Abstract
Proper protection of information systems is a major quality issue of organizational risk management. Risk management is a process whereby risk factors are identified and then virtually eliminated. Failure modes and effects analysis (FMEA) is a risk management methodology for identifying system’s failure modes with their effects and causes. FMEA identifies potential weaknesses in the system. This approach allows companies to correct areas identified through the process before the system fails. In this paper, we identify several critical failure factors that may jeopardize the security of information systems. In doing this, we systematically identify, analyze, and document the possible failure modes and the possible effects of each failure on the system. The proposed cybersecurity FMEA (C-FMEA) process results in a detailed description of how failures influence the system’s performance and how they can be avoided. The applicability of the proposed C-FMEA is illustrated with an example from a regional airport.
Highlights
As companies introduce new technologies such as big data, cloud, and Internet of Things (IoT) to their work environment, security issues become more important
Theoretical development/model—proposed cybersecurity Failure modes and effects analysis (FMEA) (C-FMEA) approach While in this methodology, the authors follow the general FMEA steps suggested by American Society for Quality (ASQ) [31], the core of discussion is on the identification of failure modes and taking corrective actions based on CIA triad
This paper offers a unique approach to managing the security of the information systems
Summary
As companies introduce new technologies such as big data, cloud, and Internet of Things (IoT) to their work environment, security issues become more important. The digital transformation leads to an explosion of connected environments, and attackers will compromise weak links. In an article by Roberts and Lashinsky in Fortune [1], the latest statistics are a call to arms: “According to Cisco, the number of so-called distributed denial-of-service (DDos) attacks – assaults that flood a system’s servers with junk web traffic – jumped globally by 172% in 2016. Considering the importance of secure information systems, the National Institute of Standards and Technology (US Department of Commerce—NIST) has developed security controls [2] for information systems in federal, private, and public organizations. NIST has developed general guidelines [3], for federal government [4] and for non-government organizations [5], for managing the risk of information technology systems.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
