Operational risk assessment: a fuzzy logic approach

• Autorzy: Hain, S. , Rommelfanger, H.
• Języki publikacji: EN

Abstrakty

EN

This paper presents an integrated approach to evaluating operational risk based on a hierarchical system of risk factors. Employing a fuzzy logic expert system both quantitative and qualitative data can be aggregated to the total operational risk. The procedure is explained by the subsystem IT security. For selected risk categories the expert rule maps and the fuzzy inference process are described in detail. A numerical example illustrates the course of the fuzzy expert system using the new developed software tool Visual Fuzzy.

Słowa kluczowe

EN

operational risk assessment; qualitative risk assessment; IT risk; fuzzy logic; expert system

• Czasopismo: Foundations of Computing and Decision Sciences
• Rocznik: 2009
• Tom: Vol. 34, No. 2
• Strony: 105-123
• Opis fizyczny: Bibliogr. 16 poz.

Twórcy

autor

Hain, S.

autor

Rommelfanger, H.

• Goethe-University Frankfurt am Main, Germany, Chair of Mathematical Economic,

Bibliografia

• [1] BSI, The IT-Grundschutz-Catalogues, Bonn, available at: http://www.bsi.bund.de /english/gshb/download/it-grundschutzkataloge_2005jdf_en.zip, 2005a.
• [2] BSI, BSI Standard 100-1: Information Security Management Systems (ISMS), Version 1.0, Bonn, available at: http://www.bsi.bund.de/english/publications /bsi_standards/standard_l001_e.pdf, 2005b.
• [3] BCBS, ‘International Convergence of Capital Measurement and Capital Standards’, Basel: Bank for International Settlements, available at: http://www.bis.org/publ /bcbsl07.pdf?noframes=l, last accessed on 12.07.2008, 2006.
• [4] COMMON CRITERIA, Common Methodology for Information Technology Security Evaluation: Evaluation Methodology, Version 3.1, Revision 2, available at: http://www.commoncriteriaportal.org/files/ccfiles/CEMV3.lR2.pdf, 2007.
• [5] Flach J., Rommelfanger H., Fuzzy-Logik-basiertes Bonitätsrating, in: Oehler, Andreas (Ed.): Kreditrisikomanagement - Kernbereiche, Aufsicht und Entwicklungstendenzen, Stuttgart: Schaeffer-Poeschel, 2002, 1-33.
• [6] Klempt P., Effiziente Reduktion von IT-Risiken im Rahmen des Risikomanagementprozesses, Bochum, 2007.
• [7] Klempt P., Werners B., Tool-basierte Evaluation und Steuerung der unternehmens-weiten Informationssicherheit, in: Meyer, Jörn- Axel (Hrsg.): Management-Instrumente in kleinen und mittleren Unternehmen, Jahrbuch der KMU-Forschung und - praxis 2009, Eul-Verlag, Lohmar-Köln 2009, 307-329.
• [8] May K., Intransity, Utility and the Aggregation of Preference Patterns, Econometrica, 22, 1954, 1-19.
• [9] Office of Government Commerce, Best practice for service support, London: Stationery Office, 2005.
• [10] Richardson R., 2008 CSI/FBI computer crime and security survey, Computer Security Institute, 2008.
• [11] Rommelfanger H., Fuzzy Logic-Based Processing of Expert Rules Used for Checking the Credit Solvency of Small Business Firms or for Supporting Analytic Procedures of Auditors. In: Ribeiro R.R. et al. (Eds.), Soft Computing in Financial Engineering. Physica-Verlag, Heidelberg, 1999, 371-244.
• [12] Rommelfanger H., Eickemeier S., Entscheidungstheorie - Klassische Konzepte und Fuzzy-Erweiterungen, Berlin et al.: Springer Verlag, 2002.
• [13] Sugeno M., Industrial Applications of Fuzzy Control, New York: Elsevier Science Inc., 1985.
• [14] Xu Z., Khoshgoftaar T., Allen E., Application of fuzzy expert systems in assessing operational risk of software, Information and Software Technology, 45, 2003, 373-388.
• [15] Tah J., Carr V., A proposal for construction project risk assessment using fuzzy logic, Construction Management and Economics (2000), 18, 1999, 491-500.
• [16] Werners B., Klempt P., Management von IT-Risiken. In: Vahrenkamp; Siepermann (Hrsg.): Risikomanagement in Supply Chains Berlin 2007, 287-300.