Fuzzy based modeling for an effective IT security policy management

Abstract

This paper presents a fuzzy based modeling approach for determining the effectiveness of IT security policies of an organization. Normally organizations have different IT security policies, but modeling and maintaining them is a tedious process. In order to ensure appropriate IT support policies, there are many factors involved. The most common are the periodic data backups and prevention against the virus attack. Therefore, it is essential to ensure that the IT security policies are assessed for all the possible vulnerabilities and hidden threats. Thus fuzzy based modeling has been proposed to identify the effectiveness of the IT security policies for any organization. Mamdani's Fuzzy inference engine has been applied to construct the fuzzy rules based on the different primary and secondary factors. Finally the results from the analysis of the factors are processed by the fuzzy inference engine, to decide the rule strengths and its effectiveness of the overall IT security policies.