A VIKOR technique based on DEMATEL and ANP for information security risk control assessment

被引:171
|
作者
Yang, Yu-Ping Ou [1 ]
Shieh, How-Ming [1 ,2 ]
Tzeng, Gwo-Hshiung [3 ,4 ]
机构
[1] Natl Cent Univ, Dept Business Adm, Chung Li City 320, Taiwan
[2] Natl Cent Univ, Dept Informat Management, Chung Li City 320, Taiwan
[3] Kainan Univ, Dept Informat Management, Tao Yuan 338, Taiwan
[4] Natl Chiao Tung Univ, Inst Management Technol, Hsinchu 300, Taiwan
来源
INFORMATION SCIENCES | 2013年 / 232卷
关键词
VIKOR; Analytic network process (ANP); DEMATEL; Multiple criteria decision making (MCDM); Information security; Risk control assessment; ANALYTIC NETWORK PROCESS; SELECTION;
D O I
10.1016/j.ins.2011.09.012
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
As companies and organizations have grown to rely on their computer systems and networks, the issue of information security management has become more significant. To maintain their competitiveness, enterprises should safeguard their information and try to eliminate the risk of information being compromised or reduce this risk to an acceptable level. This paper proposes an information security risk-control assessment model that could improve information security for these companies and organizations. We propose an MCDM model combining VIKOR, DEMATEL, and ANP to solve the problem of conflicting criteria that show dependence and feedback. In addition, an empirical application of evaluating the risk controls is used to illustrate the proposed method. The results show that our proposed method can be effective in helping IT managers validate the effectiveness of their risk controls. (C) 2011 Elsevier Inc. All rights reserved.
引用
收藏
页码:482 / 500
页数:19
相关论文
共 50 条
  • [41] Information Security Risk Assessment in Critical Infrastructure: A Hybrid MCDM Approach
    Turskis, Zenonas
    Goranin, Nikolaj
    Nurusheva, Assel
    Boranbayev, Seilkhan
    INFORMATICA, 2019, 30 (01) : 187 - 211
  • [42] Empirical Study on the Transparency of Security Risk Information in Chinese Listed Pharmaceutical Enterprises Based on the ANP-DS Method
    Wang, Jining
    Guo, Chong
    Chen, Tingqiang
    JOURNAL OF HEALTHCARE ENGINEERING, 2020, 2020
  • [43] Information Flow-Based Security Levels Assessment for Access Control Systems
    Boulares, Sofiene
    Adi, Kamel
    Logrippo, Luigi
    E-TECHNOLOGIES, MCETECH 2015, 2015, 209 : 105 - 121
  • [44] Identifying core control items of information security management and improvement strategies by applying fuzzy DEMATEL
    Ho, Li-Hsing
    Hsu, Ming-Tsai
    Yen, Tieh-Min
    INFORMATION AND COMPUTER SECURITY, 2015, 23 (02) : 161 - 177
  • [45] Risk Assessment of Enterprises Information Security Based on Fuzzy Set and Entropy Weight
    Wang, Yi
    Yuan, Jia-hang
    Zhang, Jian-ye
    Li, Cun-bin
    4TH INTERNATIONAL CONFERENCE ON ECONOMICS AND MANAGEMENT (ICEM), 2017, : 337 - 342
  • [46] A design for information security risk evaluation and control platform based on audit Methodology
    Wei, Zhong
    Ye, Ming
    PROCEEDINGS OF THE 2007 CONFERENCE ON SYSTEMS SCIENCE, MANAGEMENT SCIENCE AND SYSTEM DYNAMICS: SUSTAINABLE DEVELOPMENT AND COMPLEX SYSTEMS, VOLS 1-10, 2007, : 2281 - 2285
  • [47] The Validity of Information Security Risk Assessment Methods for Organizations
    L. V. Astakhova
    Scientific and Technical Information Processing, 2020, 47 : 241 - 247
  • [48] A Novel Security Risk Assessment Model for Information System
    Lv, Huiying
    2ND IEEE INTERNATIONAL CONFERENCE ON ADVANCED COMPUTER CONTROL (ICACC 2010), VOL. 4, 2010, : 282 - 287
  • [49] Assessment Model and Method Research of Information Security Risk
    Lu Zhen
    Xiong Zhen
    Tu Keqin
    FRONTIERS OF MANUFACTURING AND DESIGN SCIENCE IV, PTS 1-5, 2014, 496-500 : 2170 - +
  • [50] A new quantitative approach for information security risk assessment
    Asosheh, Abbas
    Dehmoubed, Bijan
    Khani, Amir
    2009 2ND IEEE INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND INFORMATION TECHNOLOGY, VOL 2, 2009, : 222 - +
12345