With the advent of cloud computing and wireless sensor networks, the number of cyberattacks has rapidly increased. Therefore, the proportionate security of networks has become a challenge for organizations. Information security advisors of organizations face difficult and complex decisions in the evaluation and selection of information security controls that permit the defense of their resources and assets. Information security controls must be selected based on an appropriate level of security. However, their selection needs intensive investigation regarding vulnerabilities, risks, and threats prevailing in the organization as well as consideration of the implementation, mitigation, and budgetary constraints of the organization. The goal of this paper was to improve the information security control analysis method by proposing a formalized approach, i.e., fuzzy Analytical Hierarchy Process (AHP). This approach was used to prioritize and select the most relevant set of information security controls to satisfy the information security requirements of an organization. We argue that the prioritization of the information security controls using fuzzy AHP leads to an efficient and cost-effective assessment and evaluation of information security controls for an organization in order to select the most appropriate ones. The proposed formalized approach and prioritization processes are based on International Organization for Standardization and the International Electrotechnical Commission (ISO/IEC) 27001:2013. But in practice, organizations may apply this approach to any information security baseline manual. Under many contradictory obstacles, the decisions made by humans are not reliable, because the human brain is only capable of evaluating and acting on a limited amount of information at any given moment [17]. To help decision makers solve actual problems for organizations, Thomas Sati (1980) [23] introduced the Analytical Hierarchy Process (AHP). This approach is based on the comparison of pairs between an alternative and a best possible alternative. The strength of the AHP lies in its neutral and logical classification and its flexibility to integrate various functions such as the deployment of quality functions, linear programming, and fuzzy. The benefit of the AHP methodology in conjunction with fuzzy logic is called fuzzy AHP which is the most important method of the multi-criteria decision-making methodology for various types of applications [24]. The fuzzy AHP approach helps to make decisions with various inclinations, fuzziness, and vulnerability. Research has shown the fuzzy AHP philosophy and furthered the supreme utilization of it [25]. It is practical for dealing with uncertainty, complexity, and decision making for complex issues of a controversial nature [26].The structure of the article is as follows: Section 2 is related to the integration of wireless sensor networks with cloud computing. Section 3 reviews previous approaches for the selection of ISCs in organizations. Section 4 presents the AHP, and...
