Risk and Reliability Formulas for Systems Security Under Dempster-Shafer Theory of Belief Functions
نویسنده
چکیده
This paper develops comprehensive formulas for assessing the risk and reliability of “Systems Security” under Dempster-Shafer theory of belief functions using the Trust Services framework as proposed by American Institute of Certified Public Accountants (AICPA) and Canadian Institute of Chartered Accountants (CICA). In addition, we discuss how these formulas can be used for planning and evaluation of “Systems Security” risk under the SysTrust services. The analytical formulas are derived for a tree-structured evidential diagram which is constructed by converting the exact network-structured evidential diagram. The use of an analytical formula eliminates the computational complexities of propagating beliefs in a network and allows the assurance provider to use simple spreadsheet to combine evidence. We provide theoretical justification and perform sensitivity analyses to show that the analytical formula based on a tree type evidential diagram is a good approximation of the exact network model under realistic situations. However, as shown theoretically and also through the sensitivity analysis that the analytical formula provides significantly different results when input beliefs are significantly negative. It should be noted that the analytical formula based on the tree model provides a more conservative assessment of information systems risk than the exact network model.
منابع مشابه
An Information Systems Security Risk Assessment Model under Dempster-Shafer Theory of Belief Functions
This study develops an alternative methodology for the risk analysis of information systems security (ISS), an evidential reasoning approach under the Dempster-Shafer theory of belief functions. The approach has the following important dimensions. First, the evidential reasoning approach provides a rigorous, structured manner to incorporate relevant ISS risk factors, related counter measures an...
متن کاملA logic-based analysis of Dempster-Shafer theory
Dempster-Shafer (DS) theory is formulated in terms of propositional logic, using the implicit notion of provability underlying DS theory. Dempster-Shafer theory can be modeled in terms of propositional logic by the tuple (~, p), where S is a set of propositional clauses and p is an assignment of mass to each clause Ei c ~. It is shown that the disjunction of minimal support clauses for a clause...
متن کاملbelief function and the transferable belief model
Beliefs are the result of uncertainty. Sometimes uncertainty is because of a random process and sometimes the result of lack of information. In the past, the only solution in situations of uncertainty has been the probability theory. But the past few decades, various theories of other variables and systems are put forward for the systems with no adequate and accurate information. One of these a...
متن کاملAn Information Systems Security Risk Assessment Model Under the Dempster-Shafer Theory of Belief Functions
This study develops an alternative methodology for the risk analysis of information systems security (ISS). an evidential reasoning approach under the Dempster-Shafer theory of belief functions. The approach has the following important dimensions. First, the evidential reasoning approach provides a rigorous, structured manner to incorporate relevant ISS risk factors, related countermeasures, an...
متن کامل