Information Security Risk Management Model for Big Data

Yang, Min

doi:https://doi.org/10.1155/2022/3383251

Advances in Multimedia

On this page

Abstract Introduction Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Advanced Pattern Recognition Systems for Multimedia Data

View this Special Issue

Research Article | Open Access

Volume 2022 | Article ID 3383251 | https://doi.org/10.1155/2022/3383251

Information Security Risk Management Model for Big Data

Min Yang¹

Academic Editor: Qiangyi Li

Received15 Jun 2022

Accepted13 Jul 2022

Published08 Aug 2022

Abstract

In the current society of rapid expansion of information, big data have achieved vigorous development in all walks of life, considerably promoting data transmission and information sharing. Meanwhile, individuals are becoming increasingly reliant on big data and the Internet, but at the same time, the threat of information security posed by big data is becoming increasingly visible. As a result, how to protect the information security of big data has piqued the interest of both government and businesses. The essence of information security management is risk management, which is closely related to each other. Therefore, this study focuses on the following two aspects of research work. On the one hand, most existing risk management models merely describe risk management in the abstract from a macro-level, and they lack research on risk assessment, making them ineffective. This research builds a novel information security risk management model on the basis of existing risk management models based on the concept of multidimensional risk management. To achieve multidimensional dynamic management of big data risks and to keep them within an acceptable range as much as possible, the model is divided into five levels and two dimensions. On the other hand, this research also optimizes and improves the fuzzy mathematical analysis method and proposes a fuzzy comprehensive assessment method as the core algorithm for the risk assessment layer in the model. As a post-event risk assessment method, the advantage of this method is that it can comprehensively consider factors affecting risk and can quantify some assessment factors in the real network to achieve an effective combination of qualitative and quantitative, thereby providing a basis for decision-making in risk analysis and risk control. Finally, the effectiveness of the risk model in the real application is verified by example analysis, and it is intended that the study work would provide assistance and assurance for big data information security management.

1. Introduction

Big data have now penetrated various fields of economic and social development, allowing everyone to benefit from the many advantages of big data and the Internet in human production and living. At the same time, as people’s demand for network data expands, the problem of information security and risk tends to grow in importance, and more and more enterprises and users are confronted with various information security threats, such as phishing websites, privacy leakage, hacker invasion, and computer viruses [1, 2]. Big data information security affects not only the efficient operation of the entire network environment but also the lives of individuals, the economic benefits of enterprises, and even the country’s security and stability. As a result of the rapid growth of big data in a variety of fields, information security issues have gained unprecedented attention. At the moment, protecting big data information security remains a major concern. On the one hand, when the volume of network data grows rapidly as a result of the development of big data, the protection of big data becomes increasingly complex. On the other hand, big data security hidden risks such as telecommunication fraud and information trafficking remain latent, driven by huge commercial interests. Furthermore, everyone’s understanding of information security is still limited to simple device protection and lacks risk management awareness. All of the reasons mentioned above have contributed to challenges in big data information security management. As a result, one of the most urgent issues in the field of information security is how to ensure the information security of big data.

Risk management is at the core of information security management [3]. To put it another way, security and risk are inextricably linked. Because risks are ubiquitous in today’s big data world, information security risk management technology based on big data emerges as the times demand. The goal of big data information security risk management is to analyze and quantify the basic data collected via the Internet in order to identify potential network risk factors. Determine the level of risk through a risk assessment method, and then implement appropriate control strategies to reduce the risk as much as possible. Finally, the level of risk is kept within a reasonable range. Information security risk management in the big data environment can systematically and comprehensively identify potential risk factors in the network and detect network security incidents in a timely manner. Furthermore, it can evaluate and assess the network’s risk posture in real time, as well as grasp the risk development pattern in a timely manner based on the assessment results, to guide risk control and improve the network’s security defensive capabilities [4]. It can be claimed that contemporary understanding of information security risk management in the context of big data has substantially increased, and the level of attention has enhanced. However, it is evident that security issues arising from big data continue to be a problem. The existing passive, ex post, and single risk management model may have an impact on this. As a result, risk management research is still very essential for big data security protection.

Risk management has emerged as one of the most frontier research topics in the field of information security today, based on the state of development of information security risk management at home and abroad. In most nations, relevant institutions and researchers have attempted active and valuable research in this topic. The literature [5] investigated the network traffic analysis method and used data mining techniques to create a network risk management model. The literature [6] constructed a risk management model consisting of four major elements: policy, detection, assessment, and response. In this model, a policy is at the core, and the other three elements restrict each other in pairs. To reduce the overhead of the model in network risk management, the literature [7] created and implemented a unique network information security management system employing three resilient network design strategies. According to the findings of the study, the majority of the existing information security risk management models follow a single design criterion. Simultaneously, risk assessment is usually focused on post-event evaluation, with no dynamic tracking or multidimensional risk analysis, which is not favorable to risk management. Most researchers now agree that risk management should be viewed as a dynamic cyclical process in which risk assessment plays a significant role. Information security risk assessment refers to the process of scientifically identifying and evaluating the confidentiality, integrity, availability, and security of information systems and the information they transmit and store [8]. Strengthening risk assessment and controlling and managing risks are the objective needs and urgent requirements of current information security work. Scholars have also conducted an extensive study on risk assessment methodologies for this purpose, resulting in a huge number of academic achievements. These achievements can be categorized into qualitative analysis methods, quantitative analysis methods, and analysis methods integrating qualitative and quantitative analysis [9, 10] based on different calculation principles. Some of the more widely used risk assessment methods are as follows: decision tree analysis [11], fault tree analysis [12], analytic hierarchy process [13], fuzzy mathematical analysis [14], matrix analysis [15], probabilistic risk assessment [16], dynamic risk probabilistic assessment [17], and cause-consequence assessment [18].

Despite the fact that the research on information security risk management has made significant progress and had a beneficial impact in the field of big data security management, there are still certain shortcomings and deficiencies. It is mainly manifested in the following aspects: first, most previous risk management models abstractly defined risk management at the macro-level and did not take into account the temporal and spatial aspects of risks in a multidimensional way. Second, the existing risk assessment methods often have certain pertinence and particularity, and the risk assessment indicators are not considered comprehensive enough. In light of the aforementioned issues, this study optimizes the construction of the risk management model and the risk assessment algorithm based on the existing risk management model to improve the reliability of big data information security management. First, this study utilizes big data to build a multidimensional information security risk management model. There are five layers and two dimensions to the model. At the macro-level, risk management is carried out in two dimensions: the temporal characteristics of risk development and the spatial characteristics of risk propagation. At the micro-level, the model is divided into five layers: multisource information layer, basic data analysis layer, risk posture assessment layer, risk posture analysis layer, and risk control layer, forming a dynamic circular structure. As a result, it achieves dynamic risk management and control while also enhancing big data security defense capabilities. Second, this study presents a qualitative and quantitative risk assessment method for the risk posture assessment layer in the model to increase the model’s reliability in big data risk management. This method has a lot of advantages when it comes to dealing with big data’s multifactor, dynamic, and complicated nature. It helps to identify risk factors in big data comprehensively and systematically, so as to reduce the risk as much as possible. Finally, examples are used to explain the calculating process of the enhanced risk assessment method, and the effectiveness of the risk management model developed in this research is demonstrated in real applications.

2.1. Content and Process of Information Security Risk Management

Information security management is a complicated and dynamic system process that seeks to preserve information’s confidentiality, integrity, and availability. Risk management in the context of information security can be thought of as a dynamic process for reducing risks over time. Its goal is to detect hidden network security threats in real time and modify security policies as needed through risk identification and risk assessment, in order to minimize risk to an acceptable level as much as feasible [19]. Therefore, as one of the basic work and core tasks of information security, the main contents of information security risk management cover several aspects of object determination, risk assessment, risk control, and check and monitor. Among them, the object determination also includes three elements of information asset identification, vulnerability identification, and threat identification. The detailed process is shown in Figure 1.

As illustrated in Figure 1, the information security risk management process mainly includes the following steps.

Step 1. Object Determination. This link mainly analyzes and quantifies the basic information collected from the information network and determines the risk management object.

Step 2. Risk Assessment. This step is mainly to identify, analyze, and evaluate the risks faced by the risk management object.

Step 3. Risk Control. Based on the results of risk assessment, the security strategy is timely adjusted and network security is strengthened during key hours to control the spread of risks.

Step 4. Check and Monitor. This step is mostly used to perform the prior three steps’ checks and monitoring. The goal of the check is to see whether the results of the previous three steps match the information network’s security criteria using technical means and whether the decision-making level approves the check results. The goal of monitoring is to ensure that the above three steps are both effective and cost-efficient.
In summary, the above steps will form a dynamic cycle when the information network generates new data or faces new risks, ensuring that the information network can continuously respond to new security requirements and risks.

2.2. Information Security Risk Management Model

At present, there is no unified identification standard for information security risk management models in the information security field. As a result, most businesses and organizations tend to develop their own risk management models based on their business goals and security requirements. However, scholars at home and abroad generally agree that the information security risk management model should be a dynamic and cyclical process. Based on this, a number of dynamic risk management models have also been generated, and the representative ones are PDCA model [20], P2DR model [21], APPDRR model [22], and PADIMEE model [23].

2.2.1. PDCA Model

The PDCA (plan-do-check-action) model is a management-oriented risk management model. When the model is applied, it is sequentially executed in the order of plan-do-check-action. Each execution of this process represents a life cycle of the model. After each cycle of the management process, the risk in the network will be improved to a corresponding degree, so as to enter the next more advanced management cycle. In this way, thanks to the repeated cycle of plan-do-check-action management process, the network’s security defense capability can be continuously optimized. The PDCA model is depicted in Figure 2.

2.2.2. P2DR Model

P2DR model is a dynamic risk management model with typical characteristics of dynamics and time, and it is currently one of the most extensively used risk management models in the field of information security. The model consists of four elements: policy, protection, detection, and response. In the P2DR model, policy is the core element, and all protection, detection, and response are implemented around the security policy, which together form a complete and dynamic security cycle process. The working process of the P2DR model is as follows: on the one hand, under the control and guidance of the overall security policy, the model uses some traditional static security technologies or methods (such as firewall, encryption, and identity authentication) to strengthen the security protection of the network. On the other hand, the vulnerability of the network itself and external threats are detected and monitored through detection tools. In response to the detected vulnerabilities and threat events, effective responses are made through feedback loops, and security policies and protection measures are adjusted in a timely manner. In this way, the risk of the network is minimized and the security of the network is enhanced. Figure 3 illustrates the P2DR model.

2.2.3. APPDRR Model

Similarly, as a dynamic risk management model, the APPDRR model reflects the dynamic spiral process of cyber security. It consists of six elements: analysis, policy, protection, detection, response, and recovery. It is worth noting that in the APPDRR model, the importance of each element is not exactly the same. For successful network protection, it is required to deploy a combination of protection tools as directed by the security policy. However, due to the rapid development of numerous intrusion technologies, network risks exist in real time, making absolute network security impossible to ensure. As a result, risk analysis is regarded as the most significant part of risk management in this model, and it occupies a central place in the model. Network managers identify and analyze the risks of security events and then utilize related security strategies and protection means to decrease or eliminate the risks according to the analysis results. The adjustment of security policy, on the other hand, will result in a change in network risk, and the cycle will repeat, producing a dynamic spiral of risk management. The APPDRR model is shown in Figure 4.

2.2.4. PADIMEE Model

The three risk management models presented above, in general, are mostly concerned with theoretical studies. As a result, it is inextricably linked to network managers’ process-oriented assistance in practice. The PADIMEE model, on the other hand, is a risk management model designed by Ann & Co. that focuses on engineering implementation. The PADIMEE model comprises policy, assessment, design, implementation, management, emergency response, and education to fundamentally reduce the risk of network systems. The seven major links listed above work together to create a continuous and circular risk management process. It should be noted that this model elevates the necessity of safety education to an unprecedented level for the first time and has done so throughout the model’s entire life cycle. This reflects the model’s emphasis on the role of people in risk management. Figure 5 displays the PADIMEE model.

3. Build a Multidimensional Dynamic Management Model of Information Security Risk for Big Data

Information security risk management for big data is a dynamic and changing process, as the generation and development of risks are not static and are easily disrupted by a variety of external factors. The research focuses on the multidimensionality and dynamics of risk and builds information security risk management model for big data. In addition, the model proposes a risk assessment method based on a fuzzy mathematical evaluation to improve the model’s dependability in big data risk management.

3.1. The Multidimensional Dynamic Management Model of Information Security Risk

To begin, risk management is adjusted at the macro-level using the two dimensions of the time development law of risks and the characteristics of risk propagation to strengthen risk management and control. Furthermore, the model is separated into five layers at the micro-level: multisource information layer, basic data analysis layer, risk posture assessment layer, risk posture analysis layer, and risk control layer, resulting in a dynamic cycle structure for risk management. Figure 6 shows the framework structure of the information security risk.

As seen in Figure 6, unlike typical risk management models, the model introduced in this study is a dynamic cyclic model. The model is divided into five layers and two dimensions. The specific working principle is that in the dimension of risk-based time development law, the five layers in the model perform five functions of network basic information collection, risk identification and quantification, risk assessment, risk timing analysis, and risk control. In the dimension of risk-based propagation characteristics, the above five layers perform the functions of information collection, risk identification and quantification, risk spatial analysis (i.e., risk propagation characteristic analysis and prediction in the intranet), and risk control of the information network, respectively. Meanwhile, in the above two dimensions, the network after adjusting the security policy will provide new data samples for the multisource data layer, and so on, in a dynamic cycle.

3.2. Risk Assessment Method Based on the Fuzzy Mathematical Evaluation

To cope with the rapidly changing network risks, this study focuses on the risk posture assessment layer in the above-constructed multidimensional dynamic management model of information security risks. The research optimizes the risk evaluation index system and presents an enhanced fuzzy risk assessment method based on the classic fuzzy mathematical evaluation method. The novel method can give dynamic data for the next layer of model management, assisting administrators in discovering security flaws and dynamically adjusting security policies in real time, thus realizing dynamic assessment of information risks. As an ex post assessment method, the working principle of the new method mainly contains the following steps: first, the set of factors and evaluation set of the assessment object are constructed. Secondly, the weight fuzzy matrix of each factor and the relationship fuzzy matrix are established to enhance the completeness of the evaluation index system. Finally, the relationship fuzzy matrix and the weight matrix of each factor are fuzzy-computed and normalized to obtain the final risk assessment value. The benefit of this is that the new method may objectify ambiguous objects in the real world, allowing for a more effective combination of qualitative and quantitative data, and thereby lowering the impact of human subjective elements on evaluation outcomes. The following is a complete description of the procedure.

3.2.1. Determine the Factor Set and Assessment Set of the Risk Management Object

Assume that A is the set of all objects to be evaluated in risk management, as shown as follows:

R = (very low, low, medium, high, very high) is defined as the set of risk levels. To facilitate the subsequent description and calculation, we first quantified the risk levels, as detailed in Table 1.

3.2.2. Build Relationship Fuzzy Matrix

A membership degree can generally be utilized to explain the fuzzy boundaries of objective items, according to fuzzy set theory [24]. The membership function can then be used to express the degree of membership. It is crucial to create a membership function for any risk evaluation factor in order to determine the relationship fuzzy matrix of the assessment object. To put it another way, all of the risk assessment factors in set A are assessed. Through their respective membership functions, the membership functions of each individual index corresponding to the five risk levels on R are produced. Consider the confidentiality factor. Assume we have a set of measured values for the factor. Then, the membership degree of each risk factor belonging to each risk level can be obtained using the membership function. Similarly, fuzzy matrices of integrity factor and availability factor can be generated. The asset factor is determined by the combination of these three components. Therefore, combining the fuzzy matrices of these three factors together, the relational fuzzy matrix of the asset factors can be obtained, whose size is 3 × 5. Finally, the three factors of asset, vulnerability, and threat together form the relational fuzzy matrix of integrated risk, which is denoted as T.

3.2.3. Construct the Weight Fuzzy Matrix

As a result, those with higher risk levels in each individual indicator should be given more weight, resulting in larger weights. Let be the weight value of each individual indicator, and W be the weight fuzzy matrix, as given as follows:

3.2.4. Fuzzy Comprehensive Evaluation

Two fuzzy matrices, the weighted fuzzy matrix W and the relational fuzzy matrix T, can be generated after single-item evaluation and weighting. The fuzzy comprehensive evaluation model is then shown as follows:where Z is the fuzzy comprehensive assessment result, which can be expressed as follows:where z_i represents the degree to which the final comprehensive assessment result belongs to the ith risk level. In this way, a final result in the form of a fuzzy assessment will be obtained. Of course, this result can also be quantized to obtain the final numerical result. Its definition is shown as follows:

The detailed steps of the method are shown in Table 2.

4. Application Example Analysis

4.1. Example Calculation

First, we introduce the application of the risk assessment method based on the fuzzy mathematical evaluation in the model in real life through an example. Assume that in the model, for the same network system, we perform a risk assessment on the set A = {assets (confidentiality, integrity, availability), vulnerabilities, threats} where the measured risk values for each factor are ((2.1,3.4,3.4),2.0,3.0).

4.1.1. Calculate the Value at Risk of the Asset Factor

Since the asset includes three factors: confidentiality, integrity, and availability, its risk value is determined by the above three factors together. The confidentiality factor is taken as an example, whose measured value is 2.1. Then, according to the principle of [a − 0.625, a + 0.625], we can obtain the corresponding membership function interval as [l.475, 2.725]. Then, the membership of this factor to each risk level in R is calculated separately, where the interval coincides with the interval [0,1] is 0, and then, its membership degree is 0. It coincides with the (l, 2] interval as 2–1.475 = 0.525, and then, its membership degree is 0.5250.8 = 0.42. The interval with (2, 3] overlaps with 2.725–2 = 0.725, and its membership degree is 0.7250.8 = 0.58. Its coincidence degree with (3, 4] interval and (4, 5] interval is 0, and its membership degree is also 0. Similarly, the membership degree of integrity factor and availability factor can be obtained for each risk level. The details are shown in Table 3.

According to the statistical results in Table 3, the relationship fuzzy matrix of assets can be obtained, as shown as follows:

Further, assuming that the weight fuzzy matrix is W = (0.4 0.3 0.3), then according to formula (3), we can obtain the following formula:

Finally, the probability that the assessment results belong to each risk level was obtained as shown in Table 4.

The results in Table 4 were further quantified to obtain the final asset risk value of 3.336 according to formula (5).

4.1.2. Determine the Risk Value of a Comprehensive Assessment

With the above calculation, we can obtain a value at risk for the asset of 3.336, and the risk assessment combination can be translated into A = (3.336, 2.0, 3.0). Based on this, we proceed below to determine the value at risk for the comprehensive assessment.

First, according to the principle of [a − 0.625, a + 0.625], the corresponding membership function interval is established according to the values of the three risk assessment factors of assets, threats, and vulnerabilities. Then, according to formulas (2), (3), and (4), the relation fuzzy matrix, weight fuzzy matrix, and final evaluation result are obtained in turn. The detailed results are shown in Tables 5 and 6, respectively.

Combined with the results in Table 6, the final risk assessment result was calculated according to formula (5) as 3.7925, which shows that the risk assessment value corresponds to a high-risk level.

4.2. Validity Analysis

Considering the impact of security measures on risk assessment, the paper adds the “uncontrollability” indicator to the existing risk evaluation index system and uses the existing weight fuzzy matrix to represent it. Assume that the first two indicators in the weight fuzzy matrix W have the same weight coefficients. Then, the impact of the indicator “uncontrollability” on risk assessment is then verified in the following six cases to improve the completeness of the risk assessment system: W1 = (0.6,0.6,0), W2 = (0.5,0.5,0.1), W3 = (0.4,0.4,0.2), W4 = (0.3,0.3,0.3), W5 = (0.2,0.2,0.4), and W6 = (0.1,0.1,0.5). Referring to the example in Section 4.1, the risk degree is quantified, and the calculation of the risk degree in different situations is obtained. The calculation results are shown in Figure 7.

As can be seen from Figure 7, when the “uncontrollability” indicator is not added, i.e., Case 1, the value of the risk degree is the largest. When the “uncontrollability” indicator is added, the value of the risk degree generally tends to decrease. This means that as the weight of the “uncontrollability” indicator becomes larger, the value of the risk degree becomes smaller. This is due to taking into account the inhibitory effect of safety measures on the formation of risks. This also proves the effectiveness of the multidimensional dynamic management model of information security risk constructed in this study in practical applications.

5. Conclusion

Big data are subverting people’s life notions and behaviors in a unique way in the current era of fragmented data. In this environment, the exchange of information and data has become increasingly popular, bringing considerable convenience to both businesses and people’s daily lives. However, information security issues brought on by big data, such as theft, trafficking of personal privacy information, and network fraud, cannot be overlooked. As a result, improving big data information security management is a crucial step to ensuring national security, promoting steady societal development, and protecting people’s interests. With the continuous promotion of national information construction process, information security risk management of big data has become a frontier topic in the field of information security research, which has attracted the high attention of the government and businesses. In this regard, to cope with the rapidly changing network risks, the study optimizes the construction of risk management model and risk assessment method based on the existing risk management model. First, taking the multidimensionality of risk assessment as the starting point, the information security risk management model is constructed to realize the multidimensional dynamic management of risks by refining the time series and spatial changes of network risks. Second, a mixed qualitative and quantitative risk assessment method is proposed for the model’s risk posture assessment layer. Finally, an example is used to demonstrate the calculation process of the improved risk assessment method, as well as the usefulness of the risk management model proposed in this research in real applications. Despite the fact that the study work in this study has progressed, there are still some aspects where it can be improved due to the enormous number of challenges involved in this field. First, the risk assessment model described in this research utilizes a fuzzy comprehensive evaluation approach, which is easily influenced by subjective elements, causing the evaluation results to be influenced. Second, during the evaluation process, the method does not completely assess the evaluation indications that affect the network risk posture, which easily leads to a lack of information in the indicator system. As a result, the risk assessment method in the model will be improved in the future to help enhance the completeness of the evaluation index system, reducing the interference of human subjective factors on the evaluation results in the assessment process and providing a data basis for the big data information security risk management work.

Data Availability

The labeled dataset used to support the findings of this study is available from the corresponding author upon request.

Conflicts of Interest

The authors declare no conflicts of interest.

Acknowledgments

This study was sponsored by Chongqing City Vocational College.

References

P. Kumar, A. Fatima, and N. K. Nishchal, “Arbitrary vector beam encoding using single modulation for information security applications,” IEEE Photonics Technology Letters, vol. 33, no. 5, pp. 243–246, 2021.
View at: Publisher Site | Google Scholar
R. Pandey, S. Shrivastava, S. Rathore, and M. C. Tripathi, “Risk management framework for educational institutions in tackling veiled relationship violence among students,” The International Journal of Indian Psychology, vol. 9, no. 1, pp. 1915–1921, 2021.
View at: Google Scholar
M. Lundgren, “Rethinking capabilities in information security risk management: a systematic literature review,” International Journal of Risk Assessment and Management, vol. 23, no. 2, p. 169, 2020.
View at: Publisher Site | Google Scholar
J. Yoo, S. Moon, and J. H. Moon, “Ransomware threat countermeasures for the defense information system:in terms of information security risk management[J],” Journal of Information Security, vol. 20, no. 5, pp. 75–80, 2020.
View at: Publisher Site | Google Scholar
E. Bergstroem, M. Lundgren, and A. Ericson, “Revisiting information security risk management challenges:a practice perspective,” Information Management & Computer Security, vol. 27, no. 3, pp. 358–372, 2019.
View at: Google Scholar
M. Brunner, C. Sauerwein, M. Felderer, and R. Breu, “Risk management practices in information security:exploring the status quo in the DACH region,” Computers & Security, vol. 92, p. 101776, 2020.
View at: Publisher Site | Google Scholar
F. R. Bilcan, I. A. Ghibanu, I. I. Bratu, and G. A. Bilcan, “The relationship between internal control and security risk management,” Academic Journal of Economic Studies, vol. 5, no. 4, pp. 139–144, 2019.
View at: Google Scholar
R. Deb and S. Roy, “A software defined network information security risk assessment based on Pythagorean fuzzy sets,” Expert Systems with Applications, no. 9, Article ID 115383, 2021.
View at: Publisher Site | Google Scholar
M. Roshanaei, “Resilience at the core: critical infrastructure protection challenges, priorities and cybersecurity assessment strategies,” Journal of Computer and Communications, vol. 9, no. 8, p. 23, 2021.
View at: Google Scholar
L. M. Bruma, “An approach for information security risk assessment in cloud environments,” Informatica Economica, vol. 24, no. 4, pp. 29–40, 2020.
View at: Publisher Site | Google Scholar
S. Mohammadiun, G. Hu, A. A. Gharahbagh, R. Mirshahi, and R. Sadiq, “Optimization of integrated fuzzy decision tree and regression models for selection of oil spill response method in the Arctic,” Knowledge-Based Systems, vol. 213, Article ID 106676, 2020.
View at: Google Scholar
X. Feng, J. C. Jiang, and Y. G. Feng, “Reliability evaluation of gantry cranes based on fault tree analysis and Bayesian network,” Journal of Intelligent and Fuzzy Systems, vol. 38, no. 10, pp. 1–11, 2020.
View at: Publisher Site | Google Scholar
M. Ershadi and M. Forouzandeh, “Information security risk management of research information systems: a hybrid approach of Fuzzy FMEA, AHP, TOPSIS and Shannon Entropy,” Journal of Digital Information Management, vol. 17, no. 6, p. 321, 2019.
View at: Google Scholar
J. Shi and Y. Song, “Mathematical analysis of a simplified general type-2 fuzzy PID controller,” Mathematical Biosciences and Engineering, vol. 17, no. 6, pp. 7994–8036, 2020.
View at: Publisher Site | Google Scholar
P. Koltai and S. Weiss, “Diffusion maps embedding and transition matrix analysis of the large-scale flow structure in turbulent Rayleigh-Bénard convection,” Nonlinearity, vol. 33, no. 4, pp. 1723–1756, 2020.
View at: Publisher Site | Google Scholar
B. Djsa, A. Mb, and A. Mm, “A Bayesian network approach for modeling dependent seismic failures in a nuclear power plant probabilistic risk assessment,” Reliability Engineering & System Safety, vol. 213, Article ID 107678, 2021.
View at: Google Scholar
Y. Hu, T. Parhizkar, and A. Mosleh, “Guided simulation for dynamic probabilistic risk assessment of complex systems: concept, method, and application,” Reliability Engineering & System Safety, vol. 217, Article ID 108047, 2022.
View at: Publisher Site | Google Scholar
E. Trias, M. Nijs, I. A. Rugescu, F. Lombardo, and K. Tilleman, “Evaluating risk, safety and efficacy of novel reproductive techniques and therapies through the EuroGTP II risk assessment tool,” Human Reproduction, vol. 35, no. 8, pp. 1–18, 2020.
View at: Publisher Site | Google Scholar
A. O. Otekunrin, D. F. Eluyela, T. I. Nwanji, S. Faye, K. E. Howell, and J. T. Bolaji, “Enterprise risk management (ERM) and firm’s performance: a study of listed manufacturing firms in Nigeria,” Research in World Economy, vol. 12, no. 1, p. 31, 2021.
View at: Publisher Site | Google Scholar
F. A. Thani and M. Anshari, “Maximizing smartcard for public usage: PDCA and root cause analysis,” International Journal of Asian Business and Information Management, vol. 11, no. 2, pp. 121–132, 2020.
View at: Publisher Site | Google Scholar
X. J. Sun, “Personal computer network security prevention research,” Advanced Materials Research, vol. 971-973, pp. 1684–1687, 2014.
View at: Publisher Site | Google Scholar
B. Debnath, J. C. Das, D. De, P. MondalS, and M. Ferrara, “Security analysis with novel image masking based quantum-dot cellular automata information security model,” IEEE Access, no. 8, Article ID 117172, 2020.
View at: Publisher Site | Google Scholar
R. V. Solms, S. V. Solms, and W. J. Caelli, “A model for information security management,” Information Management & Computer Security, vol. 1, no. 3, pp. 12–17, 2013.
View at: Google Scholar
E. Dang, R. Luk, and J. Allan, “A principled approach using fuzzy set theory for passage-based document retrieval,” IEEE Transactions on Fuzzy Systems, vol. 29, no. 7, pp. 1967–1977, 2021.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2022 Min Yang. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

1591

Downloads

938

Citations

Advances in Multimedia

Advanced Pattern Recognition Systems for Multimedia Data

Information Security Risk Management Model for Big Data

Abstract

1. Introduction

2. Related Concepts and Technologies

2.1. Content and Process of Information Security Risk Management

2.2. Information Security Risk Management Model

2.2.1. PDCA Model

2.2.2. P2DR Model

2.2.3. APPDRR Model

2.2.4. PADIMEE Model

3. Build a Multidimensional Dynamic Management Model of Information Security Risk for Big Data

3.1. The Multidimensional Dynamic Management Model of Information Security Risk

3.2. Risk Assessment Method Based on the Fuzzy Mathematical Evaluation

3.2.1. Determine the Factor Set and Assessment Set of the Risk Management Object

3.2.2. Build Relationship Fuzzy Matrix

3.2.3. Construct the Weight Fuzzy Matrix

3.2.4. Fuzzy Comprehensive Evaluation

4. Application Example Analysis

4.1. Example Calculation

4.1.1. Calculate the Value at Risk of the Asset Factor

4.1.2. Determine the Risk Value of a Comprehensive Assessment

4.2. Validity Analysis

5. Conclusion

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright