Maisa Mendonça Silva

A multidimensional approach to information security risk management using FMEA and fuzzy theory

We proposed an approach to information security risk management, encompassing Failure Mode and Effects Analysis (FMEA) and fuzzy theory.This approach analyses five dimensions of information security.A numerical application was undertaken. Because of the evolution and widespread use of the Internet, organisations are becoming more susceptible to attacks on Information Technology Systems. These attacks result in data losses and alterations, and impact services and business operations. Therefore, to minimise these potential failures, this paper presents an approach to information security risk management, encompassing Failure Mode and Effects Analysis (FMEA) and fuzzy theory. This approach analyses five dimensions of information security: access to information and systems, communication security, infrastructure, security management and secure information systems development. To illustrate the proposed model, it was applied to a University Research Group project. The results show that the most important aspects of information security risk are communication security, followed by infrastructure.

Information security risk analysis model using fuzzy decision theory

A risk analysis model for information security was proposed.The model is based on fuzzy decision theory.A taxonomy of events and scenarios using ETA methodology was developed.Alternatives can be ranked based on the criticality of the risk.The model provides information regarding the criticality causes of attacks.Results show that deliberate external database attack is the most risky alternative. This paper proposes a risk analysis model for information security assessment, which identifies and evaluates the sequence of events - referred to as alternatives - in a potential accident scenario following the occurrence of an initiating event corresponding to abuses of Information Technology systems. In order to perform this evaluation, this work suggests the use of Event Tree Analysis combined with fuzzy decision theory. The contributions of the present proposal are: the development of a taxonomy of events and scenarios, the ranking of alternatives based on the criticality of the risk, considering financial losses, and finally, the provision of information regarding the causes of information system attacks of highest managerial relevance for organizations. We included an illustrative example regarding a data center aiming to illustrate the applicability of the proposed model. To assess its robustness, we analyzed twelve alternatives considering two different methods of setting probabilities of the occurrence of events. Results showed that deliberate external database services attack represent the most risky alternative.

A time series model for estimating the generation of lead acid battery scrap

Waste electrical and electronic equipment (WEEE)—also known as e-waste—is one of the fastest growing problems throughout the world, due to serious future concerns over its management and recycling. These concerns involve the release of persistent toxic substances into the environment and the lack of reliable data about the quantities of waste being generated. Lead acid batteries (LABs) are a type of WEEE with short lifecycles and toxicity. This article proposes a mathematical approach for estimating LAB scrap by combining battery lifespans and car sales data with time series modeling. The results show that the number of vehicle sales grows at a relatively low rate compared to the growth of LAB scrap generation, showing the ripple effect of waste. The main contribution of this proposal is that the time series model can be used to estimate LAB scrap generation data by utilizing car sales data and lifespan estimation.

Probabilistic Composition of Preferences in the Graph Model with Application to the New Recife Project

AbstractA multiple-criteria decision analysis approach, probabilistic composition of preferences, that takes uncertainty as expressed by probability into account, is proposed to rank states within ...

Multi-criteria analysis for municipal solid waste management in a Brazilian metropolitan area

The decision-making process involved in municipal solid waste management (MSWM) must consider more than just financial aspects, which makes it a difficult task in developing countries. The Recife Metropolitan Region (RMR) in the Northeast of Brazil faces a MSWM problem that has been ongoing since the 1970s, with no common solution. In order to direct short-term solutions, three MSWM alternatives were outlined for the RMR, considering the current and future situations, the time and cost involved and social/environmental criteria. A multi-criteria approach, based on the Preference Ranking Organization Method for Enrichment Evaluations (PROMETHEE), was proposed to rank these alternatives. The alternative that included two private landfill sites and seven transfer, sorting and composting stations was confirmed as the most suitable and stable option for short-term MSWM, considering the two scenarios for the criteria weights. Sensitivity analysis was also performed to support the robustness of the results. The implementation of separate collections would minimize the amount of waste buried, while maximizing the useful life of landfill sites and increasing the timeframe of the alternative. Overall, the multi-criteria analysis was helpful and accurate during the alternative selection process, considering the similarities and restrictions of each option, which can lead to difficulties during the decision-making process.

Analysis of IT Outsourcing Services Failures Based on an Existing Risk Model

Outsourcing services have been one of the strategic measures adopted with regard to directing the focus of a company to its core business. However, companies which try to adopt Information Technology outsourcing have been faced with several threats. Therefore, the purpose of this paper is to show the applicability of an existing risk management model to deal with uncertainties in outsourcing services. The main idea is to combine Failure Modes and Effect Analysis (FMEA) with Fuzzy Logic to detect which of the different dimensions considered is more likely to fail. To show the applicability of the model, a hypothetical example was conducted with the knowledge of an expert. The result of the model is important as this will assist managers in preventing potential failures.

Urban Planning in Recife, Brazil: Evidence from a Conflict Analysis on the New Recife Project

AbstractAn urban planning conflict, the New Recife Project (NRP), located in the city of Recife, Brazil, is analyzed by means of the Graph Model for Conflict Resolution in order to obtain strategic...

As empresas da Região Metropolitana do Recife e a exploração de SI/TI

This article presents the first results obtained with an investigation about the exploration of Information Systems (IS) and Information Technology (IT) in 37 (thirty seven) companies of the Metropolitan Area of Recife (RMR), being these in your majority deprived companies, that they act in the service branch, with medium annual billing below R

Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory

500.000,00. This exploratory study has for objective to familiarize the researchers with the reality of the use of IS/IT in this area and to allow the construction of hypotheses about theme.

A Grey Theory Based Approach to Big Data Risk Management Using FMEA

Abstract Cybersecurity, which is defined as information security aimed at averting cyberattacks, which are among the main issues caused by the extensive use of networks in industrial control systems. This paper proposes a model that integrates fault tree analysis, decision theory and fuzzy theory to (i) ascertain the current causes of cyberattack prevention failures and (ii) determine the vulnerability of a given cybersecurity system. The model was applied to evaluate the cybersecurity risks involved in attacking a website, e-commerce and enterprise resource planning (ERP), and to assess the possible consequences of such attacks; we evaluate these consequences, which include data dissemination, data modification, data loss or destruction and service interruption, in terms of criteria related to financial losses and time for restoration. The results of the model application demonstrate its usefulness and illustrate the increased vulnerability of e-commerce to cybersecurity attacks, relative to websites or ERP, due partly to frequent operator access, credit transactions and users’ authentication problems characteristic of e-commerce.