模糊群體決策環境下之風險評估

Abstract

傳統的定量風險評鑑著重於危害事件機率估計，然而機率的計算須累積足夠的危害事件方可求得機率密度函數，除計算不易且當系統架構改變時，以前統計之資訊亦僅作參考。此外，定量風險評鑑是屬於事後分析，無法滿足快速反應的需求； 因此面對缺乏不確定(uncertain)及非完整(incomplete)的環境，本研究將利用多準則決策理論，考量實用且兼顧效益性，發展一套以軟運算(soft computing)為基礎的定性風險評鑑模式，內容包含三個新的方法以解決風險準則的權重、共識度量測與風險值彙總等問題，提供管理者確認資訊資產的風險所在並作出正確的控管決策，強化組織內的資安管理作為，提昇整體資訊安全。一般多準則決策問題可概略區分成兩階段：一、決定評估準則，二、意見彙總與替代方案之選擇。首先在決定評估準則過程中，如何決定準則的權重是一項重要的研究議題。然而以往相關研究大多是直接採用主觀權重或採用相對比較(pairwise comparison)評估值以計算權重，且限制評估資料須為數值，因此本研究改良Zeleny所提的謪值法(Entropy Method)，而提出一個可由語意量詞決定權重的方法－「語意謪值法(Linguistic Entropy Method, LEM)」以決定模糊準則之權重大小。在風險評鑑中，專家意見彙總程序常使用資料彙總方法是簡單加總法(Simple Weighting Additive Method，SWAM)。 簡單加總法無法判別風險評鑑之群體共識度(group consensus) 以了解專家共識是否達成；此外，簡單加總法亦無法透過群體共識度分析共識度動態變化的趨勢，因此本研究研析Kacprzyk 和 Fedrizzi所研提的柔性共識度量方法，提出模糊群體「柔性共識度量測法(Soft-consensus Risk Assessment Method, SRAM)」與「OWA風險值彙總法(OWA (Ordered Weighted Averaging) Aggregation Method, OAM)」，讓風險評鑑過程更為合理及有效。 最後，舉一網路資料中心(Internet Data Center, IDC)之資訊資產風險評鑑為例，本研究運用所研提的三種新的方法以探討上述風險評鑑問題；首先我們運用「語意謪值法」以求取風險屬性的權重，與傳統謪值法作比較，並分析兩個方法使用上的優缺點；此外，當各專家風險意見無法達成一致時，則進行群體多數的表決，此時可運用「柔性共識度量測法」分析群體共識度，求取專家意見彙總之多數解；最後以「OWA風險值彙總法」彙整所有專家意見，決定資訊資產之風險排序。本研究所研提之三個方法可客觀決定模糊準則間的權重，有效分析群體柔性共識度、決策過程中共識區間變化的趨勢及資訊資產之風險排序，可系統化探討風險評鑑過程，降低風險評估過程不確定性並提高評估結果之合理性。

The traditional methods of quantitative risk assessment determine the solution using the probability of event occurrences. They need to accumulate a number of threat events to derive the probability density function. As a result, they could arise an inconsistent situation when the system architecture changes. Furthermore, quantitative risk assessment is a posterior analysis of risk occurrence, which cannot meet the security management and the requirements for quick reaction to rapid growth of attack events. Thus, this research applies the fuzzy MCDM (multi criteria decision-making) theory to develop a qualitative risk assessment model including three new approaches based on soft-computing theory to solve weighting determination, consensus measure, and risk-ratings aggregation problems of risk assessment. It provides managers with a method to identify the risk of information systems to make correct decisions and to enforce the security of information systems with incomplete data in an uncertain environment. The solution process of MCDM can be generally divided into two phases: the first phase, determination of criteria; the second phase, opinions aggregation and alternatives ranking. First, how to determine the weights of risk attributes is an important issue for fuzzy MCDM problem. The existing methods apply subjective weight or pairwise comparison method to directly determine the weight of criteria, and confine the assessment data to be a numerical data. Thus, this research improves Zeleny’s entropy method and proposes a new subjective weight-determination method, called the Linguistic Entropy method (LEM) that enable decision-makers to rationally determine weights of criteria when their opinions are expressed with linguistic terms under uncertainty situation. In addition, traditionally the experts often applied the simple weighting additive method (SWAM) to aggregate their opinions.. SWAM cannot specify consensus measure of group for risk assessment which indicates whether experts reach a group consensus or not, but it also cannot reveal the variation tendency of consensus reaching process. Hence we present a new method for solving consensus measure in the risk assessment process, called Soft-consensus Risk Assessment Method (SRAM) to improve Kacprzyk and Fedrizzis’ soft consensus method and to analyze the variation trend of group consensus. Furthermore, in order to improve limitations of SWAM, a fuzzy synthetic evaluation method, called OWA Aggregation Method (OAM), is introduced to aggregate risk rates and prioritise the risk ranking of assets using the Ordered Weighted Averaging (OWA) operator. Finally, a risk assessment example for Internet Data Center (IDC) is applied to verify the proposed algorithm. Three algorithms, LEM, SRAM, and OAM are employed to solve the unsettled problems in the risk assessment process. The experimental results show that the decision-makers could utilize the LEM to obtain a more objective weighting solution of risk criteria than the traditional methods. Furthermore, the decision-makers may employ the SRAM to obtain a soft-consensus of group if expert’s opinion is diverse or distinct, and to make the decision based on the majority concept. Then, OAM method can decide the risk ranking of assets and risk level of information assets using fuzz-logic operator. The proposed approaches can objectively determine the weights of criteria and systemically analyze the process of risk assessment to decrease the complexity and uncertainty of the risk evaluation through the use of the above three algorithms. From the results obtained from the application of the proposed methods to the examples, the proposed method has demonstrated its usefulness and effectiveness.