Pamela R. McCauley-Bell

Fuzzy modeling and analytic hierarchy processing to quantify risk levels associated with occupational injuries. I. The development of fuzzy-linguistic risk levels

This paper presents the Part I in a two-phase research project to develop a fuzzy-linguistic expert system for quantifying and predicting the risk of occupational injury, specifically, cumulative trauma disorders of the forearm and hand. This aspect of the research focuses on the development and representation of linguistic variables to qualify risk levels. These variables are then quantified using fuzzy-set theory, thus allowing the model to evaluate qualitative and quantitative data. These linguistic risk variables may be applied to other potentially hazardous environments. The three phases of the knowledge acquisition and variable development are covered, as well as the feasibility of the linguistic variables.

Evaluation of the human impact of password authentication practices on information security

Introduction The increase in computing and networking expansion as well as increases in threats have enhanced the need to perpetually manage information security within an organization. Although there is literature addressing the human side of information security, events such as 9/11 and the war on terrorism has created more of a burden for organizations, government and private industry, enhancing the need for more research in information security. Carnegie Mellons Computer Emergency Response Team (2004) has collected statistics showing that 6 security incidents were reported in 1988 compared to 137,529 in 2003. A survey by the Federal Bureau of Investigation (FBI) suggested that 40% of organizations surveyed claimed that system penetrations from outside their organization have increased from the prior year by 25% (Ives, Walsh, & Schneider, 2004). The U.S. Department of Homeland Security (2002) is concerned with the need for information security measures. Therefore, the Federal Information Security Management Act of 2002 was put into place for the purposes of protecting information and systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality, and availability of information. The government has an information security responsibility ranging from protecting intelligence information to issuing social security numbers for each citizen. Private industry must also be concerned with information security as it is vital for the livelihood of any company to protect customers personal information along with the management of each companys supply chain (Olivia, 2003). Earlier research identified the presence of human error risks to the security of information systems (Wood & Banks 1993, Courtney as cited in NIST, 1992). A survey conducted by one of the authors, identified password issues as the second most likely human error risk factor to impact an information system. The significance of this is enhanced when realizing that passwords are the primary source of user authentication for the majority of personal and private information systems. The past research findings of password issues as a human error risk factor has been further identified as a threat to security by the University of Findlay Center for Terrorism Preparedness (2003), who developed a vulnerability assessment methodology to better help organizations identify their weaknesses in terms of information security. Extensive password requirements can overload human memory capabilities as the number of passwords and their complexity level increases. The exponential growth in security incidents (Carnegie Mellon Computer Emergency Response Team, 2004) requires a comprehensive approach to the development of password guidelines which do not exceed human memory limitations yet maintain strength of passwords as necessitated by the information technology (IT) community. The IT community consists of network administrators or security officers who are directly responsible for information security in terms of integrity, confidentiality, and availability of information. In earlier investigations, over 50% of incidents that occur within government and private organizations have been connected to human errors (NIST, 1992). The impact of human error on information security is an important issue that left unresolved can have adverse affects on industry. This research is focused on measuring the impact of password demands as a means of authentication and mitigating the risks that result when these demands exceed human capabilities. Literature Review Information Security Information security involves making information accessible to those who need the information, while maintaining integrity and confidentiality. The three categories that are used to classify information security risks are confidentiality, integrity, and accessibility or availability of information (U. …

Fuzzy modeling and analytic hierarchy processing-means to quantify risk levels associated with occupational injuries. II. The development of a fuzzy rule-based model for the prediction of injury

This paper presents the second phase in a two-part research project to develop a fuzzy rule-based expert system for predicting occupational injuries of the forearm and hand. Analytic hierarchy processing (AHP) is used to assign relative weights to the identified risk factors. A fuzzy rule base is constructed with all of the potential combinations for the given factors. The input parameters are linguistic variables obtained in the first part of the research. These inputs are fuzzified and defuzzified to provide two system outputs: a linguistic value and a numeric value as a prediction of injury. The system provides linguistic risk levels as well as quantified risks in assessing the overall risk of injury. The system evaluation was conducted resulting in calculations for Type I and Type II errors. The contributions and limitations of the system are discussed.

An Evaluation of Municipal Solid Waste Composition Bias Sources

The University of Central Florida (UCF) was contracted by the Florida Center for Solid and Hazardous Waste Management (FCSHWM) to develop a well-defined methodology for conducting municipal solid waste composition studies. This methodology must account for the statistical variations in waste composition, be economical and practical in implementation, and build on a consensus of waste management professionals. This paper identifies possible sources of bias in waste composition study results and provides guidance for future planning of local waste stream composition analysis. To accomplish this objective, a composition study was designed and implemented for Marion County, FL, in fall 1996. The potential sources of concern investigated in detail were sample weight and contamination. The methodology developed by UCF is statistically valid and if widely implemented would provide a better representation of the waste stream. Lack of contamination adjustment is a major contributor to error in the waste stream analysis and should be accounted for in the methodology. For sample sorts using a large number of categories, sample size may be a contributor to bias. This likelihood for bias can be reduced by increasing the sample weight to at least200 kg, particularly when sorting commercial loads or reducing the number of categories.

Intelligent agent characterization and uncertainty management with fuzzy set theory: a tool to support early supplier integration

This research performed an analysis of the existing categories for agent classification and characterization. The methodology developed fuzzy set theory based intelligent agents designed to promote integration of suppliers into the early stages of product development. The first stage in the project personified the anticipated agents by giving them roles that correlated with humanistic tendencies or professions. The project produced a multidimensional profile for agents by providing an analysis of three personality traits: aggressiveness, attractiveness, and vulnerability. The value associated with each of these traits is obtained through different functions which consider the degree of anticipated interaction between the agent, other agents, and the external environment. Further, the types of uncertainty associated with decision making are identified and assigned. The personality traits are used to describe the expected behavior of the agent and are assigned at the initiation o f a given task. Conversely, the measures of uncertainty are invoked at the completion of the task to provide a series of metrics related to the quality of information or task performed. The developed generic fuzzy intelligent agent model was programmed into two of the types of agents using JAVA. The agents successfully communicated with each other while permitting examination of the uncertainty. The result of the methodology is the creation of a frame that can be used to develop multiple fuzzy agents. Further, this research presents one of the first instantiations of a fuzzy agent. Finally, a hypothetical application of these agents is proposed to support architectural innovation in product development. This example promotes early supplier integration into the product development phase through the use of electronic communication and management of the interactions through intelligent agents. The details of computer programming are left for presentation in a succeeding article.

Techniques and Applications of Fuzzy Theory in Quantifying Risk Levels in Occupational Injuries and Illnesses

Publisher Summary The creation of predictive models for occupational injuries and illnesses is often hampered by the variability associated with human anthropometry and performance, because traditional modeling techniques often experience difficulties, when trying to identify the onset of injuries and illnesses—particularly with cumulative trauma disorders (CTDs). This chapter provides an overview of the applicability of fuzzy set theory to modeling risks of occupational injuries and illnesses. The techniques presented in this chapter represent an evolution in the modeling of occupational injuries. The ability to model these injuries in a manner that is commensurate with their occurrence is attainable with the tools of fuzzy set theory. Fuzzy modeling is a very appropriate tool because of its ability to accommodate the variability, use linguistic variables, and provide quantitative outputs. However, future application and evaluation of these guidelines will be useful in determining the long term usefulness of this methodology.

Development of a Model for Determining the Impact of Password Authentication Practices on Information Security

This research focuses on the development of a model for evaluating the human impact that password authentication issues are having on the security of information systems. Through observational analysis, organizational policy, and retrospective analysis, researchers created a model for predicting the vulnerability that a particular set of conditions will have on the likelihood of error in an information system. The methodology for the experiment and analysis of the results are presented. The findings indicate that human error associated with password authentication can be significantly reduced through the use of passwords which are comprised of meaningful data for the user and which meet the information technology community requirement for strength of password. The details of this study are provided as well as the human factors implications in information security.

A model to predict accommodations needed by disabled persons

In this paper, several approaches to assist employers in the accommodation process for disabled employees are discussed and a mathematical model is proposed to assist employers in predicting the accommodation level needed by an individual with a mobility-related disability. This study investigates the validity and reliability of this model in assessing the accommodation level needed by individuals utilizing data collected from twelve individuals with mobility-related disabilities. Based on the results of the statistical analyses, this proposed model produces a feasible preliminary measure for assessing the accommodation level needed for persons with mobility-related disabilities. Suggestions for practical application of this model in an industrial setting are addressed.