Title: Fuzzy based security risk assessment of e-government data centre in Indian context

Authors: Saibal Sarkar; Suvrojit Das

Addresses: National Informatics Centre, West Bengal State Centre, Bidyut Bhavan, Saltlake, Kolkata, West Bengal 700091, India ' Department of Computer Science and Engineering, National Institute of Technology, Mahatma Gandhi Avenue, Durgapur, West Bengal 713209, India

Abstract: E-government data centres (EDC) in India cannot be considered adequately safe and secure as these do have multiple sources of vulnerabilities that are exploited by diverse numerous threats. Therefore, these create a variety of risk postures. Published works for risk assessment are partial and mainly based on a five-point scale. Also, no work on the overall risk assessment of EDC has been found so far. We, therefore, introduce a fuzzy logic-based risk assessment system (FLRAS) to assess the aggregated risk of EDC, considering multi-sourced threats and vulnerabilities. The FLRAS is based on a set of audit-level metrics developed from a large set of real-world audit reports of a given EDC in India. Our system of computation has been used to compute risk in the first step. We then show that once such overall risk is computed, it can be further reduced substantially by mitigating the gaps as mentioned in audit reports.

Keywords: e-government data centre; risk metric; fuzzy techniques; risk assessment.

DOI: 10.1504/EG.2022.123838

Electronic Government, an International Journal, 2022 Vol.18 No.3, pp.354 - 380

Received: 02 Dec 2020
Accepted: 07 Apr 2021
Published online: 04 Jul 2022 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article