Decision Making Approaches for Security Vulnerability Management
博士 === 國立臺灣大學 === 資訊管理學研究所 === 102 === The aim of this study is to formulate an analysis model that can express security vulnerability grades and serve as a basis for the evaluation of information program danger levels or for filtering hazardous system vulnerabilities, and to improve it to counter v...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | en_US |
| Published: |
2014
|
| Online Access: | http://ndltd.ncl.edu.tw/handle/74661141854042517311 |
| id |
ndltd-TW-102NTU05396009 |
|---|---|
| record_format |
oai_dc |
| spelling |
ndltd-TW-102NTU053960092016-03-09T04:24:03Z http://ndltd.ncl.edu.tw/handle/74661141854042517311 Decision Making Approaches for Security Vulnerability Management 資訊安全弱點管理之決策方法 Chien-Cheng Huang 黃健誠 博士 國立臺灣大學 資訊管理學研究所 102 The aim of this study is to formulate an analysis model that can express security vulnerability grades and serve as a basis for the evaluation of information program danger levels or for filtering hazardous system vulnerabilities, and to improve it to counter various security threats. Using a fuzzy analytic hierarchy process, this paper organizes crossover factors of system blind spots, and builds an evaluation framework. First, via the fuzzy Delphi method, aspects and relative determinants affecting security are screened. It then identifies the value equation of each factor, and settles the fuzzy synthetic vulnerability decision-making model. This model can analyze the various degrees to which vulnerabilities affect system security, and this information will serve as a basis for future ameliorations of the system itself. This study also proposes an improvement from the traditional fuzzy synthetic decision-making model for measuring the fuzziness between the enhancement and independence of various aspects and criteria. Furthermore, taking human subjectivity into consideration, this paper constructs a fuzzy integral decision-making model. The case study demonstrates that the evaluation model in question is practical and can be applied to new vulnerabilities to measure their degree of penetration. In addition, the fuzzy integral decision-making model emphasizes the multiply-add effect between various factors influencing information security. On the other hand, based on the above results’ weight and security level, with limited defense resources, this research proposes defense resource allocation strategies for security vulnerability management in order to maximize security utility and improve defense capability. As the problem is a mathematical optimization problem of nonlinear programming, this study finds the near optimal defense resource allocations for analysis and discussion through the problem-solving process. 林永松 2014 學位論文 ; thesis 100 en_US |
| collection |
NDLTD |
| language |
en_US |
| format |
Others
|
| sources |
NDLTD |
| description |
博士 === 國立臺灣大學 === 資訊管理學研究所 === 102 === The aim of this study is to formulate an analysis model that can express security vulnerability grades and serve as a basis for the evaluation of information program danger levels or for filtering hazardous system vulnerabilities, and to improve it to counter various security threats. Using a fuzzy analytic hierarchy process, this paper organizes crossover factors of system blind spots, and builds an evaluation framework. First, via the fuzzy Delphi method, aspects and relative determinants affecting security are screened. It then identifies the value equation of each factor, and settles the fuzzy synthetic vulnerability decision-making model. This model can analyze the various degrees to which vulnerabilities affect system security, and this information will serve as a basis for future ameliorations of the system itself. This study also proposes an improvement from the traditional fuzzy synthetic decision-making model for measuring the fuzziness between the enhancement and independence of various aspects and criteria. Furthermore, taking human subjectivity into consideration, this paper constructs a fuzzy integral decision-making model. The case study demonstrates that the evaluation model in question is practical and can be applied to new vulnerabilities to measure their degree of penetration. In addition, the fuzzy integral decision-making model emphasizes the multiply-add effect between various factors influencing information security. On the other hand, based on the above results’ weight and security level, with limited defense resources, this research proposes defense resource allocation strategies for security vulnerability management in order to maximize security utility and improve defense capability. As the problem is a mathematical optimization problem of nonlinear programming, this study finds the near optimal defense resource allocations for analysis and discussion through the problem-solving process.
|
| author2 |
林永松 |
| author_facet |
林永松 Chien-Cheng Huang 黃健誠 |
| author |
Chien-Cheng Huang 黃健誠 |
| spellingShingle |
Chien-Cheng Huang 黃健誠 Decision Making Approaches for Security Vulnerability Management |
| author_sort |
Chien-Cheng Huang |
| title |
Decision Making Approaches for Security Vulnerability Management |
| title_short |
Decision Making Approaches for Security Vulnerability Management |
| title_full |
Decision Making Approaches for Security Vulnerability Management |
| title_fullStr |
Decision Making Approaches for Security Vulnerability Management |
| title_full_unstemmed |
Decision Making Approaches for Security Vulnerability Management |
| title_sort |
decision making approaches for security vulnerability management |
| publishDate |
2014 |
| url |
http://ndltd.ncl.edu.tw/handle/74661141854042517311 |
| work_keys_str_mv |
AT chienchenghuang decisionmakingapproachesforsecurityvulnerabilitymanagement AT huángjiànchéng decisionmakingapproachesforsecurityvulnerabilitymanagement AT chienchenghuang zīxùnānquánruòdiǎnguǎnlǐzhījuécèfāngfǎ AT huángjiànchéng zīxùnānquánruòdiǎnguǎnlǐzhījuécèfāngfǎ |
| _version_ |
1718200293893603328 |