An information asset priority evaluation method with analytic network process

被引:1
作者
Liu Y. [1 ]
Mu D. [1 ]
机构
[1] School of Automation, Northwestern Polytechnical University, Xi'an
来源
Information Services and Use | 2023年 / 43卷 / 01期
关键词
analytic network process; asset valuation; decision criteria; Information security;
D O I
10.3233/ISU-220172
中图分类号
学科分类号
摘要
IT infrastructures are indispensable parts of today's organizations, and keeping them secure is very important for successfully running the business. Due to the complexity of information infrastructure and network topology, traditional security measures no longer meet the security needs of current enterprises. Therefore, the holistic information security management analysis method has received extensive attention. An important task of these holistic security analysis methods is to analyze the value of assets so that IT managers can effectively allocate resources to protect the information infrastructure. Most of the current asset valuation methods are based on analyzing the dependencies between assets. In some cases, the dependencies are not easy to find, which makes the evaluation results inaccurate. Therefore, we propose model with analytic network process network (ANP) to evaluate the value of assets. This method not only considers the security factors and considers the importance of the assets to the business as well. It can evaluate the value of the assets and prioritize them, which can help the system administrator in making the decision for security enhancement. © 2023 - IOS Press. All rights reserved.
引用
收藏
页码:19 / 25
页数:6
相关论文
共 12 条
[1]  
Turskis Z., Goranin N., Nurusheva A., Boranbayev S., Information security risk assessment in critical infrastructure: A hybrid MCDM approach, Informatica, 30, 1, pp. 187-211, (2019)
[2]  
Jouini M., Rabai L.B.A., Aissa A.B., Classification of security threats in information systems, Procedia Computer Science, 32, pp. 489-496, (2014)
[3]  
Breier J., Schindler F., Assets dependencies model in information security risk management, Information and Communication Technology-EurAsia Conference, pp. 405-412, (2014)
[4]  
Soomro Z.A., Shah M.H., Ahmed J., Information security management needs more holistic approach: A literature review, International Journal of Information Management, 36, 2, pp. 215-225, (2016)
[5]  
Belov V.M., Pestunov A.I., Pestunova T.M., On the issue of information security risks assessment of business processes, 2018 XIV International Scientific-Technical Conference on Actual Problems of Electronics Instrument Engineering (APEIE), pp. 136-139, (2018)
[6]  
Leung H., An asset valuation approach using fuzzy logic, Multisensor, Multisource Information Fusion: Architectures, Algorithms, and Applications 2015, 9498, (2015)
[7]  
Beaudoin L., Eng P., Asset valuation technique for network management and security, Sixth IEEE International Conference on Data Mining-Workshops (ICDMW'06), pp. 718-721, (2006)
[8]  
Kim A., Kang M.H., Determining asset criticality for cyber defense, (2011)
[9]  
Loloei I., Shahriari H.R., Sadeghi A., A model for asset valuation in security risk analysis regarding assets' dependencies, 20th Iranian Conference on Electrical Engineering (ICEE2012), pp. 763-768, (2012)
[10]  
Su C., Li Y., Mao W., Hu S., Information network risk assessment based on AHP and neural network, 2018 10th International Conference on Communication Software and Networks (ICCSN), pp. 227-231, (2018)
12