Multicriteria analysis of the compliance for the improvement of information security

Solana-González, Pedro; Vanti, Adolfo Alberto; Fontana, Karen Hackbart Souza

doi:10.4301/s1807-1775201916007

Cited by 3 publications

(4 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A generalized comparison of the methods is given in Table 4. It is worth noting that the AHP method is very often used in scientific articles in the engineering field [34]. This method uses the hierarchical structure of the problem, breaking the problem into smaller parts and, consequently, evaluating all aspects of the problem [35].…”

Section: Comparison Of Mcdm Methodsmentioning

confidence: 99%

Application of Multicriteria Methods for Improvement of Information Security Metrics

et al. 2023

View full text Add to dashboard Cite

Metrics are a set of numbers that are used to obtain information about the operation of a process or system. In our case, metrics are used to assess the level of information security of information and communication infrastructure facilities. Metrics in the field of information security are used to quantify the possibility of damage due to unauthorized hacking of an information system, which make it possible to assess the cyber sustainability of the system. The purpose of the paper is to improve information security metrics using multicriteria decision–making methods (MCDM). This is achieved by proposing aggregated information security metrics and evaluating the effectiveness of their application. Classical information security metrics consist of one size or one variable. We obtained the total value by adding at least two different metrics and evaluating the weighting factors that determine their importance. This is what we call aggregated or multicriteria metrics of information security. Consequently, MCDM methods are applied to compile aggregated metrics of information security. These are derived from expert judgement and are proposed for the three management domains of the ISO/IEC 27001 information security standard. The proposed methods for improving cyber sustainability metrics are also relevant to information security metrics. Using AHP, WASPAS and Fuzzy TOPSIS methods to solve the problem, the weights of classical metrics are calculated and three aggregated metrics are proposed. As a result, to confirm the fulfilment of the task of improving information security metrics, a verification experiment is conducted, during which aggregated and classical information security metrics are compared. The experiment shows that the use of aggregated metrics can be a more convenient and faster process and higher intelligibility is also achieved.

show abstract

Section: Comparison Of Mcdm Methodsmentioning

confidence: 99%

Application of Multicriteria Methods for Improvement of Information Security Metrics

et al. 2023

View full text Add to dashboard Cite

show abstract

“…b-Information Security Management System (ISMS) An Information Security Management System (ISMS) is a set of policies, procedures, and guidelines that help organizations manage their information security risks, protect their critical data, and ensure the confidentiality, integrity, and availability of their information (Solana-González, 2019). ISMS is based on the principle of continuous improvement, which means that organizations must regularly review and update their information security policies and procedures to adapt to changes in the threat landscape and ensure that they remain effective (Solana-González, 2019;Al-Dhahri, 2017). The implementation of an ISMS is not only important for protecting an organization's information assets but is also a requirement for compliance with various industry standards and regulations.…”

Section: -Backgroundmentioning

confidence: 99%

“…Examples of such standards include ISO 27001, which is an international standard for information security management, and the Payment Card Industry Data Security Standard (PCI DSS), which is a set of requirements for organizations that handle payment card data (Berisha-Shaqiri, 2014). Overall, an ISMS is a critical component of a strong cybersecurity posture, helping organizations manage risks and protect their operations and reputation (Pedro, 2019). c. Cyber Security Standards Cybersecurity standards are sets of guidelines, procedures, and practices that help organizations to protect their computer systems, networks, and data from unauthorized access, theft, damage, or other cyber threats.…”

Section: -Backgroundmentioning

confidence: 99%

The Security Issues in The Analysis of Information Management Systems

Shareef,

Alkhazaali

2023

JSR

View full text Add to dashboard Cite

The security issue in the design of information management systems is considered one of the vital issues, in the era of information technology and the information revolution, securing information has become a very necessary requirement. In this paper, the issue of analyzing information management systems was discussed with an emphasis on the security aspect of the analysis process. It is not possible to build and design information management systems without analyzing the full requirements of these systems, including security requirements. The analysis phase is useful to developers in studying and analyzing all system requirements to avoid potential risks, including security risks. It is necessary to try to avoid serious information breaches. If this happens, it is important for the system to have a specific mechanism to detect them and reduce the damage that resulted from them, as well as knowing the reason for their occurrence. Developing a layer of analysis of the security requirements at each stage of the analysis and developing a specific mechanism to detect violations that may occur to the system will be sufficient to increase the reliability of these systems.

show abstract

“…Guo et al discuss privacy in the context of self-governance and social networks [47]. From the perspective of ISO/IEC 27002:2013, Solana-González et al found that practices related to privacy and protection of personal identifiable information play the least role in the decision-making process related to improvements in information security requirements in organizations [48]. The scarcity of work on privacy and IT governance and evidence such as that found in Solana-González et al's research signals for future studies.…”

Section: Further Workmentioning

confidence: 99%

A Methodology for Creating a Macro Action Plan to Improve IT Use and Its Governance in Organizations

et al. 2020

View full text Add to dashboard Cite

Information Technologies represent a primary instrument in all types of organizations. However, their use is not always well planned in the public sector. The research proposes a methodology to build a realistic action plan that improves the use of information technology and its governance in public organizations. We conduct a case study using semi-structured interviews to investigate the different views of 8 decision-makers regarding the use of IT and its governance. The findings were analyzed systematically and synthesized into a set of perspectives on the subject. An interference matrix reveals how each view interferes and receives positive and/or negative interference from the others. Based on the matrix, the methodology applies criteria to prioritize the perspectives with the highest potential to improve the use of IT and its governance. The final product of the methodology is an action plan aligned with the vision of the institution’s decision-makers. The plan requires little effort to improve the use of IT and its governance. Seventeen views related to the use of IT and its governance emerged from the interviews. Four views that do not cause or receive harmful interference from other perspectives were selected to guide the plan elaboration. The methodology proved to be efficient for creating an action plan adapted to the institutional reality. According to the managers, the action plan represents with high precision the most urgent needs of the organization, respecting its work capacity and available resources for a project to improve the use of IT and its governance.

show abstract

Multicriteria analysis of the compliance for the improvement of information security

Cited by 3 publications

References 41 publications

Application of Multicriteria Methods for Improvement of Information Security Metrics

Application of Multicriteria Methods for Improvement of Information Security Metrics

The Security Issues in The Analysis of Information Management Systems

A Methodology for Creating a Macro Action Plan to Improve IT Use and Its Governance in Organizations

Contact Info

Product

Resources

About