Muhammad Azam,Muhammad Sajjad Ali Khan,Shilin Yang

DOI: https://doi.org/10.1155/2022/9704466

2022-02-21

Journal of Mathematics

Abstract:Since intuitionistic fuzzy set only deals with uncertainty but not periodicity, therefore to overcome, this situation complex intuitionistic fuzzy set is a better tool that deals with both uncertainty and periodicity. Also, Bonferroni mean operator has the advantage of considering interrelationships between parameters, but it deals with only the crisp data. Recently, to deal with fuzzy data, many extensions of Bonferroni operators have been developed. Motivated by the CIFS and BM operators, in this paper, we proposed some Dombi Bonferroni mean operators to deal with CIF information. Dombi Bonferroni mean operators are special cases of general T-conorm and T-norm, which have the advantage of good flexibility with a general parameter. We proposed the complex intuitionistic fuzzy Dombi Bonferroni mean (CIFDBM) operator, complex intuitionistic fuzzy Dombi weighted Bonferroni mean (CIFDWBM) operator, complex intuitionistic fuzzy Dombi geometric Bonferroni mean (CIFDGBM) operator, and complex intuitionistic fuzzy Dombi weighted geometric Bonferroni mean (CIFDWGBM) operator. Some properties of the developed operators are discussed in detail, and different cases are investigated. Moreover, a multicriteria group decision-making (MCGDM) method is developed based on the proposed aggregation operators. Finally, a numerical example of information security management evaluation is given in order to demonstrate the application and effectiveness of the proposed approach. A comparative study is also conducted in order to show the advantage of the developed method.

mathematics

Xiaotong Li,Hua Li,Bingzhen Sun,Fang Wang

DOI: https://doi.org/10.3233/jifs-172097

2018-01-01

Journal of Intelligent & Fuzzy Systems

Abstract:Through advancing in information and communications technology, Smart Cities provide many potential advantages like improved energy efficiency, new economic opportunities and management methods, however the information security in the top-level design of building a quite efficient smart city is easy to be ignored and caused a huge economic losses for citizens. We focus on mining information risks of smart city from the perspective of system, identifying the key risks and determining the importance of each factor, in order to measure the risk accurately. This paper presents a failure mode and effects analysis (FMEA) method to analyze five dimensions of the information security of smart city, and assess the risks on the basis of the fuzzy set theory and the grey relational theory. Due to the problem is the risk assessment of multi-dimension for an organization information security, we present a decision model that provides an efficient framework for calculating the value of risk assessment. The results indicate that aspects of the highest importance of the information security risk of smart city are the threats in natural, contrived and physical aspects, followed by the lack of public security education and training. Through the analysis we can find out the relationship between the failure modes and the overall situation of the system, then it can distinguish the main factors which play a driving role, and the secondary factors which have less impact on the system. According to the assessment results, some suggestions are put forward to guarantee the information security of smart city. The practical application of fuzzy and grey FMEA proposed in this paper helps enhance the reliability of the prediction, and the ranking of risk factors can be used for better decision-making concerning taking measures, which in turn will make smart city safer.

Alexander A. Ganin,Phuoc Quach,Mahesh Panwar,Zachary A. Collier,Jeffrey M. Keisler,Dayton Marchese,Igor Linkov

DOI: https://doi.org/10.1111/risa.12891

2017-09-05

Risk Analysis

Abstract:Risk assessors and managers face many difficult challenges related to novel cyber systems. Among these challenges are the constantly changing nature of cyber systems caused by technical advances, their distribution across the physical, information, and sociocognitive domains, and the complex network structures often including thousands of nodes. Here, we review probabilistic and risk-based decision-making techniques applied to cyber systems and conclude that existing approaches typically do not address all components of the risk assessment triplet (threat, vulnerability, consequence) and lack the ability to integrate across multiple domains of cyber systems to provide guidance for enhancing cybersecurity. We present a decision-analysis-based approach that quantifies threat, vulnerability, and consequences through a set of criteria designed to assess the overall utility of cybersecurity management alternatives. The proposed framework bridges the gap between risk assessment and risk management, allowing an analyst to ensure a structured and transparent process of selecting risk management alternatives. The use of this technique is illustrated for a hypothetical, but realistic, case study exemplifying the process of evaluating and ranking five cybersecurity enhancement strategies. The approach presented does not necessarily eliminate biases and subjectivity necessary for selecting countermeasures, but provides justifiable methods for selecting risk management actions consistent with stakeholder and decisionmaker values and technical data.

public, environmental & occupational health,mathematics, interdisciplinary applications,social sciences, mathematical methods

Dejian Yu,Jose M. Merigo,Yejun Xu

DOI: https://doi.org/10.1002/int.21804

IF: 8.993

2016-01-01

International Journal of Intelligent Systems

Abstract:Network information system security has become a global issue since it is related to the economic development and national security. Information system security assessment plays an important role in the development of security solutions. Aiming at this issue, a dual hesitant fuzzy (DHF) group decision-making (GDM) method was proposed in this paper to assist the assessment of network information system security. A systemic index containing four aspects was established including organization security, management security, technical security, and personnel management security. The DHF group evaluation matrix was constructed based on the individual evaluation information from each expert. Some power average operator-based DHF information aggregation operators are proposed and used to fusion the performance of each criterion for information systems. The advantage of these operators is that they can describe the relationship between the indexes quantitatively. Finally, a case study about information systems security assessment was presented to verify the effectiveness of proposed GDM methods. (C) 2016 Wiley Periodicals, Inc.

Ahmed Mateen,Sana Sabir,Kareem Ullah

DOI: https://doi.org/10.48550/arXiv.1702.02442

2017-02-01

Computers and Society

Abstract:Governments all around the world are widely investing on the implementation of e government to advance services to citizens and minimize costs. Governments can progress effectiveness of their operations and can carry their administrative operations efficiently with the help of ICT. Electronic government perceived to provide a way for governments to renovate their operational activities to serve their clients more competently. With improvement in Information and Communication Technology ICT it is now time to device electronic access to government facilities to the variously located citizens. E governments all around the world have different objectives and follow different models for e government development. Present models examined and found less than satisfactory to guide e-government implementation. This research proposed a hybrid model from Citizen comprehensive vision acknowledged the civic idea and The strategic framework of e-government models. The procedure of merging different computational knowledge systems to assemble a solitary crossover show has turned out to be progressively prominent. The execution files of these mixture models have ended up being superior to the individual segments when utilized alone. To ensure that the proposed model is more efficient and beneficial a survey study conducted. Survey based on questionnaires and results calculated by applying statistics on data gathered from survey.

Ibrahim M. Hezam,Ahmed M. Ali,Karam Sallam,Ibrahim A. Hameed,Darko Božanić,Mohamed Abdel-Basset

DOI: https://doi.org/10.1063/5.0217439

IF: 1.697

2024-07-01

AIP Advances

Abstract:Integrating the metaverse technology with the transportation system has several security and privacy issues. This study assesses the 12 security solutions to select the best one to overcome security and privacy issues (such as data theft, unauthorized access, and theft of personal data) when integrating the transportation system with metaverse technology. A suggested methodology is conducted by experts and decision-makers using linguistic terms and spherical fuzzy numbers to express their opinions on evaluating the criteria and alternatives. Selecting the best security solution (alternative) is critical because it includes several conflict security criteria, such as data theft, authentication, security attacks, and others. This paper introduces a methodology for multi-criteria decision-making (MCDM) in a spherical fuzzy (SF) environment. The MCDM method dealt with various conflicting criteria, and SF dealt with uncertainty and vague information while evaluating the criteria and alternatives. The suggested methodology consists of two main phases. The first phase introduces the analytic hierarchy process (SF-AHP) method to compute the criteria weights. The second phase introduces the Weighted Aggregates Sum Product Assessment (SF-WASPAS) method to rank and select the best alternative. The results show the end-to-end authentication protocol is the best alternative (security solution). This study conducted a sensitivity analysis of the stability of the rank by changing the criteria’s weights. The sensitivity analysis results show that the end-to-end authentication protocol is the best alternative (security solution) in different cases. We compare the suggested methodology with six other MCDM methods: SF-TOPSIS, SF-VIKOR, SF-MABAC, SF-CODAS, SF-MARCOS, and SF-COPRAS to show the effectiveness of the proposed method. The results show that the presented methodology is robust compared to other MCDM methods.

materials science, multidisciplinary,physics, applied,nanoscience & nanotechnology

Ahmed I. Al-Darwish,Pilsung Choe

DOI: https://doi.org/10.1007/978-3-030-22351-9_15

2019-01-01

Abstract: Information systems support organizations to achieve strategic competitiveness over other organizations and assist senior management in the decision-making process. In addition, they help organizations in timely implementation of projects and effective risk management. A reliable and coherent Information System requires a solid security framework that ensures Confidentiality, Integrity, Availability, Authenticity and Auditability of the critical information assets; therefore, managing security is essential for organizations doing business in a globally networked and competitive environment whilst seeking to achieve their objectives and goals and ensuring the continuity of business. This paper provides an integrated framework that classifies and holistic view of challenges in Information Security Systems, and their interrelationships. The framework is expected to provide a basis that can be used to evaluate individual organizational members’ behavior and the adequateness of existing security measures.

Faramak Zandi,Madjid Tavana,David Martin

DOI: https://doi.org/10.1080/13675567.2010.550872

2011-02-01

International Journal of Logistics Research and Applications

Abstract:The rapid growth of the Internet and electronic commerce has given rise to electronic supply chain management (e-SCM) which enhances communication, coordination, and collaboration between the trading partners. However, when confronted by the range of e-SCM frameworks, organisations struggle to identify the one most appropriate to their needs. In this paper, we propose a novel fuzzy group multi-criteria method for e-SCM framework evaluation and selection. The contribution of the proposed method is fourfold: (1) it addresses the gaps in the SCM literature on the effective and efficient assessment of the e-SCM frameworks; (2) it is grounded in the excellence model introduced by the European Foundation for Quality Management; (3) it provides a comprehensive and systematic framework that combines real options analysis and the analytic hierarchy process with a group Electre method; and (4) it considers fuzzy logic and fuzzy sets to represent ambiguous, uncertain, or imprecise information. We also present the results of a real-world case study to demonstrate the applicability of the proposed framework and exhibit the efficacy of the procedures and the algorithms. We show that the proposed framework can help a group of decision makers to think systematically by decomposing the alternative evaluation process into manageable steps and integrating the results to arrive at a solution consistent with managerial goals and objectives. The analysis of this case study allows for the articulation of a series of key factors that can be considered important in contributing to the successful implementation of the e-SCM framework. The first element is getting the key people on board. The second factor is building internal alliances. The third key ingredient is the persistent and systematic process put in place to evaluate the e-SCM success.

management

Liang Liang,Peng Wang,Lin Tan

2013-01-01

Disaster Advances

Abstract:The comprehensive evaluation of information security risk is the key for executives in complex organizations to make macro decisions. Modern organizations have complicated structures and many levels. In addition, the influencing factors of organizing information security risk involve techniques, staffs and management. Under consideration of uncertainty on decision information, an improved fuzzy multi-criteria decision method is proposed. It combines fuzzy mathematics with partitioning method of space region, and provides a computing method for criteria weights by fusing criterion, thus to realize the comprehensive evaluation of organizing information security risk. Finally, an example of information security risk management for some large joint research project is taken to illustrate the guidance for actual work by the proposed method.

Irfan Syamsuddin

DOI: https://doi.org/10.5120/12120-8242

2013-10-12

Abstract:Information security plays a significant role in recent information society. Increasing number and impact of cyber attacks on information assets have resulted the increasing awareness among managers that attack on information is actually attack on organization itself. Unfortunately, particular model for information security evaluation for management levels is still not well defined. In this study, decision analysis based on Ternary Analytic Hierarchy Process (T-AHP) is proposed as a novel model to aid managers who responsible in making strategic evaluation related to information security issues. In addition, sensitivity analysis is applied to extend our analysis by using several "what-if" scenarios in order to measure the consistency of the final evaluation. Finally, we conclude that the final evaluation made by managers has a significant consistency shown by sensitivity analysis results.

Computers and Society,Cryptography and Security

Ghous Ali,Muhammad Nabeel,Adeel Farooq

DOI: https://doi.org/10.1007/s10115-024-02132-4

IF: 2.7

2024-06-16

Knowledge and Information Systems

Abstract:Due to the quick advancement of computer technology, the relevance of information has increased significantly for the banking sector. Protecting information security has consequently become a top priority for all banks. To solve this problem, a unique strategy is provided that extends an outranking technique named "ELiminating Et Choice Translating REality (ELECTRE)" in the context of a spherical cubic fuzzy (SCF) environment. The suggested SCF-ELECTRE-I technique employs concordance and discordance sets, as well as a directed decision graph to determine the optimal option. Accordingly, based on score and accuracy levels, three types of concordance and discordance sets are established, that is, weak, mid-range, and strong. Moreover, a multi-criteria group decision-making (MCGDM) strategy is proposed for evaluating online banking security concerns by integrating these sets as an application of our suggested method. Finally, a comparison is conducted with a few existing symmetrical approaches in order to confirm its validity and dependability.

computer science, information systems, artificial intelligence

Ahmed S. Alfakeeh,Abdulmohsen Almalawi,Fawaz Jaber Alsolami,Yoosef B. Abushark,Asif Irshad Khan,Adel Aboud S. Bahaddad,Alka Agrawal,Rajeev Kumar,Raees Ahmad Khan

DOI: https://doi.org/10.32604/cmc.2022.020146

2022-01-01

Abstract:Security is an important component in the process of developing healthcare web applications. We need to ensure security maintenance; therefore the analysis of healthcare web application's security risk is of utmost importance. Properties must be considered to minimise the security risk. Additionally, security risk management activities are revised, prepared, implemented, tracked, and regularly set up efficiently to design the security of healthcare web applications. Managing the security risk of a healthcare web application must be considered as the key component. Security is, in specific, seen as an add-on during the development process of healthcare web applications, but not as the key problem. Researchers must ensure that security is taken into account right from the earlier developmental stages of the healthcare web application. In this row, the authors of this study have used the hesitant fuzzy-based AHP-TOPSIS technique to estimate the risks of various healthcare web applications for improving security-durability. This approach would help to design and incorporate security features in healthcare web applications that would be able to battle threats on their own, and not depend solely on the external security of healthcare web applications. Furthermore, in terms of healthcare web application's security-durability, the security risk variable is measured, and vice versa. Hence, the findings of our study will also be useful in improving the durability of several web applications in healthcare.

Baowen Zhang,Jing Zhang,Ning Zhou,Mingang Chen

DOI: https://doi.org/10.1007/978-3-540-71549-8_28

2007-01-01

Abstract:Disaster prevention and recovery is an important branch of security informatics. People need to investigate the disaster prevention and recovery capacity of information systems in order to make them more robust. In this paper we propose a framework to evaluate the disaster defense ability of information systems. In the research a hierarchy of criterions is built up which covers both the disaster prevention ability and the disaster recovery ability. And a fuzzy assessment method is designed to fit the evaluating process. We also develop a software tool based on the framework to assist the information security evaluators.

Wajdi Alhakami

DOI: https://doi.org/10.3390/pr11051366

IF: 3.5

2023-04-30

Processes

Abstract:Numerous cyberattacks on connected control systems are being reported every day. Such control systems are subject to hostile external attacks due to their communication system. Network security is vital because it protects sensitive information from cyber threats and preserves network operations and trustworthiness. Multiple safety solutions are implemented in strong and reliable network security plans to safeguard users and companies from spyware and cyber attacks, such as distributed denial of service attacks. A crucial component that must be conducted prior to any security implementation is a security analysis. Because cyberattack encounters in power control networks are currently limited, a comprehensive security evaluation approach for power control technology in communication networks is required. According to previous studies, the challenges of security evaluation include a power control process security assessment as well as the security level of every control phase. To address such issues, the fuzzy technique for order preference by similarity to ideal solution (TOPSIS) based on multiple criteria decision-making (MCDM) is presented for a security risk assessment of the communication networks of energy management and control systems (EMCS). The methodology focuses on quantifying the security extent in each control step; in order to value the security vulnerability variables derived by the protection analysis model, an MCDM strategy incorporated as a TOPSIS is presented. Ultimately, the example of six communication networks of a power management system is modelled to conduct the security evaluation. The outcome validates the utility of the security evaluation.

engineering, chemical

Zhaoxi Hong,Yixiong Feng,Zhiwu Li,Yong Wang,Hao Zheng,Zhongkai Li,Jianrong Tan

DOI: https://doi.org/10.1016/j.future.2019.02.046

IF: 7.307

2019-01-01

Future Generation Computer Systems

Abstract:Energy Internet represents a critical breakthrough which is regarded as the synthetic product of information communication technologies and energy technologies. It is highly conducive to providing possible solutions for transforming energy management methods, reducing carbon emissions and achieving sustainable development. The extensive attention of scholars has been drawn to the progress of Energy Internet. However, the multi-objective optimisation and multi-criteria decision making (MCDM) for Energy Internet considering uncertainty still has some problems. (1) The actual number of optimisation objectives for Energy Internet design is more than two so that it is difficult to adopt conventional intelligence algorithms to solve it. (2) Most intelligence algorithms for double-objective optimisation model are not desirable. (3) The MCDM process of Energy Internet is not considered systematically. To solve these problems, an integrated approach combining improved great deluge algorithm (GDA), evidence reasoning (ER), interval algorithm, and fuzzy grey correlation analysis for multi-objective optimisation and MCDM of Energy Internet considering uncertainty is proposed in this paper. The practicality and effectiveness of the proposed approach are illustrated by a visual case study of Energy Internet design.

Muhammad Shakaib Akram,Aneela Malik

DOI: https://doi.org/10.1145/2307729.2307740

2012-01-01

Abstract:To encompass the multi-dimensional nature of e-government systems the current study presents a framework of citizens' adoption of e-government services by integrating technology acceptance and information systems success literature along with citizens' attitudinal beliefs. In the proposed framework, it has been posited that the qualities of e-government websites such as perceived system quality, perceived information quality and perceived service quality influence adoption of e-government services, by citizens, directly and indirectly through perceived ability to use, perceived functional benefit, trust in the medium, trust in the government and user satisfaction. We have used Structural equation modeling to test the proposed hypotheses. We find evidence that the effect of perceived information quality and perceived system quality on adoption of e-government services is totally mediated by perceived ability to use, perceived functional benefit, trust in medium, trust in government and user satisfaction. Moreover, we find significant effect of gender, education level, experience with internet and with e-government websites on citizens' adoption of e-government services. We expect that in developing countries, the findings will be useful for practitioners and implementers of e-government. These will help them in designing and implementing policies and strategies which will increase the adoption rate of e-government services. This will also help reduce confusions in the minds of citizens regarding e-government adoption.

Irfan Syamsuddin,Junseok Hwang

DOI: https://doi.org/10.48550/arXiv.1007.0302

2010-07-02

Computers and Society

Abstract:Changes in technology have resulted in new ways for bankers to deliver their services to costumers. Electronic banking systems in various forms are the evidence of such advancement. However, information security threats also evolving along this trend. This paper proposes the application of Analytic Hierarchy Process (AHP) methodology to guide decision makers in banking industries to deal with information security policy. The model is structured according aspects of information security policy in conjunction with information security elements. We found that cultural aspect is valued on the top priority among other security aspects, while confidentiality is considered as the most important factor in terms of information security elements.

Haider Abbas,Christer Magnusson,Louise Yngstrom,Ahmed Hemani

DOI: https://doi.org/10.1108/09685221111115836

2011-03-22

Abstract:Purpose The purpose of this paper is to address three main problems resulting from uncertainty in information security management: dynamically changing security requirements of an organization; externalities caused by a security system; and obsolete evaluation of security concerns. Design/methodology/approach In order to address these critical concerns, a framework based on options reasoning borrowed from corporate finance is proposed and adapted to evaluation of security architecture and decision making for handling these issues at organizational level. The adaptation as a methodology is demonstrated by a large case study validating its efficacy. Findings The paper shows through three examples that it is possible to have a coherent methodology, building on options theory to deal with uncertainty issues in information security at an organizational level. Practical implications To validate the efficacy of the methodology proposed in this paper, it was applied to the Spridnings‐och Hämtningssystem (SHS: dissemination and retrieval system) system. The paper introduces the methodology, presents its application to the SHS system in detail and compares it to the current practice. Originality/value This research is relevant to information security management in organizations, particularly issues on changing requirements and evaluation in uncertain circumstances created by progress in technology.

YAN Qiang,SHU Huaying,CHEN Zhong,DUAN Yunsuo

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.02.045

2006-01-01

Abstract:Security elements evaluation is a primary problem of information system security evaluation. However the security elements defined in evaluation standard GB 17859 are abstract and hard to measure directly. It has become an urgent task to establish an understandable and practicable evaluation method for security elements. Based on the research and development process of security evaluation tools, this paper introduces the factor-criteria-metrics-evidence (FCME) model, which is used in security elements evaluation process, and discusses the implementation of the model.

Abobakr Sultan,Khalid A. AlArfaj,Ghassan A. AlKutbi

DOI: https://doi.org/10.1108/17515631211286146

2012-11-02

Business Strategy Series

Abstract:The purpose of this paper is to warrant the success of applying information and communications technology (ICT) in e‐government projects, particularly in developing countries, through risk management and modeling of multi‐decision situation. This analytical approach would lead to effective and efficient management of e‐government projects. Risk management showed that other than information security risk, failures are common in e‐Government projects due to other factors particularly in most parts of developing countries. The problem is a complex multidimensional situation, since project mangers are usually faced with critical diverse decisions and alternatives from which to choose. Employing the multivariate technique of the analytic hierarchy process (AHP) allowed decision makers to implement the most important and efficient actions for successful e‐Government projects. The difficulty of e‐government projects is further complicated due to its compound multi‐attribute environment, considerable economic loss, and mal‐distribution of causes of failure. Using the AHP approach, e‐government case study revealed that – for e‐government success – the decision maker should tackle the highest influence of ICT skill issue because it is of more value than other alternatives: specifically twice, three times, and eight times more than, respectively, culture, leadership, and technology. This case study can provide an understanding into the risks and multi‐decision problem of e‐government projects success. Rather than disastrous subjective decisions, a systematic approach using AHP offered decision makers a rational answer to what are the highest priority obstacles to tackle to safe guard against failure of e‐government projects.