Trasactios o Computer Sciece ad Techology December 214, Volume 3, Issue 4, PP.14-145 The Aalysis ad Research Based o DEA Model ad Super Efficiecy DEA Model for Assessmet of Classified Protectio of Iformatio Systems Security Jig Gao #,Yogu She, Guidog Zhag, Qi Zhou School of Iformatio Sciece & Egieerig, Lazhou Uiversity, Lazhou Gasu Provice 73, Chia # Email: gao12@lzu.edu.c Abstract As decisio makig uits with eight uits, which classified protectio of iformatio systems security are secod-level. Usig data evelopmet aalysis (DEA) model ad super efficiecy DEA method establish the assessmet model of iformatio systems security maagemet effectiveess, ad the by calculatig the relative efficiecy value ad the super efficiecy value of each uit, security maagemet efficiecy values of the uits are sorted completely. Coclusios show that the same level of classified protectio of iformatio system security, the method ca solve the issue for distiguishig security maagemet efficiecy of the decisio makig uits. Keywords: Classified Protectio of Iformatio Systems Security; DEA Model; Super Efficiecy DEA Model 1 INTRODUCTION The classified protectio of iformatio systems security (referred to CPISS) is divided ito five levels [1].Through a detailed evaluatio scores, the situatio of iformatio security of the measurig obect ca be udged whether to achieve the appropriate level of requiremets. However, the existig evaluatio results are still some limitatios, maily reflectig its coclusio oly if the measured obect to achieve the appropriate level of security, but at the same level stregths ad weakesses of differet security level is difficult to visually reflect the measured obect, but also from the perspective of iput ad output is more difficult to aalyse the efficiecy value of iformatio systems security maagemet (referred to ISSM). The ISSM is a typical multi-iput ad multi-output model, its diversified iput types, complex itegrated eviromet betwee differet systems, output idicators difficult to quatitative aalysis. The traditioal evaluatio methods are difficult to make a obective evaluatio of the iput-output ratio of a orgaizatio's ISSM. Preset domestic ad foreig for the evaluatio methods of the ISSM s effectiveess maily iclude eural etworks method, fuzzy comprehesive evaluatio method, artificial immue method, etc. This paper attempts to use the data evelopmet aalysis (DEA), o the basis of traditioal evaluatio data of the CPISS miig, uder the same level of protectio levels, to achieve a quatitative assessmet of the differet decisio-makig uit (uit uder test) is iput productio the ratio, ad use this to give its evaluatio value of the ISSM. This article will use the model of DEA proectio aalysis, ad the use of improved model of traditioal DEA algorithm gives maagemet decisio aalysis ad optimizatio recommedatios of ivalid uit. 2 DEA MODEL AND ITS IMPROVEMENT 2.1 Model Overview ad Effectiveess Meaigs 1978, by the famous operatios research expert, Professor Uiversity of Texas ad the Uited States A. Chares, - 14 -
W.W. Cooper ad E. Rhodes to "evaluate the relative efficiecy" formally proposed based o the cocept of data evelopmet aalysis (referred to as the DEA [2]), DEA usig mathematical programmig models, evaluatio the relative effectiveess (called DEA efficiet) betwee the "sector" or "orgaizatio" with multiple iputs, especially multiple output (referred to as "decisio makig uit", abbreviated DMU). The mai idea of DEA model is to use iput ad output data of each DMU to costruct the "effective productio frotier." If a DMU is located i the efficiet productio frotier, it is called DEA efficiecy that meas output has reached its maximum uder the curret iput, otherwise it is DEA iefficiecy. The productio frotier refers to the surface that composed by the most-advatage of the iput ad output data of the observed DMU. DEA efficiecy icludes techology efficiecy ad scale efficiecy. Techical efficiecy: If the productio state ( xy, ) is satisfied, the state ( xy, ) is called techology efficiecy (i.e. i terms of the output relative to the iput has reached its maximum). At this time, the poit ( xy, ) is located o the surface of the productio fuctio. Scale efficiecy meas either too large or too small i iputs, which the returs to scale is the status betwee icremet ad decremet, that meas i the status of costat returs to scale. The literature [3] poited out that the overall techical efficiecy (OTE) = techical efficiecy (TE) scale efficiecy (SE). We defie that the highest efficiecy is set to 1, the relative efficiecy of the other evaluatio uit is set betwee -1. Whe a evaluatio uit while achievig scale efficiecy ad techology efficiecy, it is called overall efficiecy, ad its overall efficiecy reaches 1. 2.2 The C 2 R Model ad the BC 2 Model The relevat literature [3] has bee defied the C 2 R model, here oly give its duality plaig. The duality model of the C 2 R model is ( D 2 ) I : C R ( D 2 ) I C R T T mi ( e s eˆ s ) st.. 1 x s x 1 y s y, 1,..., s, s (1 y f () x ) T m T s This model ca be solved by the simplex method. Amog them, e(1,...,1) E, eˆ (1,...,1) E, is o- s Archimedea ifiitely small quatity, s s are slack variables, ad s m E, s E.The literature [2] has proved that the equatio (1) has a group optimum solutio, ad is the comprehesive techical efficiecy of this DMU. Sets, ( 1,..., ), s s as the optimal solutio of the equatio (1), ad there are the followig udgmet: 1, the is DEA iefficiecy; 1, s s, DMU is DEA efficiecy. The C 2 R model is the assumptio of costat returs to scale. This assumptio is ofte too strict, ad difficult to meet i may cases. If add a covexity assumptio i C 2 R model, we ca obtai the equatio (2) for the duality model of BC 2 with a o-archimedea ifiitesimal. Because the BC 2 model ca oly assess the techical efficiecy of each DMU, so this is techical efficiecy oly. Set, ( 1,..., ), s s are the optimal solutio of the equatio (2), its determiatio coditios is the same as the equatio (1). - 141 -
( D 2 ) I BC T T mi ( e s eˆ s ) st.. 1 x s x 1 y s y 1, 1,..., s, s (2) 2.3 The Defiitios about DEA Aalysis of Returs to Scale ad Aalysis of Proectio I the C 2 R model, whe 1 =1, DMU is costat returs to scale, which represets the output icreases with the icreasig of iput, but the "speed" of it is costat; whe 1 <1, it is icreasig returs to scale, which meas that the output icreases with the icreasig of iput, but the "speed" of it is icremetal; whe 1 >1, it is decreasig returs to scale, which meas that the output icreases with the icreasig of iput, but its "speed" is decremetal. Proectio value (ideal value) ca directly reflect the real demad for curret iput resources of DMU, ad may reach a maximum output capacity. The proectio of the poit ( x, y ) for o-dea efficiecy, which is i the surface for the productio frotier, is served ( xˆ, y ˆ ), ad s Set, ( 1,..., ), s s as the optimal solutio of the equatio (1), ad its proectio is: 2.4 D. Super-Efficiecy DEA Model 1 xˆ x - s x, yˆ = y + s 1 y (3) Whe usig the DEA method to evaluate the relative efficiecy of DMU may cause that multiple DMU's overall efficiecy values are 1. For such DMU, the C 2 R model is uable to distiguish the advatages ad disadvatages ad make a quatitative compariso. I order to solve this problem, the literature [4] proposed a DEA "super-efficiet" model, which we call S- C 2 R model. The basic idea of S-C 2 R model is: Whe assessig a DMU, makig iputs ad outputs of it are replaced by liear combiatio of all the other DMU's iputs ad outputs, which will exclude the i the rest of the DMU's set outside. If a DMU is DEA efficiecy ad ca icrease i proportio to their iputs ad still maitai the largest proportio of the value of their relative effectiveess, called super-efficiecy values for this proportio of the value of the DMU. Obviously the efficiecy value may be greater tha 1. We illustrate this idea by Figure 1: FIG. 1 SIMPLIFIED SCHEMATIC FOR S-C 2 R I Figure 1, M poit is i the efficiet productio frotier, it was uderstood that the efficiecy of i the C 2 R model is 1. Accordig to the idea of super-efficiecy model, whe calculatig the efficiecy value at poit M, M poit are excluded from the referece DMU s set, so the productio frotier has chaged from the ABCD to the ABD, at this time the efficiecy value of M poit is OM'/ OM, ad greater tha 1. Ad for which the origially o-dea efficiecy DMU poit N, its productio frotier is still ABCD i the super-efficiecy model. The efficiecy value of - 142 -
N poit is same as i the C 2 R model, ad it is still ON'/ ON. Take this idea, ad combied with C 2 R model, give the dual programmig of S-C 2 R model: ( ) I D 2 S C R T T mi ( e s eˆ s ) st.. 1, x s x 1, y s y, 1,..., s, s (4) 3 EXAMPLES OF APPLICATIONS 3.1 DEA Evaluatio Model about of Iformatio System Security Maagemet Efficiecy Buildig ad the DMU s Iput-output Idicators Defiig Based o the literature [5-6] priciples, each uit that received the same assessmet coditios as DMU, 1<<; their iput idicators are based o data collected i the field. For their output idicators, cosiderig the actual for specific assessmet sub keys early 4, each assessmet sub key will accumulated the assessmet score by the scorig rules (Satisfy the coditios to get 1 poit, basically satisfy the coditios to get.6 poits, does ot satisfy the coditios to get poits).the to merge all of the assessmet sub keys ad divide them ito two categories mai assessmet items, ad make the scores for each category mai items (full mark is 2 poits) as a this DMU's output idicator, so we ca obtai the DEA assessmet model about the ISSM efficiecy. The specific iput ad output idicators are i Table 1. Output TABLE 1 DEFINITION OF INPUT AND OUTPUT INDICATORS Types of Idicator Serial Number Assessmet Idicators Mode of Defiitio x 1 Mapower iputs The proportio of specialized staff The average iputs i the core x Iput 2 Termial iputs etwork termials x 3 Patch update frequecy The patch of system protectio update frequecy (times / moth) y 1 Applicatios Assessmet scores effectiveess (2) y 2 Maagemet effectiveess 3.2 B. Examples of Applicatios Effectiveess Aalysis Assessmet scores (2) I this paper, we choose the eight uits, which their assessmet levels of CPISS are all secod level, as the evaluatio obects. Now for each uit accordig to iputs, outputs idicators for data collectio, the results i Table 2. TABLE 2 DATA OF INPUT AND OUTPUT INDICATORS DMU Iputs Outputs x 1 x 2 x 3 y 1 y 2 1 2.26 1636.27 14 177.4 165.8 2 2.86 12451.61 2 199.6 192.6 3 3.64 17555.56 5 34.8 2.2 4 5.44 16636.36 12 168.6 149.6 5 8.89 287.3 1 12.2 95.6 6 4.57 22615.38 9 125.6 129.4 7 5.75 11266.67 8 74 82.8 8 6.25 8875.15 12 137 145.2-143 -
By DEAP or the others software processig data of Table 2, we ca obtai the overall techical efficiecy (OTE), techical efficiecy (TE), scale efficiecy (SE) ad returs to scale chages of each DMU, ad the results are show i Table 3. TABLE 3 DATA OF INPUT AND OUTPUT INDICATORS DMU OTE TE SE 1 Scale chage 1 1. 1. 1. 1. Costat 2 1. 1. 1. 1. Costat 3.495 1..495.26 Icreasig 4 1. 1. 1. 1. Costat 5.729.797.915.676 Icreasig 6 1. 1. 1. 1. Costat 7.799 1..799.599 Icreasig 8 1. 1. 1. 1. Costat The results accordig to Table 3, i all of the DMU, DMU 1, DMU 2, DMU 4, DMU 6 ad DMU 8 are DEA efficiecy, which are both techical efficiecy ad scale efficiecy. DMU 3, DMU 5, DMU 7 are o-dea efficiecy, which DMU 3, DMU 7 are techical efficiecy oly, ot for scale efficiecy, ad DMU 5 are either techical efficiecy or scale efficiecy. Therefore, these three uits have potetial for improvemet. Below to example for DMU 5 for proectio-aalysis, ad the results are show i Table 4. Types of Idicator TABLE 4 RESULTS OF PROJECTION ON DMU 5 Actual value Proectio value Proectio Distace Chage rate x 1 8.89 4.33 4.56 51.3% x 2 287.3 21311.42 7388.61 25.7% x 3 1 7.969 2.31 25.5% y 1 12.2 12.2 y 2 95.6 11.3-5.7-6.% TABLE 5 RESULTS FOR SUPER-EFFICIENCY VALUE ANALYSIS DMU 1 2 4 6 8 C 2 R Efficiecy Value 1. 1. 1. 1. 1. S-C 2 R Efficiecy Value 1.24 1.388 1.91 1.153 1.198 Data from Table 3 ad Table 4 show that the DMU 5 s overall efficiecy is 72.9%, while maitaiig the curret coditio of the iput-output efficiecy, to compare proectio value ad the origial value, its various iputs idicators ca be reduced 51.3%, 25.7% ad 25.5 % respectively. Meawhile, the first item of DMU 5 s output idicators has reached optimum; the proectio value of the secod item is egative, which idicate that uder the existig iputs coditios, the output of this item is isufficiet, ad it should also be able to ehace 5.7 poits for the evaluatio score. FIG. 2 COMPARISON CHART FOR THE RELATIVE EFFICIENCY OF C 2 R MODEL AND S-C 2 R MODEL Through the above data, maagers ca aalyse the reasos for isufficiet of the ISSM efficiecy, figure out some problematic aspects, rather tha relyig o a higher ivestmet to improve the level for ISSM. Apply the S-C 2 R model to deal with all of the efficiecy value of the DMU was 1 i Table 3. The results are show i Table 5. - 144 -
All of DMUs are sorted by the efficiecy value of S-C 2 R as follows: DMU 2 > DMU 1 > DMU 8 > DMU 6 > DMU 4 > DMU 7 > DMU 5 > DMU 3. From Figure 2, it is easy to kow that i values of all eight uits for the ISSM efficiecy, the 2d uit is the highest ad the 3rd uit is the lowest. 4 CONCLUSIONS I this paper, used the assessmet for the CPISS as applicatio backgroud, the first from the poit of view with iput-output ratio, by establishig iput-output idicators ad the establishmet of a DEA model of the ISSM efficiecy, ad usig this model gave the relative efficiecy value of each uit. Secodly, through the proectio results, aalysed the reaso about the relative efficiecy of a uit was the o-dea efficiecy, ad calculated the degree of iput redudacy ad output isufficiet. Fially, by virtue of S-C 2 R model, aalysed ad sorted the efficiecy value of each uit for ISSM based o their super-efficiecy value. The results show that the itegrated use of DEA model ad S-C 2 R model ad proectio aalysis for the ISSM efficiecy ca solve the issue that difficult to distiguish the situatio of the ISSM efficiecy betwee uits uder the same classified protectio, ad ca help maagers to further clarify the improvemet goals ad optimize the allocatio of resources for iformatio systems security maagemet. ACKNOWLEDGMENT I would like to express my gratitude to all those who helped me durig the writig of this thesis. I gratefully ackowledge the help of my supervisor Professor She Yogu. I do appreciate his patiece, ecouragemet, ad professioal istructios durig my thesis writig. Also, I would like to thak Teacher Zhag Guidog ad Ms Zhou Qi, who kidly gave me a had whe I was collectig evaluatio data. Last but ot the least, my gratitude also exteds to my family who have bee assistig, supportig ad carig for me all of my life. REFERENCES [1] Yahua Yag, Yogu She, Guidog Zhag ad Ga Yu. The Gradig Scheme Based o Fuzzy Comprehesive Evaluatio ad Aalytic Hierarchy Process for Classified Protectio of Iformatio System. 214 ICSESS, Jue 27-29, 214, Beiig [2] A. Chares, W.W. Cooper, E. Rhodes. Measurig the efficiecy of decisio makig uits. Europea Joural of Operatioal Research 1978(2), 429-444 [3] Qualig Wei. Data evelopmet aalysis model for evaluatig the relative effectiveess. [M] Beiig: Chia Remi Uiversity Press Co. LTD, 212 [4] P. Aderse ad N. C. Peterse, A procedure for rakig efficiet uits i data evelopmet aalysis, Maage-met Sciece, Vol. 39, pp. 1261 1264, 1993 [5] Huahui Ya, Jigchua Cui. A Method for Solvig Optimal Iput-Output Weight i Origial CCR Model of DEA. Operatios Research ad Maagemet Sciece [J], 213(12) [6] Liag Li, Jigchua Cui. Selectio of iput-output items ad data disposal i DEA. Joural of Systems Egieerig, 23(6) [7] Zhipig Che, Ruiyue Li. Mai methods for the mutual fud performace evaluatio based o DEA models. Joural of Systems Egieerig [J], 25, 2:73-83 AUTHOR Jig Gao (1984 - ), male, Master Degree Cadidate, ad the mai research areas are iformatio security ad iformatio maagemet. - 145 -