| Article ID | Journal | Published Year | Pages | File Type |
|---|---|---|---|---|
| 1025605 | International Journal of Information Management | 2014 | 8 Pages |
•We proposed an approach to information security risk management, encompassing Failure Mode and Effects Analysis (FMEA) and fuzzy theory.•This approach analyses five dimensions of information security.•A numerical application was undertaken.
Because of the evolution and widespread use of the Internet, organisations are becoming more susceptible to attacks on Information Technology Systems. These attacks result in data losses and alterations, and impact services and business operations. Therefore, to minimise these potential failures, this paper presents an approach to information security risk management, encompassing Failure Mode and Effects Analysis (FMEA) and fuzzy theory. This approach analyses five dimensions of information security: access to information and systems, communication security, infrastructure, security management and secure information systems development. To illustrate the proposed model, it was applied to a University Research Group project. The results show that the most important aspects of information security risk are communication security, followed by infrastructure.
