Publications-Journal Articles

Article View/Open

Publication Export

Google ScholarTM

NCCU Library

Citation Infomation

Related Publications in TAIR

題名 模糊群體決策環境下以OWA運算子進行風險分析
其他題名 Fuzzy Group Decision Making Using an OWA Operator Applied to Risk Analysis for Information Security Management
作者 羅濟群;王平;趙國銘
Lo, Chi-Chun;Wang, Ping;Chao, K-M
關鍵詞 風險分析;柔性共識;OWA運算子;BS7799;ISO/IEC13355
BS7799;ISO/IEC13355;Risk assessment;Soft Consensus;OWA Operator
日期 2006-03
上傳時間 16-Aug-2016 15:41:05 (UTC+8)
摘要 傳統的定量風險分析方法著重於危害事件機率的計算,只能適用於歷史資料為可數量化,但風險分析面對網際網路的不斷變化的危害事件,通常無法蒐集充足的數量化資訊提供危害事件機率的估算。本研究採用定性風險分析方法,結合模糊偏好關係,模糊多數(fuzzy majority)理論與OWA運算子作風險值之彙總,以求得資訊資產的風險等級。分析時允許專家運用語意量詞(linguistic quantifier),研析風險項目的重要性及此風險項目發生時所造成損害程度(impact loss degree)的評估,取代傳統的方法對危害事件機率(probability)及損害金額(money loss)的估算。最後舉一網路資料中心(Internet Data Center,IDC)實例說明。本研究擴展Hererra,Chiclana及Kacprzyk等作者發展的群體決策理論至模糊環境的風險分析應用;經研究實證可知,面對不完整及模糊資料與多位專家參與風險決策時,所研提之方法可有效簡化風險分析過程的複雜性與大幅降低群體決策之共識達成所需時間。
The traditional techniques of quantitative risk analysis determine the solution by the probability distribution function of threats and its impact loss. Since risk assessment process often holds under uncertain situation with incomplete information due to rapid change of advent attack events especially in the Internet. It is hard to accumulate adequate events to precisely estimate the probability of threats and impact losses in some real cases. In this paper, a qualitative risk analysis method is employed to prioritize the risk level of assets through the use of fuzzy preference relation, fuzzy majority concept, and the ordered weighted averaging (OWA) operator. The peoposed mothod allows the experts to express their risk preferences in linguistic quantifiers and explicitly represents the importance (weighting) of risk factor and the corresponding impact loss degree instead of probability of advent events and money loss. Finally, a real case of risk assessment for the Internet Data Center (IDC) is given to illustrate our approach. The proposed method extends the traditional risk analysis using fuzzy multiple-person decision making (MPDM) theory, developed by Hererra, Chiclana, and Kacprzyk, to risk analysis in fuzzy environment. From numerical illustrations, the proposed model can effectively decrease the complexity of the risk analysis and reduce the time required to reach a group consensus when the committee includes the opinions of many decision makers.
關聯 資管評論, 14, 1-21
MIS review
資料類型 article
dc.creator (作者) 羅濟群;王平;趙國銘zh_TW
dc.creator (作者) Lo, Chi-Chun;Wang, Ping;Chao, K-M
dc.date (日期) 2006-03
dc.date.accessioned 16-Aug-2016 15:41:05 (UTC+8)-
dc.date.available 16-Aug-2016 15:41:05 (UTC+8)-
dc.date.issued (上傳時間) 16-Aug-2016 15:41:05 (UTC+8)-
dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/100265-
dc.description.abstract (摘要) 傳統的定量風險分析方法著重於危害事件機率的計算,只能適用於歷史資料為可數量化,但風險分析面對網際網路的不斷變化的危害事件,通常無法蒐集充足的數量化資訊提供危害事件機率的估算。本研究採用定性風險分析方法,結合模糊偏好關係,模糊多數(fuzzy majority)理論與OWA運算子作風險值之彙總,以求得資訊資產的風險等級。分析時允許專家運用語意量詞(linguistic quantifier),研析風險項目的重要性及此風險項目發生時所造成損害程度(impact loss degree)的評估,取代傳統的方法對危害事件機率(probability)及損害金額(money loss)的估算。最後舉一網路資料中心(Internet Data Center,IDC)實例說明。本研究擴展Hererra,Chiclana及Kacprzyk等作者發展的群體決策理論至模糊環境的風險分析應用;經研究實證可知,面對不完整及模糊資料與多位專家參與風險決策時,所研提之方法可有效簡化風險分析過程的複雜性與大幅降低群體決策之共識達成所需時間。
dc.description.abstract (摘要) The traditional techniques of quantitative risk analysis determine the solution by the probability distribution function of threats and its impact loss. Since risk assessment process often holds under uncertain situation with incomplete information due to rapid change of advent attack events especially in the Internet. It is hard to accumulate adequate events to precisely estimate the probability of threats and impact losses in some real cases. In this paper, a qualitative risk analysis method is employed to prioritize the risk level of assets through the use of fuzzy preference relation, fuzzy majority concept, and the ordered weighted averaging (OWA) operator. The peoposed mothod allows the experts to express their risk preferences in linguistic quantifiers and explicitly represents the importance (weighting) of risk factor and the corresponding impact loss degree instead of probability of advent events and money loss. Finally, a real case of risk assessment for the Internet Data Center (IDC) is given to illustrate our approach. The proposed method extends the traditional risk analysis using fuzzy multiple-person decision making (MPDM) theory, developed by Hererra, Chiclana, and Kacprzyk, to risk analysis in fuzzy environment. From numerical illustrations, the proposed model can effectively decrease the complexity of the risk analysis and reduce the time required to reach a group consensus when the committee includes the opinions of many decision makers.
dc.format.extent 1393713 bytes-
dc.format.mimetype application/pdf-
dc.relation (關聯) 資管評論, 14, 1-21
dc.relation (關聯) MIS review
dc.subject (關鍵詞) 風險分析;柔性共識;OWA運算子;BS7799;ISO/IEC13355
dc.subject (關鍵詞) BS7799;ISO/IEC13355;Risk assessment;Soft Consensus;OWA Operator
dc.title (題名) 模糊群體決策環境下以OWA運算子進行風險分析zh_TW
dc.title.alternative (其他題名) Fuzzy Group Decision Making Using an OWA Operator Applied to Risk Analysis for Information Security Management
dc.type (資料類型) article