In electronic business environment, it is critical for an enterprise to assess information systems security (ISS) risks. In this paper, we propose a hybrid approach for ISS risk assessment in e-business. Given there is a great deal of uncertainty in the ISS risk assessment in e-business environment, in the hybrid approach, we combine the evidence theory with fuzzy sets to deal with the uncertain evidence found in the ISS risk assessment. The proposed approach provides a new way to define the basic belief assignment in fuzzy measure. Moreover, the approach also provides a method of testing the evidential consistency, which can reduce the uncertainty derived from the conflicts of evidence. Finally, the approach is further demonstrated and validated via a case study, in which sensitivity analysis is employed to validate the reliability of the proposed approach.
Feng, Nan and Li, Minqiang, "A Hybrid Approach For Information Systems Security Risk Assessment In Electronic Business" (2010). ICEB 2010 Proceedings. 36.