proceedings of the 7th International Conferenceon Computational Science, Beijing, China, pp. 1024-1031.Search in Google Scholar

Guttman, B. and Roback, E.A. (1995). An introduction to computer security: The NIST handbook, Security800(12): 1-290.10.6028/NIST.SP.800-12Search in Google Scholar

Hagiwara, M. (1992). Extended fuzzy cognitive maps, Proceedingsof the IEEE International Conference on Fuzzy Systems,San Diego, CA, USA, pp. 795-801.Search in Google Scholar

Han, Y.-J., Yang, J.S., Chang, B.H., Na, J.C. and Chung, T.-M. (2004). The vulnerability assessment for active networks: Model, policy, procedures, and performance evaluations, in A. Laganà, M.L. Gavrilova, V. Kumar, Y. Mun, C.J.K. Tan and O. Geruasi (Eds.), ICCSA (1), Lecture Notes in Computer Science, Vol. 3034, Springer, Berlin/Heidelberg, pp. 191-198.10.1007/978-3-540-24707-4_24Search in Google Scholar

Hoo, K.J.S. (2000). How much is enough? A risk-management approach to computer security, Working Paper, Stanford University, Stanford, CA, pp. 1-99.Search in Google Scholar

Hubbard, D. and Evans, D. (2010). Problems with scoring methods and ordinal scales in risk assessment, Journal ofResearch and Development 54(3): 1-10.10.1147/JRD.2010.2042914Search in Google Scholar

Institute for Computer Sciences and Technology (1979). Guidelinefor Automatic Data Processing Risk Analysis, National Bureau of Standards, Washington, DC.Search in Google Scholar

ISO/IEC (2011). Information technology-Security techniques-Information security risk management, Technical Report ISO/IEC 27005:2011, International Organization for Standardization, Washington, DC.Search in Google Scholar

Jetter, A. and Schweinfort, W. (2011). Building scenarios with fuzzy cognitive maps: An exploratory study of solar energy, Futures 43(1): 52-66.10.1016/j.futures.2010.05.002Search in Google Scholar

Kobylarz, D. and Danda, J. (2013). A common interface for bluetooth-based health monitoring devices, 29th SouthernBiomedical Engineering Conference (SBEC), Ho ChiMinhCity, Vietnam, pp. 153-154.Search in Google Scholar

Kosko, B. (1986). Fuzzy cognitive maps, International Journalof Machine Studies 24(1): 65-75.10.1016/S0020-7373(86)80040-2Search in Google Scholar

Kosko, B. (1992). Neural Networks and Fuzzy Systems: ADynamical Systems Approach to Machine Intelligence, Prentice Hall, Englewood Cliffs, NJ.Search in Google Scholar

Landoll, D.J. (2005). The Security Risk Assessment Handbook:A Complete Guide for Performing Security Risk Assessments, Auerbach Publications, Boca Raton, FL. 10.1201/9781420031232Search in Google Scholar

Lazzerini, B. and Mkrtchyan, L. (2011). Analyzing risk impact factors using extended fuzzy cognitive maps, IEEE SystemsJournal 5(2): 288-297.10.1109/JSYST.2011.2134730Search in Google Scholar

Maglogiannis, I., Zafiropoulos, E., Platis, A. and Lambrinoudakis, C. (2006). Risk analysis of a patient monitoring system using Bayesian network modeling, Journal of Biomedical Informatics 39(6): 637-647.10.1016/j.jbi.2005.10.00316337837Search in Google Scholar

Mikulik, J. and Zajdel, M. (2009). Automatic risk control based on FSA methodology adaptation for safety assessment in intelligent buildings, International Journal of AppliedMathematics and Computer Science 19(2): 317-326, DOI: 10.2478/v10006-009-0027-1.10.2478/v10006-009-0027-1Search in Google Scholar

Modarres, M., Kaminskiy, M. and Krivtsov, V. (1999). ReliabilityEngineering and Risk Analysis, CRC Press, New York, NY.Search in Google Scholar

Ozesmi, U. Ozesmi, S. (2004). Ecological models based on people’s knowledge: A multi-step fuzzy cognitive mapping approach, Ecological Modelling 176(1-2): 43-64.10.1016/j.ecolmodel.2003.10.027Search in Google Scholar

Papageorgiou, E.I. (2011). Learning algorithms for fuzzy cognitive maps-A review study, IEEE Transactions onSystems 42(2): 1-14.10.1109/TSMCC.2011.2138694Search in Google Scholar

Peng L.X. (2007). Model danger theory based network risk assessment, Journal of University of Electron Science andTechnology 36(6).Search in Google Scholar

Ross, R.S. (2011). Guide for conducting risk assessments, NISTSpecial Publication SP-800-30 Rev 1, September, p. 85.Search in Google Scholar

Schneier, B. (1999). Attack trees, Dr. Dobb’s Journal24(12): 21-29.Search in Google Scholar

Stamatis, D. H. (2003). Failure Mode and Effect Analysis:FMEA from Theory to Execution, ASQ Quality Press, Milwaukee, WI.Search in Google Scholar

Stathiakis, N., Chronaki, C., Skipenes, E., Henriksen, E., Charalambus, E., Sykianakis, A., Vrouchos, G., Antonakis, N., Tsiknakis, M. and Orphanoudakis, S. (2003). Risk assessment of a cardiology ehealth service in HYGEIAnet, Computers in Cardiology (CIC’2003), Cambridge,MA, USA, pp. 201-204.Search in Google Scholar

Sun, L., Srivastava, R.P. and Mock, T.J. (2006). An information systems security risk assessment model under the Dempster-Shafer theory of belief functions, Journal ofManagement Information Systems 22(4): 109-142.10.2753/MIS0742-1222220405Search in Google Scholar

Szpyrka, M., Jasiul, B., Wrona, K. and Dziedzic, F. (2013). Telecommunications networks risk assessment with Bayesian networks, in K. Saeed, R. Chaki, A. Cortesi and S.T.Wierzchon (Eds.), Computer Information Systemsand Industrial Management, Lecture Notes in Computer Sience, Vol. 8104, Springer-Verlag, Berlin, pp. 277-288.10.1007/978-3-642-40925-7_26Search in Google Scholar

Szwed, P. (2013). Application of fuzzy ontological reasoning in an implementation of medical guidelines, 6th InternationalConference on Human System Interaction (HSI), Sopot,Poland, pp. 342-349.Search in Google Scholar

Szwed, P., Skrzynski, P. and Grodniewicz, P. (2013). Risk assessment for SWOP telemonitoring system based on fuzzy cognitive maps, in A. Dziech and A. Czy˙zewski (Eds.), Multimedia Communications, Services and Security, Communications in Computer and Information Science, Vol. 368, Springer, Berlin/Heidelberg, pp. 233-247.10.1007/978-3-642-38559-9_21Search in Google Scholar

The Open Group (2012). Open Group Standard, Archimate 2.0 Specification, www.opengroup.org.Search in Google Scholar

Vesely, W.E., Goldberg, F.F., Roberts, N.H. and Haasl, D.F. (1981). Fault tree handbook, Technical Report Nureg-0492, Nuclear Regulatory Commission, Washington, DC.Search in Google Scholar

Wang Y., Zhu, A. and Zhang, J. (2011). Research on and application of the analyzing method of network security based on security case reasoning, International Conferenceon Control, Automation and Systems Engineering (CASE),Tokyo, Japan, pp. 1-4.Search in Google Scholar

Zhuang, Y., Li, X., Xu, B. and Zhou, B. (2009). Information security risk assessment based on artificial immune danger theory, Proceedings of the 2009 4th International Multi-Conference on Computing in the Global Information Technology,ICCGI’09, Cannes, France, pp. 169-174. Search in Google Scholar

ISSN:
1641-876X
Language:
English
Publication timeframe:
4 times per year
Journal Subjects:
Mathematics, Applied Mathematics
Journal RSS Feed