Combination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment

The organizations utilizing the cloud computing services are required to select suitable Information Security Controls (ISCs) to maintain data security and privacy. Many organizations bought popular products or traditional tools to select ISCs. However, selecting the wrong information security contr...

Full description

Autores:: Tariq, Muhammad Imran
Tayyaba, Shahzadi
Ali Mian, Natash
Sarfraz, Muhammad Shahzad
De-la-Hoz-Franco, Emiro
Butt, Shariq Aziz
Santarcangelo, Vito
Rad, Dana V

Tipo de recurso:: Article of journal

Fecha de publicación:: 2020

Institución:: Corporación Universidad de la Costa

Repositorio:: REDICUC - Repositorio CUC

Idioma:: eng

id	RCUC2_7c923c2cb1f8dffc46470fd94c3a93ea
oai_identifier_str	oai:repositorio.cuc.edu.co:11323/7314
network_acronym_str	RCUC2
network_name_str	REDICUC - Repositorio CUC
repository_id_str
dc.title.spa.fl_str_mv	Combination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment
title	Combination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment
spellingShingle	Combination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment Information security Analytical Hierarchy Process TOPSIS fuzzy logic MCDM MADM
title_short	Combination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment
title_full	Combination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment
title_fullStr	Combination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment
title_full_unstemmed	Combination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment
title_sort	Combination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment
dc.creator.fl_str_mv	Tariq, Muhammad Imran Tayyaba, Shahzadi Ali Mian, Natash Sarfraz, Muhammad Shahzad De-la-Hoz-Franco, Emiro Butt, Shariq Aziz Santarcangelo, Vito Rad, Dana V
dc.contributor.author.spa.fl_str_mv	Tariq, Muhammad Imran Tayyaba, Shahzadi Ali Mian, Natash Sarfraz, Muhammad Shahzad De-la-Hoz-Franco, Emiro Butt, Shariq Aziz Santarcangelo, Vito Rad, Dana V
dc.subject.spa.fl_str_mv	Information security Analytical Hierarchy Process TOPSIS fuzzy logic MCDM MADM
topic	Information security Analytical Hierarchy Process TOPSIS fuzzy logic MCDM MADM
description	The organizations utilizing the cloud computing services are required to select suitable Information Security Controls (ISCs) to maintain data security and privacy. Many organizations bought popular products or traditional tools to select ISCs. However, selecting the wrong information security control without keeping in view severity of the risk, budgetary constraints, measures cost, and implementation and mitigation time may lead to leakage of data and resultantly, organizations may lose their user’s information, face financial implications, even reputation of the organization may be damaged. Therefore, the organizations should evaluate each control based on certain criteria like implementation time, mitigation time, exploitation time, risk, budgetary constraints, and previous effectiveness of the control under review. In this article, the authors utilized the methodologies of the Multi Criteria Decision Making (MCDM), Analytic Hierarchy Process (AHP) and Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) to help the cloud organizations in the prioritization and selection of the best information security control. Furthermore, a numerical example is also given, depicting the step by step utilization of the method in cloud organizations for the prioritization of the information security controls.
publishDate	2020
dc.date.accessioned.none.fl_str_mv	2020-11-14T21:34:08Z
dc.date.available.none.fl_str_mv	2020-11-14T21:34:08Z
dc.date.issued.none.fl_str_mv	2020
dc.type.spa.fl_str_mv	Artículo de revista
dc.type.coar.fl_str_mv	http://purl.org/coar/resource_type/c_2df8fbb1
dc.type.coar.spa.fl_str_mv	http://purl.org/coar/resource_type/c_6501
dc.type.content.spa.fl_str_mv	Text
dc.type.driver.spa.fl_str_mv	info:eu-repo/semantics/article
dc.type.redcol.spa.fl_str_mv	http://purl.org/redcol/resource_type/ART
dc.type.version.spa.fl_str_mv	info:eu-repo/semantics/acceptedVersion
format	http://purl.org/coar/resource_type/c_6501
status_str	acceptedVersion
dc.identifier.uri.spa.fl_str_mv	https://hdl.handle.net/11323/7314
dc.identifier.doi.spa.fl_str_mv	http://doi.org/10.3233/JIFS-179692
dc.identifier.instname.spa.fl_str_mv	Corporación Universidad de la Costa
dc.identifier.reponame.spa.fl_str_mv	REDICUC - Repositorio CUC
dc.identifier.repourl.spa.fl_str_mv	https://repositorio.cuc.edu.co/
url	https://hdl.handle.net/11323/7314 http://doi.org/10.3233/JIFS-179692 https://repositorio.cuc.edu.co/
identifier_str_mv	Corporación Universidad de la Costa REDICUC - Repositorio CUC
dc.language.iso.none.fl_str_mv	eng
language	eng
dc.relation.references.spa.fl_str_mv	A. Barabanov, A. Markov and V. Tsirlov, Information Security Controls against Cross-Site Request Forgery Attacks on Software Applications of Automated Systems, in: IOP Publishing, (2018), pp. 042034. E. Pricop, S.F. Mihalache, N. Paraschiv, J. Fattahi and F. Zamfir, Considerations regarding security issues impact on systems availability, in: 2016 8th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), IEEE, (2016), pp. 1–6. E. Pricop and S.F. Mihalache, Assessing the security risks of a wireless sensor network from a gas compressor station, in: IEEE, (2014), pp. 45–50. M.I. Tariq, S. Tayyaba, M.W. Ashraf, H. Rasheed and F. Khan, Analysis of NIST SP 800-53 Rev. 3 Controls Effectiveness for Cloud Computing, in: 1st National Conference on Emerging Trends and Innovations in Computing & Technology, Bahria University, Karachi, Karachi, (2016), pp. 88–92. M.I. Tariq, Towards information security metrics framework for cloud computing, International Journal of Cloud Computing and Services Science 1 (2012), 209. H. Khajouei, M. Kazemi and S.H. Moosavirad, Ranking information security controls by using fuzzy analytic hierarchy process, Information Systems and E-Business Management 15 (2017), 1–19. M.I. Tariq, S. Tayyaba, M.W. Ashraf and H. Rasheed, Risk Based NIST Effectiveness Analysis for Cloud Security, Bahria University Journal of Information & Communication Technologies (BUJICT) 10 (2017). M.I. Tariq, S. Tayyaba, H. Rasheed and M.W. Ashraf, Factors influencing the Cloud Computing adoption in Higher Education Institutions of Punjab, Pakistan, in:IEEE, (2017), pp. 179–184. F. Rahimian, A. Bajaj and W. Bradley, Estimation of deficiency risk and prioritization of information security controls: A data-centric approach, International Journal of Accounting Information Systems 20 (2016), 38–64. S.A. Butt, M.I. Tariq, T. Jamal, A. Ali, J.L.D. Martinez and E. De-La-Hoz-Franco, Predictive Variables for Agile Devel opment Merging Cloud Computing Services, IEEE Access 7 (2019), 99273–99282. M.I. Tariq, Agent Based Information Security Framework for Hybrid Cloud Computing,KSII Transactions on Internet & Information Systems 13 (2019). A. Hafezalkotob, A. Hafezalkotob, H. Liao and F. Her697 rera, An overview of MULTIMOORA for multi-criteria decision-making: Theory, developments, applications, and challenges, Information Fusion 51 (2019), 145–177. A. Trivedi, S. Jha, S. Choudhary and R. Shandley, Fuzzy TOPSIS Multi-criteria Decision Making for Selection of Electric Molding Machine, in: Innovations in Computer Science and Engineering, Springer, (2019), pp. 325–332. B. Javaid, M.A. Arshad, S. Ahmad and S.A.A. Kazmi, Comparison of Different Multi Criteria Decision Analysis Techniques for Performance Evaluation of Loop Configured Micro Grid, in: IEEE, (2019), pp. 1–7. T.L. Saaty, What is the analytic hierarchy process?, in: Mathematical Models for Decision Support, Springer, (1988), pp. 710 109–121. T.L. Saaty, A scaling method for priorities in hierarchical structures, Journal of Mathematical Psychology 15 (1977), 234–281 T.L. Saaty, The analytical hierarchy process, planning, priority, Resource Allocation. RWS Publications, USA. (1980). T.L. Saaty, Decision making with the analytic hierarchy process, International Journal of Services Sciences 1 (2008), 718 83–98. M. Mahmoudzadeh and A. Bafandeh, A new method for consistency test in fuzzy AHP, Journal of Intelligent & Fuzzy Systems 25 (2013), 457–461. P. Pandey, and R. Litoriya, Fuzzy AHP based identification model for efficient application development, Journal of Intelligent & Fuzzy Systems (n.d.), 1–12. D. Yong, Plant location selection based on fuzzy TOPSIS, The International Journal of Advanced Manufacturing Technology 28 (2006), 839–844. K. Khalif, K.M. Naim, A. Gegov, A. Bakar and A. Syafadhli, Hybrid fuzzy MCDM model for Z-numbers using intuitive vectorial centroid, Journal of Intelligent & Fuzzy Systems 33 (2017), 791–805. B. Ashtiani, F. Haghighirad, A. Makui and G. ali Montazer, Extension of fuzzy TOPSIS method based on interval734 valued fuzzy sets, Applied Soft Computing 9 (2009), 457–461. B. Ashtiani, F. Haghighirad, A. Makui and G. ali Montazer, Extension of fuzzy TOPSIS method based on interval valued fuzzy sets, Applied Soft Computing 9 (2009), 457–461. F.R.L. Junior, L. Osiro and L.C.R. Carpinetti, A comparison between Fuzzy AHP and Fuzzy TOPSIS methods to supplier selection, Applied Soft Computing 21 (2014), 194–209. Y. Beikkhakhian, M. Javanmardi, M. Karbasian and B. Khayambashi, The application of ISM model in evaluating agile suppliers selection criteria and ranking suppliers using fuzzy TOPSIS-AHP methods, Expert Systems with Applications 42 (2015), 6224–6236. L. Barnard and R. Von Solms, A formalized approach to the effective selection and evaluation of information security controls, Computers & Security 19 (2000), 185–194. A.R. Otero, G. Tejay, L.D. Otero and A.J. Ruiz-Torres, A fuzzy logic-based information security control assessment for organizations, in: IEEE, (2012), pp. 1-6 A. Ejnioui, A.R. Otero, G. Tejay, C. Otero and A. Qureshi, A Multi-attribute Evaluation of Information Security Controls in Organizations Using Grey Systems Theory, in: The Steering Committee of The World Congress in Computer Science, Computer ..., (2012), pp. 1. J. Breier and L. Hudec, On Selecting Critical Security Controls, in: 2013 International Conference on Availability, Reliability and Security, IEEE, Regensburg, Germany, (2013), pp. 582–588. doi:10.1109/ARES.2013.77 J.J. Lv, Y.S. Zhou and Y.Z. Wang, A Multi-criteria Evaluation Method of Information Security Controls, in: 2011 Fourth International Joint Conference on Computational Sciences and Optimization, (2011), pp. 190–194. doi:10.1109/CSO.2011.43 A.R. Otero, C.E. Otero and A. Qureshi, A Multi-Criteria Evaluation of Information Security Controls Using Boolean Features, International Journal of Network Security & Its Applications 2 (2010), 1–11. doi:10.5121/ijnsa.2010.2401 N. Al-Safwani, S. Hassan and N. Katuk, A Multiple Attribute Decision Making for Improving Information Security Control Assessment, International Journal of Computer Applications 89 (2014), 19–24. doi:10.5120/15482-4222 772 A.R. Otero, An Information Security Control Assessment Methodology for Organizations, (2014), 176. A.R. Otero, An information security control assessment methodology for organizations’ financial information, International Journal of Accounting Information Systems 18 (2015), 26–45. doi:10.1016/j.accinf.2015.06.001 A.R. Otero, A. Ejnioui, C.E. Otero and G. Tejay, Evaluation of information security controls in organizations by grey relational analysis, International Journal of Dependable and Trustworthy Information Systems (IJDTIS) 2 (2011), 36–54. A.M. Muiyuro, An Information technology controls evaluation prototype for financial institutions in Kenya, (2017). T. Llanso, CIAM: A data-driven approach for selecting and prioritizing security controls, in: IEEE, (2012), pp. 1–8. L. Almeida and A. Resp´ıcio, Decision support for selecting information security controls, Journal of Decision Systems 27 (2018), 173–180. doi:10.1080/12460125.2018.1468177 J. Waxler, Prioritizing Security Controls Using Multiple Criteria Decision Making for Home Users, (2018). K.K. Choo, S. Mubarak and D. Mani, Selection of information security controls based on AHP and GRA, in: Pacific Asia Conference on Information Systems, 2014. I. Yevseyeva, F.V. Basto, A. van Moorsel, H. Janicke and T. Michael, Two-stage security controls selection, Procedia Computer Science 100 (2016), 8. T.L. Saaty, The analytic hierarchy process McGraw-Hill, New York 324 (1980).
dc.rights.spa.fl_str_mv	Attribution-NonCommercial-NoDerivatives 4.0 International
dc.rights.uri.spa.fl_str_mv	http://creativecommons.org/licenses/by-nc-nd/4.0/
dc.rights.accessrights.spa.fl_str_mv	info:eu-repo/semantics/openAccess
dc.rights.coar.spa.fl_str_mv	http://purl.org/coar/access_right/c_abf2
rights_invalid_str_mv	Attribution-NonCommercial-NoDerivatives 4.0 International http://creativecommons.org/licenses/by-nc-nd/4.0/ http://purl.org/coar/access_right/c_abf2
eu_rights_str_mv	openAccess
dc.format.mimetype.spa.fl_str_mv	application/pdf
dc.publisher.spa.fl_str_mv	Corporación Universidad de la Costa
dc.source.spa.fl_str_mv	Journal of Intelligent & Fuzzy Systems
institution	Corporación Universidad de la Costa
dc.source.url.spa.fl_str_mv	https://content.iospress.com/articles/journal-of-intelligent-and-fuzzy-systems/ifs179692
bitstream.url.fl_str_mv	https://repositorio.cuc.edu.co/bitstreams/6c63ac89-51b3-4814-841d-58f03ccf538d/download https://repositorio.cuc.edu.co/bitstreams/33d46568-2eac-458c-a461-bfaad3b6800a/download https://repositorio.cuc.edu.co/bitstreams/3ea09395-6ec6-479f-ac6d-10ed388dbc58/download https://repositorio.cuc.edu.co/bitstreams/f4a17e5d-eebe-4d80-82bf-75d93d6edab8/download https://repositorio.cuc.edu.co/bitstreams/d76b2019-dfc5-484b-a441-9fcb9f5babd3/download https://repositorio.cuc.edu.co/bitstreams/f77ba253-63a9-4bd7-8f47-5b3280b03ac0/download
bitstream.checksum.fl_str_mv	249d04eded5605c1712358921318840f 4460e5956bc1d1639be9ae6146a50347 e30e9215131d99561d40d6b0abbe9bad c89e52384a60002eaac06be04ecddd3b c89e52384a60002eaac06be04ecddd3b 3669566e82ce45ad726a6335ab850ec4
bitstream.checksumAlgorithm.fl_str_mv	MD5 MD5 MD5 MD5 MD5 MD5
repository.name.fl_str_mv	Repositorio de la Universidad de la Costa CUC
repository.mail.fl_str_mv	repdigital@cuc.edu.co
_version_	1811760832386695168
spelling	Tariq, Muhammad ImranTayyaba, ShahzadiAli Mian, NatashSarfraz, Muhammad ShahzadDe-la-Hoz-Franco, EmiroButt, Shariq AzizSantarcangelo, VitoRad, Dana V2020-11-14T21:34:08Z2020-11-14T21:34:08Z2020https://hdl.handle.net/11323/7314http://doi.org/10.3233/JIFS-179692Corporación Universidad de la CostaREDICUC - Repositorio CUChttps://repositorio.cuc.edu.co/The organizations utilizing the cloud computing services are required to select suitable Information Security Controls (ISCs) to maintain data security and privacy. Many organizations bought popular products or traditional tools to select ISCs. However, selecting the wrong information security control without keeping in view severity of the risk, budgetary constraints, measures cost, and implementation and mitigation time may lead to leakage of data and resultantly, organizations may lose their user’s information, face financial implications, even reputation of the organization may be damaged. Therefore, the organizations should evaluate each control based on certain criteria like implementation time, mitigation time, exploitation time, risk, budgetary constraints, and previous effectiveness of the control under review. In this article, the authors utilized the methodologies of the Multi Criteria Decision Making (MCDM), Analytic Hierarchy Process (AHP) and Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) to help the cloud organizations in the prioritization and selection of the best information security control. Furthermore, a numerical example is also given, depicting the step by step utilization of the method in cloud organizations for the prioritization of the information security controls.Tariq, Muhammad ImranTayyaba, ShahzadiAli Mian, NatashSarfraz, Muhammad ShahzadDe-la-Hoz-Franco, EmiroButt, Shariq AzizSantarcangelo, VitoRad, Dana Vapplication/pdfengCorporación Universidad de la CostaAttribution-NonCommercial-NoDerivatives 4.0 Internationalhttp://creativecommons.org/licenses/by-nc-nd/4.0/info:eu-repo/semantics/openAccesshttp://purl.org/coar/access_right/c_abf2Journal of Intelligent & Fuzzy Systemshttps://content.iospress.com/articles/journal-of-intelligent-and-fuzzy-systems/ifs179692Information securityAnalytical Hierarchy ProcessTOPSISfuzzy logicMCDMMADMCombination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environmentArtículo de revistahttp://purl.org/coar/resource_type/c_6501http://purl.org/coar/resource_type/c_2df8fbb1Textinfo:eu-repo/semantics/articlehttp://purl.org/redcol/resource_type/ARTinfo:eu-repo/semantics/acceptedVersionA. Barabanov, A. Markov and V. Tsirlov, Information Security Controls against Cross-Site Request Forgery Attacks on Software Applications of Automated Systems, in: IOP Publishing, (2018), pp. 042034.E. Pricop, S.F. Mihalache, N. Paraschiv, J. Fattahi and F. Zamfir, Considerations regarding security issues impact on systems availability, in: 2016 8th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), IEEE, (2016), pp. 1–6.E. Pricop and S.F. Mihalache, Assessing the security risks of a wireless sensor network from a gas compressor station, in: IEEE, (2014), pp. 45–50.M.I. Tariq, S. Tayyaba, M.W. Ashraf, H. Rasheed and F. Khan, Analysis of NIST SP 800-53 Rev. 3 Controls Effectiveness for Cloud Computing, in: 1st National Conference on Emerging Trends and Innovations in Computing & Technology, Bahria University, Karachi, Karachi, (2016), pp. 88–92.M.I. Tariq, Towards information security metrics framework for cloud computing, International Journal of Cloud Computing and Services Science 1 (2012), 209.H. Khajouei, M. Kazemi and S.H. Moosavirad, Ranking information security controls by using fuzzy analytic hierarchy process, Information Systems and E-Business Management 15 (2017), 1–19.M.I. Tariq, S. Tayyaba, M.W. Ashraf and H. Rasheed, Risk Based NIST Effectiveness Analysis for Cloud Security, Bahria University Journal of Information & Communication Technologies (BUJICT) 10 (2017).M.I. Tariq, S. Tayyaba, H. Rasheed and M.W. Ashraf, Factors influencing the Cloud Computing adoption in Higher Education Institutions of Punjab, Pakistan, in:IEEE, (2017), pp. 179–184.F. Rahimian, A. Bajaj and W. Bradley, Estimation of deficiency risk and prioritization of information security controls: A data-centric approach, International Journal of Accounting Information Systems 20 (2016), 38–64.S.A. Butt, M.I. Tariq, T. Jamal, A. Ali, J.L.D. Martinez and E. De-La-Hoz-Franco, Predictive Variables for Agile Devel opment Merging Cloud Computing Services, IEEE Access 7 (2019), 99273–99282.M.I. Tariq, Agent Based Information Security Framework for Hybrid Cloud Computing,KSII Transactions on Internet & Information Systems 13 (2019).A. Hafezalkotob, A. Hafezalkotob, H. Liao and F. Her697 rera, An overview of MULTIMOORA for multi-criteria decision-making: Theory, developments, applications, and challenges, Information Fusion 51 (2019), 145–177.A. Trivedi, S. Jha, S. Choudhary and R. Shandley, Fuzzy TOPSIS Multi-criteria Decision Making for Selection of Electric Molding Machine, in: Innovations in Computer Science and Engineering, Springer, (2019), pp. 325–332.B. Javaid, M.A. Arshad, S. Ahmad and S.A.A. Kazmi, Comparison of Different Multi Criteria Decision Analysis Techniques for Performance Evaluation of Loop Configured Micro Grid, in: IEEE, (2019), pp. 1–7.T.L. Saaty, What is the analytic hierarchy process?, in: Mathematical Models for Decision Support, Springer, (1988), pp. 710 109–121.T.L. Saaty, A scaling method for priorities in hierarchical structures, Journal of Mathematical Psychology 15 (1977), 234–281T.L. Saaty, The analytical hierarchy process, planning, priority, Resource Allocation. RWS Publications, USA. (1980).T.L. Saaty, Decision making with the analytic hierarchy process, International Journal of Services Sciences 1 (2008), 718 83–98.M. Mahmoudzadeh and A. Bafandeh, A new method for consistency test in fuzzy AHP, Journal of Intelligent & Fuzzy Systems 25 (2013), 457–461.P. Pandey, and R. Litoriya, Fuzzy AHP based identification model for efficient application development, Journal of Intelligent & Fuzzy Systems (n.d.), 1–12.D. Yong, Plant location selection based on fuzzy TOPSIS, The International Journal of Advanced Manufacturing Technology 28 (2006), 839–844.K. Khalif, K.M. Naim, A. Gegov, A. Bakar and A. Syafadhli, Hybrid fuzzy MCDM model for Z-numbers using intuitive vectorial centroid, Journal of Intelligent & Fuzzy Systems 33 (2017), 791–805.B. Ashtiani, F. Haghighirad, A. Makui and G. ali Montazer, Extension of fuzzy TOPSIS method based on interval734 valued fuzzy sets, Applied Soft Computing 9 (2009), 457–461.B. Ashtiani, F. Haghighirad, A. Makui and G. ali Montazer, Extension of fuzzy TOPSIS method based on interval valued fuzzy sets, Applied Soft Computing 9 (2009), 457–461.F.R.L. Junior, L. Osiro and L.C.R. Carpinetti, A comparison between Fuzzy AHP and Fuzzy TOPSIS methods to supplier selection, Applied Soft Computing 21 (2014), 194–209.Y. Beikkhakhian, M. Javanmardi, M. Karbasian and B. Khayambashi, The application of ISM model in evaluating agile suppliers selection criteria and ranking suppliers using fuzzy TOPSIS-AHP methods, Expert Systems with Applications 42 (2015), 6224–6236.L. Barnard and R. Von Solms, A formalized approach to the effective selection and evaluation of information security controls, Computers & Security 19 (2000), 185–194.A.R. Otero, G. Tejay, L.D. Otero and A.J. Ruiz-Torres, A fuzzy logic-based information security control assessment for organizations, in: IEEE, (2012), pp. 1-6A. Ejnioui, A.R. Otero, G. Tejay, C. Otero and A. Qureshi, A Multi-attribute Evaluation of Information Security Controls in Organizations Using Grey Systems Theory, in: The Steering Committee of The World Congress in Computer Science, Computer ..., (2012), pp. 1.J. Breier and L. Hudec, On Selecting Critical Security Controls, in: 2013 International Conference on Availability, Reliability and Security, IEEE, Regensburg, Germany, (2013), pp. 582–588. doi:10.1109/ARES.2013.77J.J. Lv, Y.S. Zhou and Y.Z. Wang, A Multi-criteria Evaluation Method of Information Security Controls, in: 2011 Fourth International Joint Conference on Computational Sciences and Optimization, (2011), pp. 190–194. doi:10.1109/CSO.2011.43A.R. Otero, C.E. Otero and A. Qureshi, A Multi-Criteria Evaluation of Information Security Controls Using Boolean Features, International Journal of Network Security & Its Applications 2 (2010), 1–11. doi:10.5121/ijnsa.2010.2401N. Al-Safwani, S. Hassan and N. Katuk, A Multiple Attribute Decision Making for Improving Information Security Control Assessment, International Journal of Computer Applications 89 (2014), 19–24. doi:10.5120/15482-4222 772A.R. Otero, An Information Security Control Assessment Methodology for Organizations, (2014), 176.A.R. Otero, An information security control assessment methodology for organizations’ financial information, International Journal of Accounting Information Systems 18 (2015), 26–45. doi:10.1016/j.accinf.2015.06.001A.R. Otero, A. Ejnioui, C.E. Otero and G. Tejay, Evaluation of information security controls in organizations by grey relational analysis, International Journal of Dependable and Trustworthy Information Systems (IJDTIS) 2 (2011), 36–54.A.M. Muiyuro, An Information technology controls evaluation prototype for financial institutions in Kenya, (2017).T. Llanso, CIAM: A data-driven approach for selecting and prioritizing security controls, in: IEEE, (2012), pp. 1–8.L. Almeida and A. Resp´ıcio, Decision support for selecting information security controls, Journal of Decision Systems 27 (2018), 173–180. doi:10.1080/12460125.2018.1468177J. Waxler, Prioritizing Security Controls Using Multiple Criteria Decision Making for Home Users, (2018).K.K. Choo, S. Mubarak and D. Mani, Selection of information security controls based on AHP and GRA, in: Pacific Asia Conference on Information Systems, 2014.I. Yevseyeva, F.V. Basto, A. van Moorsel, H. Janicke and T. Michael, Two-stage security controls selection, Procedia Computer Science 100 (2016), 8.T.L. Saaty, The analytic hierarchy process McGraw-Hill, New York 324 (1980).PublicationORIGINALCombination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment.pdfCombination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment.pdfapplication/pdf96916https://repositorio.cuc.edu.co/bitstreams/6c63ac89-51b3-4814-841d-58f03ccf538d/download249d04eded5605c1712358921318840fMD51CC-LICENSElicense_rdflicense_rdfapplication/rdf+xml; charset=utf-8805https://repositorio.cuc.edu.co/bitstreams/33d46568-2eac-458c-a461-bfaad3b6800a/download4460e5956bc1d1639be9ae6146a50347MD52LICENSElicense.txtlicense.txttext/plain; charset=utf-83196https://repositorio.cuc.edu.co/bitstreams/3ea09395-6ec6-479f-ac6d-10ed388dbc58/downloade30e9215131d99561d40d6b0abbe9badMD53THUMBNAILCombination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment.pdf.jpgCombination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment.pdf.jpgimage/jpeg44807https://repositorio.cuc.edu.co/bitstreams/f4a17e5d-eebe-4d80-82bf-75d93d6edab8/downloadc89e52384a60002eaac06be04ecddd3bMD54THUMBNAILCombination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment.pdf.jpgCombination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment.pdf.jpgimage/jpeg44807https://repositorio.cuc.edu.co/bitstreams/d76b2019-dfc5-484b-a441-9fcb9f5babd3/downloadc89e52384a60002eaac06be04ecddd3bMD54TEXTCombination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment.pdf.txtCombination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment.pdf.txttext/plain1842https://repositorio.cuc.edu.co/bitstreams/f77ba253-63a9-4bd7-8f47-5b3280b03ac0/download3669566e82ce45ad726a6335ab850ec4MD5511323/7314oai:repositorio.cuc.edu.co:11323/73142024-09-17 14:07:18.308http://creativecommons.org/licenses/by-nc-nd/4.0/Attribution-NonCommercial-NoDerivatives 4.0 Internationalopen.accesshttps://repositorio.cuc.edu.coRepositorio de la Universidad de la Costa CUCrepdigital@cuc.edu.coQXV0b3Jpem8gKGF1dG9yaXphbW9zKSBhIGxhIEJpYmxpb3RlY2EgZGUgbGEgSW5zdGl0dWNpw7NuIHBhcmEgcXVlIGluY2x1eWEgdW5hIGNvcGlhLCBpbmRleGUgeSBkaXZ1bGd1ZSBlbiBlbCBSZXBvc2l0b3JpbyBJbnN0aXR1Y2lvbmFsLCBsYSBvYnJhIG1lbmNpb25hZGEgY29uIGVsIGZpbiBkZSBmYWNpbGl0YXIgbG9zIHByb2Nlc29zIGRlIHZpc2liaWxpZGFkIGUgaW1wYWN0byBkZSBsYSBtaXNtYSwgY29uZm9ybWUgYSBsb3MgZGVyZWNob3MgcGF0cmltb25pYWxlcyBxdWUgbWUobm9zKSBjb3JyZXNwb25kZShuKSB5IHF1ZSBpbmNsdXllbjogbGEgcmVwcm9kdWNjacOzbiwgY29tdW5pY2FjacOzbiBww7pibGljYSwgZGlzdHJpYnVjacOzbiBhbCBww7pibGljbywgdHJhbnNmb3JtYWNpw7NuLCBkZSBjb25mb3JtaWRhZCBjb24gbGEgbm9ybWF0aXZpZGFkIHZpZ2VudGUgc29icmUgZGVyZWNob3MgZGUgYXV0b3IgeSBkZXJlY2hvcyBjb25leG9zIHJlZmVyaWRvcyBlbiBhcnQuIDIsIDEyLCAzMCAobW9kaWZpY2FkbyBwb3IgZWwgYXJ0IDUgZGUgbGEgbGV5IDE1MjAvMjAxMiksIHkgNzIgZGUgbGEgbGV5IDIzIGRlIGRlIDE5ODIsIExleSA0NCBkZSAxOTkzLCBhcnQuIDQgeSAxMSBEZWNpc2nDs24gQW5kaW5hIDM1MSBkZSAxOTkzIGFydC4gMTEsIERlY3JldG8gNDYwIGRlIDE5OTUsIENpcmN1bGFyIE5vIDA2LzIwMDIgZGUgbGEgRGlyZWNjacOzbiBOYWNpb25hbCBkZSBEZXJlY2hvcyBkZSBhdXRvciwgYXJ0LiAxNSBMZXkgMTUyMCBkZSAyMDEyLCBsYSBMZXkgMTkxNSBkZSAyMDE4IHkgZGVtw6FzIG5vcm1hcyBzb2JyZSBsYSBtYXRlcmlhLg0KDQpBbCByZXNwZWN0byBjb21vIEF1dG9yKGVzKSBtYW5pZmVzdGFtb3MgY29ub2NlciBxdWU6DQoNCi0gTGEgYXV0b3JpemFjacOzbiBlcyBkZSBjYXLDoWN0ZXIgbm8gZXhjbHVzaXZhIHkgbGltaXRhZGEsIGVzdG8gaW1wbGljYSBxdWUgbGEgbGljZW5jaWEgdGllbmUgdW5hIHZpZ2VuY2lhLCBxdWUgbm8gZXMgcGVycGV0dWEgeSBxdWUgZWwgYXV0b3IgcHVlZGUgcHVibGljYXIgbyBkaWZ1bmRpciBzdSBvYnJhIGVuIGN1YWxxdWllciBvdHJvIG1lZGlvLCBhc8OtIGNvbW8gbGxldmFyIGEgY2FibyBjdWFscXVpZXIgdGlwbyBkZSBhY2Npw7NuIHNvYnJlIGVsIGRvY3VtZW50by4NCg0KLSBMYSBhdXRvcml6YWNpw7NuIHRlbmRyw6EgdW5hIHZpZ2VuY2lhIGRlIGNpbmNvIGHDsW9zIGEgcGFydGlyIGRlbCBtb21lbnRvIGRlIGxhIGluY2x1c2nDs24gZGUgbGEgb2JyYSBlbiBlbCByZXBvc2l0b3JpbywgcHJvcnJvZ2FibGUgaW5kZWZpbmlkYW1lbnRlIHBvciBlbCB0aWVtcG8gZGUgZHVyYWNpw7NuIGRlIGxvcyBkZXJlY2hvcyBwYXRyaW1vbmlhbGVzIGRlbCBhdXRvciB5IHBvZHLDoSBkYXJzZSBwb3IgdGVybWluYWRhIHVuYSB2ZXogZWwgYXV0b3IgbG8gbWFuaWZpZXN0ZSBwb3IgZXNjcml0byBhIGxhIGluc3RpdHVjacOzbiwgY29uIGxhIHNhbHZlZGFkIGRlIHF1ZSBsYSBvYnJhIGVzIGRpZnVuZGlkYSBnbG9iYWxtZW50ZSB5IGNvc2VjaGFkYSBwb3IgZGlmZXJlbnRlcyBidXNjYWRvcmVzIHkvbyByZXBvc2l0b3Jpb3MgZW4gSW50ZXJuZXQgbG8gcXVlIG5vIGdhcmFudGl6YSBxdWUgbGEgb2JyYSBwdWVkYSBzZXIgcmV0aXJhZGEgZGUgbWFuZXJhIGlubWVkaWF0YSBkZSBvdHJvcyBzaXN0ZW1hcyBkZSBpbmZvcm1hY2nDs24gZW4gbG9zIHF1ZSBzZSBoYXlhIGluZGV4YWRvLCBkaWZlcmVudGVzIGFsIHJlcG9zaXRvcmlvIGluc3RpdHVjaW9uYWwgZGUgbGEgSW5zdGl0dWNpw7NuLCBkZSBtYW5lcmEgcXVlIGVsIGF1dG9yKHJlcykgdGVuZHLDoW4gcXVlIHNvbGljaXRhciBsYSByZXRpcmFkYSBkZSBzdSBvYnJhIGRpcmVjdGFtZW50ZSBhIG90cm9zIHNpc3RlbWFzIGRlIGluZm9ybWFjacOzbiBkaXN0aW50b3MgYWwgZGUgbGEgSW5zdGl0dWNpw7NuIHNpIGRlc2VhIHF1ZSBzdSBvYnJhIHNlYSByZXRpcmFkYSBkZSBpbm1lZGlhdG8uDQoNCi0gTGEgYXV0b3JpemFjacOzbiBkZSBwdWJsaWNhY2nDs24gY29tcHJlbmRlIGVsIGZvcm1hdG8gb3JpZ2luYWwgZGUgbGEgb2JyYSB5IHRvZG9zIGxvcyBkZW3DoXMgcXVlIHNlIHJlcXVpZXJhIHBhcmEgc3UgcHVibGljYWNpw7NuIGVuIGVsIHJlcG9zaXRvcmlvLiBJZ3VhbG1lbnRlLCBsYSBhdXRvcml6YWNpw7NuIHBlcm1pdGUgYSBsYSBpbnN0aXR1Y2nDs24gZWwgY2FtYmlvIGRlIHNvcG9ydGUgZGUgbGEgb2JyYSBjb24gZmluZXMgZGUgcHJlc2VydmFjacOzbiAoaW1wcmVzbywgZWxlY3Ryw7NuaWNvLCBkaWdpdGFsLCBJbnRlcm5ldCwgaW50cmFuZXQsIG8gY3VhbHF1aWVyIG90cm8gZm9ybWF0byBjb25vY2lkbyBvIHBvciBjb25vY2VyKS4NCg0KLSBMYSBhdXRvcml6YWNpw7NuIGVzIGdyYXR1aXRhIHkgc2UgcmVudW5jaWEgYSByZWNpYmlyIGN1YWxxdWllciByZW11bmVyYWNpw7NuIHBvciBsb3MgdXNvcyBkZSBsYSBvYnJhLCBkZSBhY3VlcmRvIGNvbiBsYSBsaWNlbmNpYSBlc3RhYmxlY2lkYSBlbiBlc3RhIGF1dG9yaXphY2nDs24uDQoNCi0gQWwgZmlybWFyIGVzdGEgYXV0b3JpemFjacOzbiwgc2UgbWFuaWZpZXN0YSBxdWUgbGEgb2JyYSBlcyBvcmlnaW5hbCB5IG5vIGV4aXN0ZSBlbiBlbGxhIG5pbmd1bmEgdmlvbGFjacOzbiBhIGxvcyBkZXJlY2hvcyBkZSBhdXRvciBkZSB0ZXJjZXJvcy4gRW4gY2FzbyBkZSBxdWUgZWwgdHJhYmFqbyBoYXlhIHNpZG8gZmluYW5jaWFkbyBwb3IgdGVyY2Vyb3MgZWwgbyBsb3MgYXV0b3JlcyBhc3VtZW4gbGEgcmVzcG9uc2FiaWxpZGFkIGRlbCBjdW1wbGltaWVudG8gZGUgbG9zIGFjdWVyZG9zIGVzdGFibGVjaWRvcyBzb2JyZSBsb3MgZGVyZWNob3MgcGF0cmltb25pYWxlcyBkZSBsYSBvYnJhIGNvbiBkaWNobyB0ZXJjZXJvLg0KDQotIEZyZW50ZSBhIGN1YWxxdWllciByZWNsYW1hY2nDs24gcG9yIHRlcmNlcm9zLCBlbCBvIGxvcyBhdXRvcmVzIHNlcsOhbiByZXNwb25zYWJsZXMsIGVuIG5pbmfDum4gY2FzbyBsYSByZXNwb25zYWJpbGlkYWQgc2Vyw6EgYXN1bWlkYSBwb3IgbGEgaW5zdGl0dWNpw7NuLg0KDQotIENvbiBsYSBhdXRvcml6YWNpw7NuLCBsYSBpbnN0aXR1Y2nDs24gcHVlZGUgZGlmdW5kaXIgbGEgb2JyYSBlbiDDrW5kaWNlcywgYnVzY2Fkb3JlcyB5IG90cm9zIHNpc3RlbWFzIGRlIGluZm9ybWFjacOzbiBxdWUgZmF2b3JlemNhbiBzdSB2aXNpYmlsaWRhZA==

Combination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment

Publicaciones similares