2016
DOI: 10.7160/aol.2016.080102
|View full text |Cite
|
Sign up to set email alerts
|

Information Security Management: ANP Based Approach for Risk Analysis and Decision Making

Abstract: In information systems security, the objectives of risk analysis process are to help to identify new threats and vulnerabilities, to estimate their business impact and to provide a dynamic set of tools to control the security level of the information system. The identification of risk factors as well as the estimation of their business impact require tools for assessment of risk with multi-value scales according to different stakeholders' point of view. Therefore, the purpose of this paper is to model risk ana… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
8
0

Year Published

2020
2020
2021
2021

Publication Types

Select...
4
1

Relationship

0
5

Authors

Journals

citations
Cited by 5 publications
(8 citation statements)
references
References 8 publications
0
8
0
Order By: Relevance
“…Exceptions are Lo and Chen [50] and Brožová et al [51], who used an ANP approach to capture dependencies. Lo and Chen [50], Brožová et al [51] and the four papers using a bayesian network approach [83][84][85][86] are the only papers that considered dependencies between metrics. Interestingly, all of these papers were published in 2016 or earlier.…”
Section: Resultsmentioning
confidence: 99%
See 2 more Smart Citations
“…Exceptions are Lo and Chen [50] and Brožová et al [51], who used an ANP approach to capture dependencies. Lo and Chen [50], Brožová et al [51] and the four papers using a bayesian network approach [83][84][85][86] are the only papers that considered dependencies between metrics. Interestingly, all of these papers were published in 2016 or earlier.…”
Section: Resultsmentioning
confidence: 99%
“…Nevertheless, aggregation using basic approaches such as WLC is prevalent, with 42 of our 60 inclusions using this aggregation technique. We observed a clear lack of dependency consideration among metrics, which could be solved using Bayesian network [83][84][85][86] or ANP techniques [50,51]. Our cybersecurity framework presented in Table 10 provides clear guidance on which aggregation strategies suit which SME categories.…”
Section: Discussionmentioning
confidence: 99%
See 1 more Smart Citation
“…AHP is conceptually and practically simple, but in its hierarchical structure, its elements whose interactions are ignored are assumed to be independent of each other; it is not consistent with many real-world problems (Montesinos-Valera et al, 2017). Overcoming the limitations of AHP, ANP can incorporate more complex dependencies and interactions between elements within a decision context (Brožová et al, 2016;Hornická and Brožová, 2013). In conventional methods of MCDM such as AHP and ANP, however, the relative importance of criteria, sub-criteria, and alternatives is expressed as exact (crisp) numbers.…”
Section: Methodsmentioning
confidence: 99%
“…value of the j-th indicator of the information security threat index in the context of the i-th country, reduced to the dimensionless Harrington-Mencher desirability scale; min ij i Z -the minimum value of the normalized j-th indicator of the information security threat index in the context of the i-th country; max ij i Z -the maximum value of the normalized j-th indicator of the information security threat index in the context of the i-th country.The second type of the curve: S-shaped growth, asymmetric curve with rapid initial growth:(4) …”
mentioning
confidence: 99%