Network security risk assessment based on fuzzy logic approach / Nurulhidayah Abdul Latif

The purposes of the study were to design a model of network security risk assessment and to assess the result from the risk assessment conducted. The threats created were dealing with the computer network which is spreading widely that might cause risk impact to the organization. Due to this condition, the security mechanism of an institution needs to determine that all the assets and information are preserving safely. Therefore, this research is focusing on risk assessment to analyze the generic threats in the education institution towards network security appliance which is called firewall. The generic threats list was chosen based on MyRAM (2005) guideline from Malaysian Administrative Modernization and Management Planning Unit (MAMPU). The qualitative method that leads to the understanding and holistic description of a phenomenon was applied in this study. This method generates rich, detail data from a multiple perspectives. The instruments used to collect data were close-ended questionnaire and interview. Questionnaire as the main source of information helped to obtain the evaluation of threats from the four experts in the network security area. In the interview session it was conducted face-to-face at the institution for a better understanding. Fuzzy Logic approach which contains Triangular Average Formula, Efficient Fuzzy Weighted Average (EFWA) and Euclidean Distance was selected as the approach in the present study. It was utilized in finding the 'Likelihood' and 'Consequence' of the threats. The result of this study revealed that firewall as the appliance was in the moderate level in which necessary measures should be taken by the particular institution to curb the threats. Risk assessment for the firewall will be conducted by using different approaches such as Bayesian, Dempster-Shafer Theory, Neural Network and Immunity Algorithm by utilizing more respondents in the future research.