Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory

Abstract Cybersecurity, which is defined as information security aimed at averting cyberattacks, which are among the main issues caused by the extensive use of networks in industrial control systems. This paper proposes a model that integrates fault tree analysis, decision theory and fuzzy theory to (i) ascertain the current causes of cyberattack prevention failures and (ii) determine the vulnerability of a given cybersecurity system. The model was applied to evaluate the cybersecurity risks involved in attacking a website, e-commerce and enterprise resource planning (ERP), and to assess the possible consequences of such attacks; we evaluate these consequences, which include data dissemination, data modification, data loss or destruction and service interruption, in terms of criteria related to financial losses and time for restoration. The results of the model application demonstrate its usefulness and illustrate the increased vulnerability of e-commerce to cybersecurity attacks, relative to websites or ERP, due partly to frequent operator access, credit transactions and users’ authentication problems characteristic of e-commerce.

• Publication year

  2018

• Venue

  International Journal of Information Management

• Publication date

  2018-12-01

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1016/J.IJINFOMGT.2018.08.008
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• On the Relationship between Safety and Decision Significance

  2018cited by this paper
• A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie - combining new version of attack tree with bowtie analysis

  2018cited by this paper
• Privacy-preserving multi-channel communication in Edge-of-Things

  2018cited by this paper
• Spoofing-Jamming Attack Strategy Using Optimal Power Distributions in Wireless Smart Grid Networks

  2017cited by this paper
• Multidimensional risk evaluation of natural gas pipelines based on a multicriteria decision model using visualization tools and statistical tests for global sensitivity analysis

  2017cited by this paper
• SA-EAST

  2017cited by this paper
• Cloud-based business services innovation: A risk management model

  2017cited by this paper
• Information security management needs more holistic approach: A literature review

  2016cited by this paper
• Continuance use intention of cloud computing: Innovativeness and creativity perspectives ☆

  2016cited by this paper
• De-Identification of Unstructured Textual Data using Artificial Immune System for Privacy Preserving

  2016cited by this paper
• A Grey Theory Based Approach to Big Data Risk Management Using FMEA

  2016cited by this paper
• Information security risk analysis model using fuzzy decision theory

  2016cited by this paper
• Effect of network infrastructure factors on information system risk judgments

  2015cited by this paper
• Detecting fake anti-virus software distribution webpages

  2015cited by this paper
• Development of a cyber security risk model using Bayesian networks

  2015cited by this paper
• Multicriteria and multiobjective models for risk, reliability and maintenance decision analysis

  2015cited by this paper
• Effects of cyber security knowledge on attack detection

  2015cited by this paper
• Using a Prediction Model to Manage Cyber Security Threats

  2015cited by this paper
• A fuzzy-based reliability approach to evaluate basic events of fault tree analysis for nuclear power plant probabilistic safety assessment

  2014cited by this paper
• DDoS Attack Protection in the Era of Cloud Computing and Software-Defined Networking

  2014cited by this paper
• Security adoption and influence of cyber-insurance markets in heterogeneous networks

  2014cited by this paper
• Mitigating the Risk of Cyber Attack on Smart Grid Systems

  2014cited by this paper
• Fault tree analysis: A survey of the state-of-the-art in modeling, analysis and tools

  2014cited by this paper
• Software measure in cyber-attacks on production control system

  2014cited by this paper
• Graphical fault tree analysis for fatal falls in the construction industry.

  2014cited by this paper
• A multidimensional approach to information security risk management using FMEA and fuzzy theory

  2014cited by this paper
• Taxonomy of intrusion risk assessment and response system

  2014cited by this paper
• From information security to cyber security

  2013cited by this paper
• A systematic approach for detecting and clustering distributed cyber scanning

  2013cited by this paper
• Application of fault tree analysis for customer reliability assessment of a distribution power system

  2013cited by this paper
• Application of fault tree analysis to assess inventory risk: a practical case from aerospace manufacturing

  2013cited by this paper
• Fuzzy fault tree analysis: a review of concept and application

  2013cited by this paper
• Decision-making in fuzzy environment

  2012cited by this paper
• Managing the investment in information security technology by use of a quantitative modeling

  2012cited by this paper
• A critical review of cloud computing: researching desires and realities

  2012cited by this paper
• Vulnerability Management for an Enterprise Resource Planning System

  2012cited by this paper
• A hybrid information security risk assessment procedure considering interdependences between controls

  2012cited by this paper
• Modeling security in cyber-physical systems

  2012cited by this paper
• Dynamic risk-based decision methods for access control systems

  2012cited by this paper
• Cyber-attacks on ERP systems

  2012cited by this paper
• Mistaken identity, identity theft and problems of remote authentication in e-commerce

  2012cited by this paper
• Improving information security management: An analysis of ID-password usage and a new login vulnerability measure

  2012cited by this paper
• Enforcing privacy in e-commerce by balancing anonymity and trust

  2011cited by this paper
• Designing a Secure Framework Method for Secure Business Application Logic Integrity in e-Commerce Systems

  2011cited by this paper
• Risk analysis and assessment methodologies in the work sites: On a review, classification and comparative study of the scientific literature of the period 2000–2009

  2011cited by this paper
• Firms' information security investment decisions: Stock market evidence of investors' behavior

  2011cited by this paper
• Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer User Security Behavioral Intentions

  2010cited by this paper
• A Novel Digital Envelope Approach for A Secure E-Commerce Channel

  2010cited by this paper
• Developing expertise for network intrusion detection

  2009cited by this paper
• Informational privacy, consent and the "control" of personal data

  2009cited by this paper
• Measuring IDS-estimated attack impacts for rational incident response: A decision theoretic approach

  2009cited by this paper
• Understanding the physical and economic consequences of attacks on control systems

  2009cited by this paper
• Combining task analysis and fault tree analysis for accident and incident analysis: a case study from Bulgaria.

  2009cited by this paper
• Methodology for computer aided fuzzy fault tree analysis

  2009cited by this paper
• On the performance of social network and likelihood-based expert weighting schemes

  2008cited by this paper
• Multicriteria analysis in decision making under information uncertainty

  2008cited by this paper
• Standard Approach for Quantification of the ICT Security Investment for Cybercrime Prevention

  2008cited by this paper
• Customer Knowledge Management and E-commerce: The role of customer perceived risk

  2008cited by this paper
• Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements

  2008cited by this paper
• Immuno-inspired autonomic system for cyber defense

  2007cited by this paper
• Cyber security risk assessment for SCADA and DCS networks.

  2007cited by this paper
• Estimation of failure probability of oil and gas transmission pipelines by fuzzy fault tree analysis

  2005cited by this paper
• Semi-quantitative fault tree analysis for process plant safety using frequency and probability ranges

  2004cited by this paper
• Risky business.

  2003cited by this paper
• Technical papers: Software evaluation: Security attribute evaluation method: a cost-benefit approach

  2002cited by this paper
• Analytical propagation of uncertainties through fault trees

  2002cited by this paper
• Quality Attributes of Web Software Applications

  2002cited by this paper
• Special Features: A Framework for the Implementation of Socio-ethical Controls in Information Security

  2001cited by this paper
• Fuzzy sets

  1996cited by this paper
• Ontologies: principles, methods and applications

  1996cited by this paper
• Nuclear power plant digital instrumentation and control modifications

  1992cited by this paper
• Decisions with Multiple Objectives: Preferences and Value Trade-Offs

  1977cited by this paper
• The concept of a linguistic variable and its application to approximate reasoning - I

  1975cited by this paper
• The concept of a linguistic variable and its application to approximate reasoning-III

  1975cited by this paper
• Methods and applications

  1953cited by this paper
• International Journal of Information Management

  year unknowncited by this paper

• The creation of a methodology for intelligent assessing and managing the security state of complex systems

  2026cites this paper
• Development of a scientific and methodological apparatus for ensuring the functional reliability of special-purpose information systems

  2026cites this paper
• A Semantic Threat Model to Evaluate Security Threats in Cyber-Physical Systems

  2025cites this paper
• Teaching log data analysis in Indian cybersecurity classrooms: a mixed-methods study of pedagogical challenges and learner difficulties

  2025cites this paper
• Development of a polymodel resource management complex for intelligent decision support systems

  2025cites this paper
• Evaluation of Infrastructure and Cybersecurity in Supporting the Digital Transformation of Public Services in Tangerang City

  2025cites this paper
• Evolution of Cyber Threats: The Critical Role of Antivirus in Overcoming Current Digital Security Challenges through Protection Motivation Theory (PMT) and UTAUT

  2025cites this paper
• Development of a polymodel complex of information systems resource management

  2025influential citation
• Construction of adaptive inventory management models for a trading enterprise under unstable conditions

  2025cites this paper
• Evaluation of Sustainable Performance of Industry 4.0 Technologies Using a Novel Fuzzy OPLO‐POCOD Method

  2025cites this paper
• Cybersecurity maturity model: Systematic literature review and a proposed model

  2025cites this paper
• The SPADA methodology for threat modelling

  2025cites this paper
• Development of a method for evaluating complex organizational and technical systems using neuro-fuzzy expert systems

  2025influential citation
• Risk prediction and control of strategic operation of e-commerce enterprises based on economic management science

  2024cites this paper
• Bankacılık Sektöründe Bulanık HTEA Yöntemi Kullanılarak Bilgi Güvenliğinde Risk Analizi

  2024cites this paper
• A LITERATURE SURVEY ON CLOUD COMPUTING SECURITY

  2024cites this paper
• Fuzzy cognitive mapping as a scenario approach for information security risk analysis (short paper)

  2024cites this paper
• Cyber resilience in organisations and supply chains: from perceptions to actions

  2024cites this paper
• Not Sure Your Car Withstands Cyberwarfare

  2024cites this paper
• Decoding dependencies among the risk factors influencing maritime cybersecurity: Lessons learned from historical incidents in the past two decades

  2024cites this paper
• SYNAPSE - An Integrated Cyber Security Risk & Resilience Management Platform, With Holistic Situational Awareness, Incident Response & Preparedness Capabilities: SYNAPSE

  2024cites this paper
• Human Reliability Assessment (HRA) of Fire and Explosion Cases at Fuel Filling Stations (SPBU)

  2024cites this paper
• Risk Assessment for Complex Systems Based on Fuzzy Cognitive Maps: A Case of the Biopharmaceutical Industry

  2024cites this paper
• Extended ELECTRE method for multi-criteria group decision-making with spherical cubic fuzzy sets

  2024cites this paper
• Information System Approaches in Cybersecurity

  2024cites this paper
• Bridging the Nexus Between Cloud ERP and Enterprise Resilience

  2024cites this paper
• Safety and Cybersecurity Assessment Techniques for Critical Industries: A Mapping Study

  2023cites this paper
• Tackling Cyberattacks Through AI-Based Reactive Systems: A Holistic Review and Future Vision

  2023cites this paper
• Information Security Applications in Smart Cities: A Bibliometric Analysis of Emerging Research

  2023cites this paper
• Correlating Decision Theory with Cyber Threat Intelligence: Novel Perspectives

  2023cites this paper
• Lost in the middle - a pragmatic approach for ERP managers to prioritize known vulnerabilities by applying classification and regression trees (CART)

  2023cites this paper
• Analyzing pharmaceutical industry risks under uncertainty for performance improvement: an Indian scenario

  2023cites this paper
• Quantitative Evaluation Method for Industrial Control System Vulnerability Based on Improved Expert Elicitation and Fuzzy Set Method

  2023cites this paper
• Financial Technology (Fintech) and Cybersecurity: A Systematic Literature Review.

  2023cites this paper
• Protecting Online Transactions: A Cybersecurity Solution Model

  2023cites this paper
• A Survey on Quantitative Risk Estimation Approaches for Secure and Usable User Authentication on Smartphones

  2023influential citation
• Credit Risk Simulation of Enterprise Financial Management Based on Machine Learning Algorithm

  2022cites this paper
• Influencing factors of agricultural machinery accidents based on fuzzy fault tree analysis

  2022cites this paper
• Early determination and evaluation of technogenic risks within the water purification systems of TSs and TPSs

  2022cites this paper
• Examining the Relationship between National Cybersecurity Commitment, Culture, and Digital Payment Usage: An Institutional Trust Theory Perspective

  2022cites this paper
• LCCI: A framework for least cybersecurity controls to be implemented for small and medium enterprises (SMEs)

  2022cites this paper
• Information Security Risk Assessment Using Situational Awareness Frameworks and Application Tools

  2022cites this paper
• Pengukuran Risiko menggunakan Rangkaian Bayesan: Aplikasi kepada Data Perlanggaran Kapal di Malaysia

  2022cites this paper
• Relationship Structure Analysis on Determinants of Enterprise Information Security Investment Decision Based on ISM

  2022cites this paper
• Information Security Risk Assessment (ISRA): A Systematic Literature Review

  2022influential citation
• Assessing web security risks using dynamic Bayesian network

  2022cites this paper
• A framework for evaluating security risk in system design

  2022cites this paper
• Full title: A novel approach for determining the reliability of sprinkler systems: A case study

  2022cites this paper
• E-Finance Transformation: A Study of M-Wallet Adoption in Indonesia

  2022cites this paper
• Fuzzy Evaluation of Physical Education Teaching Quality in Colleges Based on Analytic Hierarchy Process

  2021cites this paper
• Assessing Security Risks Method in E-Commerce System for IT Portfolio Management

  2021cites this paper
• Network Modelling of Resource Consumption Intensities in Human Capital Management in Digital Business Enterprises by the Critical Path Method

  2021cites this paper
• A Risk Assessment Framework Proposal Based on Bow-Tie Analysis for Medical Image Diagnosis Sharing within Telemedicine

  2021cites this paper
• IMMAESA: A Novel Evaluation Method of IDPSs' Reactions to Cyber-Attacks on ICSs Using Multi-Objectives Heuristic Algorithms

  2021cites this paper
• Exploring Factors Influencing Technology Adoption Rate at the Macro Level: A Predictive Model

  2021cites this paper
• Cybersecurity Risk in FinTech

  2021cites this paper
• RETRACTED ARTICLE: Deep Logistic Learning Framework for E-Commerce and Supply Chain Management Platform

  2021cites this paper
• An Integrated Cybersecurity Risk Management (I-CSRM) framework for critical infrastructure protection

  2021cites this paper
• Asset criticality and risk prediction for an effective cybersecurity risk management of cyber-physical system

  2021cites this paper
• A Hybrid Asset-Based IT Risk Management Framework

  2021cites this paper
• Fuzzy Cognitive Scenario Mapping for Causes of Cybersecurity in Telehealth Services

  2021cites this paper
• Review on the Safe Use of Ammonia Fuel Cells in the Maritime Industry

  2021cites this paper
• Safety and Reliability Analysis of an Ammonia-Powered Fuel-Cell System

  2021cites this paper
• Application of risk-based fuzzy decision support systems in new product development: An R-VIKOR approach

  2021cites this paper
• Some Issues of Assessing the Risk Potential of Technological Process at Nuclear Power Plants

  2021cites this paper
• Consumer-to-consumer reselling adoption among European countries: differences between old and young millennials

  2021cites this paper
• Identifying Cloud Computing Risks based on Firm’s Ambidexterity Performance using Fuzzy VIKOR Technique

  2021cites this paper
• A Systematic Literature Review on RAMS analysis for critical infrastructures protection

  2021cites this paper
• Using Fuzzy Cognitive Map Approach for Assessing Cybersecurity for Telehealth Scenario

  2020cites this paper
• Safety Analysis Technique for System with Limited Data: Case Study of the Multipurpose Research Reactor in Indonesia

  2020cites this paper
• Machine Learning Techniques for Satellite Fault Diagnosis

  2020cites this paper
• Analysing the effects of FinTech variables on cybersecurity: Evidence form Iraqi Banks

  2020cites this paper
• Development of a method for assessing cybernetic security in special-purpose information systems

  2020cites this paper
• Qualitative and Quantitative Characteristics Analysis for Information Security Risk Assessment in E-Commerce Systems

  2020cites this paper
• A hierarchical colored Petri net–based cyberattacks response strategy making approach for critical infrastructures

  2020cites this paper
• Cyber-Attacks Risk Analysis Method for Different Levels of Automation of Mining Processes in Mines Based on Fuzzy Theory Use

  2020cites this paper
• Assessing the Risk Potential: Selecting Predictive Models

  2020cites this paper
• Using multi-criteria decision making for selecting picking strategies

  2020cites this paper
• An Evaluation Model for the Cultivation and Improvement of the Innovation Ability of College Students

  2020cites this paper
• Assessing Risk Potential of Critical Infrastructure of NPP: Fractal Analysis and Multiple-Scale Wavelet Transform

  2020cites this paper
• Medical Device Safety Management Using Cybersecurity Risk Analysis

  2020cites this paper
• Development of the Mechanism of Assessing Cyber Risks in the Internet of Things Projects

  2019cites this paper
• Cybersecurity Threats, Vulnerability and Analysis in Safety Critical Industrial Control System (ICS)

  2019cites this paper
• Cyber Insurance as a Way of Cyber Risks Management

  2019cites this paper
• Consumer Adoption of Self-Service Technologies in the Context of the Jordanian Banking Industry: Examining the Moderating Role of Channel Types

  2019cites this paper
• Assessing the Impact of Cybersecurity Attacks on Power Systems

  2019cites this paper
• Business continuity-inspired fuzzy risk assessment framework for hospital information systems

  2019cites this paper
• Fault Tree Analysis and its Modifications as Tools for Reliability and Risk Analysis of Engineering Systems – An Overview

  year unknowncites this paper
• The African Journal of Information Systems The African

  year unknowncites this paper