Thiago Poleto

A multidimensional approach to information security risk management using FMEA and fuzzy theory

We proposed an approach to information security risk management, encompassing Failure Mode and Effects Analysis (FMEA) and fuzzy theory.This approach analyses five dimensions of information security.A numerical application was undertaken. Because of the evolution and widespread use of the Internet, organisations are becoming more susceptible to attacks on Information Technology Systems. These attacks result in data losses and alterations, and impact services and business operations. Therefore, to minimise these potential failures, this paper presents an approach to information security risk management, encompassing Failure Mode and Effects Analysis (FMEA) and fuzzy theory. This approach analyses five dimensions of information security: access to information and systems, communication security, infrastructure, security management and secure information systems development. To illustrate the proposed model, it was applied to a University Research Group project. The results show that the most important aspects of information security risk are communication security, followed by infrastructure.

Information security risk analysis model using fuzzy decision theory

A risk analysis model for information security was proposed.The model is based on fuzzy decision theory.A taxonomy of events and scenarios using ETA methodology was developed.Alternatives can be ranked based on the criticality of the risk.The model provides information regarding the criticality causes of attacks.Results show that deliberate external database attack is the most risky alternative. This paper proposes a risk analysis model for information security assessment, which identifies and evaluates the sequence of events - referred to as alternatives - in a potential accident scenario following the occurrence of an initiating event corresponding to abuses of Information Technology systems. In order to perform this evaluation, this work suggests the use of Event Tree Analysis combined with fuzzy decision theory. The contributions of the present proposal are: the development of a taxonomy of events and scenarios, the ranking of alternatives based on the criticality of the risk, considering financial losses, and finally, the provision of information regarding the causes of information system attacks of highest managerial relevance for organizations. We included an illustrative example regarding a data center aiming to illustrate the applicability of the proposed model. To assess its robustness, we analyzed twelve alternatives considering two different methods of setting probabilities of the occurrence of events. Results showed that deliberate external database services attack represent the most risky alternative.

The Roles of Big Data in the Decision-Support Process: An Empirical Investigation

The decision-making process is marked by two kinds of elements: organizational and technical. The organizational elements are those related to companies’ day-to-day functioning, where decisions must be made and aligned with the companies’ strategy. The technical elements include the toolset used to aid the decision making process such as information systems, data repositories, formal modeling, and analysis of decisions. This work highlights a subset of the elements combined to define an integrated model of decision making using big data, business intelligence, decision support systems, and organizational learning all working together to provide the decision maker with a reliable visualization of the decision-related opportunities. The main objective of this work is to perform a theoretical analysis and discussion about these elements, thus providing an understanding of why and how they work together.

Information technology outsourcing relationship integration: a critical success factors study based on ranking problems (P.γ) and correlation analysis

Information technology (IT) outsourcing is an interesting alternative for companies that want to obtain certain benefits by delegating IT activities to a provider to keep their focus on their core activities. This outsourcing involves a process that begins with the provider selection, passing through a series of negotiations, and reaching the definition of a contract, which will guide and delimitate the execution of activities, the interaction, and the relationship between the involved parties. To ensure the success of this relationship, several factors under contractual and relational governances have been defined in the literature. This work aims to corroborate the importance of literature findings about contractual aspects and critical success factors by presenting a ranking and correlation analysis and emphasize that companies may use these factors as criteria to improve their outsourcing relationships by developing a partnership status. To meet this objective, we established the main aspects and factors based on the literature, resulting in specific sets. Then, a survey was conducted with outsourcers and providers in the Recifes IT pole (Pernambuco, Brazil) to collect data and determine the relative importance and correlations between the elements of these sets using a methodology based on ranking problems (P.γ) and nonparametrical correlation analysis.

The Full Knowledge of Big Data in the Integration of Inter-Organizational Information: An Approach Focused on Decision Making

Big Data is a radical shift or an incremental change for the existing digital infrastructures, that include the toolset used to aid the decision making process such as information systems, data repositories, formal modeling, and analysis of decisions. This work aims to provide a theoretical approach about the elements necessary to apply the big data concept in the decision making process. It identifying key components of the big data to define an integrated model of decision making using data mining, business intelligence, decision support systems, and organizational learning all working together to provide decision support with a reliable visualization of the decision-related opportunities. The concepts of data integration and semantic also was explored in order to demonstrate that, once mined, data must be integrated, ensuring conceptual connections and bequeathing meaning to use them appropriately for problem solving in decision.

Analysis of IT Outsourcing Services Failures Based on an Existing Risk Model

Outsourcing services have been one of the strategic measures adopted with regard to directing the focus of a company to its core business. However, companies which try to adopt Information Technology outsourcing have been faced with several threats. Therefore, the purpose of this paper is to show the applicability of an existing risk management model to deal with uncertainties in outsourcing services. The main idea is to combine Failure Modes and Effect Analysis (FMEA) with Fuzzy Logic to detect which of the different dimensions considered is more likely to fail. To show the applicability of the model, a hypothetical example was conducted with the knowledge of an expert. The result of the model is important as this will assist managers in preventing potential failures.

Selection of a Business Process Management system: An analysis based on a Multicriteria problem

Business Process Management (BPM) is known as a management approach that uses tools and methods to support business process analysis, project and control in an efficient manner. A prominent means by which to ensure the success of BPM is by using Information Technology (IT) tools as Business Process Management Systems (BPMS). However, the selection of a BPMS is not an easy task since there are several different types of systems, and each has its own specific characteristics. Due to the complexity of the problem, a systematic proposal, based on Multicriteria Decision Aid, is put forward for selecting BPMS considering the needs of a given organization. In order to illustrate the applicability of the proposal, two cases studies were developed, together with two different IT experts, which provided satisfactory results and evidence that the proposal is appropriate for this kind of problem.

Group Decision Approach to Adopt Green IT Practices Based on S.W.O.T Analysis

Green Information Technology - IT - refers to IT practices and products that seek to prevent pollution and sustain development. By implementing Green IT practices, organizations can reduce the amount of energy spent and develop efficient technology products. However, the decision by an organization to adopt green IT is based on several considerations. Thus, this article puts forward an approach to support the decision process of adopting Green IT practices by group decision. Given this objective, SWOT analysis is an essential tool for strategic decision-making. It also combines the use of a multicriteria method with integer programming to support this process. Finally, a hypothetical case is presented in order to illustrate the applicability of the model.

Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory

Abstract Cybersecurity, which is defined as information security aimed at averting cyberattacks, which are among the main issues caused by the extensive use of networks in industrial control systems. This paper proposes a model that integrates fault tree analysis, decision theory and fuzzy theory to (i) ascertain the current causes of cyberattack prevention failures and (ii) determine the vulnerability of a given cybersecurity system. The model was applied to evaluate the cybersecurity risks involved in attacking a website, e-commerce and enterprise resource planning (ERP), and to assess the possible consequences of such attacks; we evaluate these consequences, which include data dissemination, data modification, data loss or destruction and service interruption, in terms of criteria related to financial losses and time for restoration. The results of the model application demonstrate its usefulness and illustrate the increased vulnerability of e-commerce to cybersecurity attacks, relative to websites or ERP, due partly to frequent operator access, credit transactions and users’ authentication problems characteristic of e-commerce.

The Main Critical Success Factors of Contractual and Relational Governances in Outsourcing Relationships

The relationship between organizations involved in Information and Communication Technology Outsourcing is a key factor for the success of the provision of services. When all parties involved work together, they achieve a high level of cooperation and create a partnership marked by mutual trust and intensive exchange of experiences and knowledge sharing. This work aims to present the results of a survey conducted in one of the greatest information and communication technology poles of Brazil. Several concepts related to contractual and relational governances in outsourcing were identified and allocated within two sets of constructs. Finally, Spearman’s correlation tests were performed to check the strength of the correlations within each set.