Fuzzy based threat analysis in total hospital information system

Abstract

Several studies have proposed the concept of "fuzzy logic technique" to assess risk in information security field. These studies revealed that in risk analysis process, evaluators face difficulties in collecting accurate data and adequate knowledge to estimate the probability of threats and its consequences. The estimated value contributes to data fuzziness. As a result, with the estimated value, they must make threat assessment judgment under conditions of uncertainty. Moreover, based on the literature review, there is lacks of fuzzy based threat analysis model in Healthcare Information Systems (HIS). Hence, this project attempts to develop fuzzy based threat analysis model in which; linguistic variable, fuzzy number and fuzzy weighted average are applied to deal with the uncertainty problem in doing evaluation of potential threats in Total Hospital Information Systems (THIS) environment. In fuzzification process, Triangular Average Number technique using two sets of membership functions was applied to evaluate "likelihood" and "consequence" of THIS threat variables upon a particular THIS asset. Then, each security threat level was aggregated using Efficient Fuzzy Weighted Average (EFWA) algorithm. Finally, Best Fit Technique is used in defuzzification process to translate a single fuzzy value to linguistic terms that indicates the overall security threat level impact on THIS asset. To confirm the effectiveness of this adopted model, prototype is developed and verified using scenario method. Finding shown that this model, is capable to perform threat analysis with incomplete information and uncertain in THIS environment.