Information Security Risk Analysis in Food Processing Industry Using a Fuzzy Inference System
Keywords:
food processing industry, information security, risk identification, risk analysis, fuzzy inference system, ISO 27005Abstract
Recently, different attempts have been made to characterize information security threats, particularly in the industrial sector. Yet, there have been a number of mysterious threats that could jeopardize the safety of food processing industry data, information, and resources. This research paper aims to increase the efficiency of information security risk analysis in food processing industrial information systems, and the participants in this study were experts in executive management, regular staff, technical and asset operators, third-party consultancy companies, and risk management professionals from the food processing sector in Sub-Saharan Africa. A questionnaire and interview with a variety of questions using qualitative and quantitative risk analysis approaches were used to gather the risk identifications, and the fuzzy inference system method was also applied to analyze the risk factor in this paper. The findings revealed that among information security concerns, electronic data in a data theft threat has a high-risk outcome of 75.67%, and human resource management (HRM) in a social engineering threat has a low-risk impact of 26.67%. Thus, the high-probability risk factors need quick action, and the risk components with a high probability call for rapid corrective action. Finally, the root causes of such threats should be identified and controlled before experiencing detrimental effects. It's also important to note that primary interests and worldwide policies must be taken into consideration while examining information security in food processing industrial information systems.
References
2. Whitman M.E., Mattord H.J. Principles of Information Security. Cengage Learning. 2018. 750 p.
3. Kriaa S., Bouissou M., Laarouchi Y. A Model Based Approach for SCADA Safety and Security Joint Modelling: S-Cube. 10th IET System Safety and Cyber-Security Conference. 2015. DOI: 10.1049/cp.2015.0293.
4. Shin J., You I., Seo J.T. Investment priority analysis of ICS information security resources in smart mobile IoT network environment using the analytic hierarchy process. Mobile Information Systems. 2020. vol. 2020. DOI: 10.1155/2020/8878088.
5. Shamala P., Ahmad R., Zolait A.H., Bin Sahib S. Collective information structure model for information security risk assessment (ISRA). Journal of Systems and Information Technology. 2015. vol. 17. no. 2. pp. 193–219. DOI: 10.1108/JSIT-02-2015-0013.
6. Abbass W., Baina A., Bellafkih M. Improvement of information system security risk management. 4th IEEE International Colloquium on Information Science and Technology (CiSt). 2016. pp. 182–187. DOI: 10.1109/CIST.2016.7805039.
7. Yang M. Information Security Risk Management Model for Big Data. Advances in Multimedia. 2022. vol. 2022. DOI: 10.1155/2022/3383251.
8. Information Security Risk Assessment Using Situational Awareness Frameworks and Application Tools. Risks. 2022.
9. Ebrat M., Ghodsi R. Construction project risk assessment by using adaptive-network-based fuzzy inference system: An empirical study. KSCE Journal of Civil Engineering. 2014. vol. 18. pp. 1213–1227. DOI: 10.1007/s12205-014-0139-5.
10. Stebbins-Wheelock E.J., Turgeon A. Guide to Risk Assessment and Response. The University of Vermont, 2018. 17 p.
11. Sobel P.J., Prawitt D.F., Dohrer R.D., Murdock D.C., Thomson J.C., Miller P.K. Compliance risk management: applying the COSO ERM framework. Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2020. 48 p.
12. Chandra N.A., Ramli K., Ratna A.A.P., Gunawan T.S. Information Security Risk Assessment Using Situational Awareness Frameworks and Application Tools. Risks. 2022. vol. 10(8). no. 165. DOI: 10.3390/risks10080165.
13. Crotty J., Daniel E. Cyber threat: its origins and consequence and the use of qualitative and quantitative methods in cyber risk assessment. Applied Computing and Informatics. 2022. DOI: 10.1108/ACI-07-2022-0178.
14. Carlsson E., Mattsson M. The MaRiQ model: A quantitative approach to risk management in cybersecurity. 2019. Uppsala: Uppsala Universitet, 2019. 97 p.
15. Fadyeyeva I., Gryniuk O. Fuzzy modelling in risk assessment of oil and gas production enterprises’ activity. Baltic Journal of Economic Studies. 2017. vol. 3. no. 4. pp. 256–264.
16. Papageorgiou E.I., Aggelopoulou K., Gemtos T.A., Nanos G.D. Development and Evaluation of a Fuzzy Inference System and a Neuro-Fuzzy Inference System for Grading Apple Quality. Applied Artificial Intelligence. 2018. vol. 32. no. 3. pp. 253–280. DOI: 10.1080/08839514.2018.1448072.
17. Blasi A.H. The use of Fuzzy Logic Control in Manufacturing Systems. 2020. 12 p.
18. Kotenko I., Saenko I., Ageev S. Countermeasure Security Risks Management in the Internet of Things Based on Fuzzy Logic Inference. IEEE TrustCom/BigDataSE/ISPA. 2015. pp. 654-659. DOI: 10.1109/Trustcom.2015.431.
19. Hadacek L., Sivakova L., Sousek R., Zeegers M. Assessment of security risks in railway transport using the fuzzy logical deduction method. Communications – Scientific Letters of the University of Zilina. 2020. vol. 22. no. 2. pp. 79–87. DOI: 10.26552/com.C.2020.2.79-87.
20. Kaka S., Hussin H., Khan R., Akbar A., Sarwar U., Ansari J. Fuzzy logic-based quantitative risk assessment model for hse in oil and gas industry. Universiti Teknologi PETRONAS, 2022. DOI: 10.17605/OSF.IO/WVG2H.
21. Zhao Y., Talha M. Evaluation of food safety problems based on the fuzzy comprehensive analysis method. Food Science and Technology. 2021. vol. 42. no. e47321. DOI: 10.1590/FST.47321.
Published
How to Cite
Section
Copyright (c) Amanuel Estifanos Asfha, Abhishek Vaish
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms: Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).