Information Security Management: ANP Based Approach for Risk Analysis and Decision Making

Brožová, Helena; Šup, Libor; Rydval, Jan; Sadok, Moufida; Bednár, Peter

doi:10.7160/aol.2016.080102

Cited by 5 publications

(8 citation statements)

References 8 publications

(8 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Exceptions are Lo and Chen [50] and Brožová et al [51], who used an ANP approach to capture dependencies. Lo and Chen [50], Brožová et al [51] and the four papers using a bayesian network approach [83][84][85][86] are the only papers that considered dependencies between metrics. Interestingly, all of these papers were published in 2016 or earlier.…”

Section: Resultsmentioning

confidence: 99%

“…Nevertheless, aggregation using basic approaches such as WLC is prevalent, with 42 of our 60 inclusions using this aggregation technique. We observed a clear lack of dependency consideration among metrics, which could be solved using Bayesian network [83][84][85][86] or ANP techniques [50,51]. Our cybersecurity framework presented in Table 10 provides clear guidance on which aggregation strategies suit which SME categories.…”

Section: Discussionmentioning

confidence: 99%

“…The strategy classes presented in Table 2 are not exhaustive but do cover the large majority of all aggregation strategies employed, as we show in Section 4. Two examples of other possibilities are the use of analytic network process (ANP) techniques [50,51], which relate to the deterministic equivalent of Bayesian networks, and the analysis of game-theoretic equilibria [52]. What is common to all strategies is that none satisfy all criteria of Table 2.…”

Section: Aggregationmentioning

confidence: 99%

See 2 more Smart Citations

Respite for SMEs: A Systematic Review of Socio-Technical Cybersecurity Metrics

et al. 2021

View full text Add to dashboard Cite

Cybersecurity threats are on the rise, and small- and medium-sized enterprises (SMEs) struggle to cope with these developments. To combat threats, SMEs must first be willing and able to assess their cybersecurity posture. Cybersecurity risk assessment, generally performed with the help of metrics, provides the basis for an adequate defense. Significant challenges remain, however, especially in the complex socio-technical setting of SMEs. Seemingly basic questions, such as how to aggregate metrics and ensure solution adaptability, are still open to debate. Aggregation and adaptability are vital topics to SMEs, as they require the assimilation of metrics into an actionable advice adapted to their situation and needs. To address these issues, we systematically review socio-technical cybersecurity metric research in this paper. We analyse aggregation and adaptability considerations and investigate how current findings apply to the SME situation. To ensure that we provide valuable insights to researchers and practitioners, we integrate our results in a novel socio-technical cybersecurity framework geared towards the needs of SMEs. Our framework allowed us to determine a glaring need for intuitive, threat-based cybersecurity risk assessment approaches for the least digitally mature SMEs. In the future, we hope our framework will help to offer SMEs some deserved respite by guiding the design of suitable cybersecurity assessment solutions.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

Section: Aggregationmentioning

confidence: 99%

See 1 more Smart Citation

Respite for SMEs: A Systematic Review of Socio-Technical Cybersecurity Metrics

et al. 2021

View full text Add to dashboard Cite

show abstract

“…AHP is conceptually and practically simple, but in its hierarchical structure, its elements whose interactions are ignored are assumed to be independent of each other; it is not consistent with many real-world problems (Montesinos-Valera et al, 2017). Overcoming the limitations of AHP, ANP can incorporate more complex dependencies and interactions between elements within a decision context (Brožová et al, 2016;Hornická and Brožová, 2013). In conventional methods of MCDM such as AHP and ANP, however, the relative importance of criteria, sub-criteria, and alternatives is expressed as exact (crisp) numbers.…”

Section: Methodsmentioning

confidence: 99%

Comparison of Fuzzy Multi-Criteria Decision-Making Methods to Rank Business Strategies and Marketing Resources

Tohidi

Ghorbani

Karbasi

et al. 2020

AOL

View full text Add to dashboard Cite

Given the growing competition in domestic and international agricultural product markets, choosing a business strategy compatible with requirements of marketing resources can guide agro-food firms to maintain and enhance competitive advantages. However, this is not as simple as it seems because the decision-making criteria expressed in a fuzzy manner and the relationship between them can be hierarchical or network-based. Therefore, the main goal of this study was to select the most suitable business strategy and to prioritize marketing resources for one of the major agro-food firms in Iran. To ensure the robustness of the results, both fuzzy analytic hierarchy process (AHP) and fuzzy analytic network process (ANP) were applied to prioritize business strategies and marketing resources. The results of both methods revealed that the differentiation strategy had the highest priority in terms of the experts' viewpoints. The results also showed that managerial and customer relationship capabilities were the most important criteria in selecting the differentiation strategy. According to the findings of the study, for the successful implementation of the differentiation strategy, company managers are recommended to take the following three main elements into huge consideration: financial conditions, paying attention to customer's needs and requirements, and the introduction of new products and services.

show abstract

“…value of the j-th indicator of the information security threat index in the context of the i-th country, reduced to the dimensionless Harrington-Mencher desirability scale; min ij i Z -the minimum value of the normalized j-th indicator of the information security threat index in the context of the i-th country; max ij i Z -the maximum value of the normalized j-th indicator of the information security threat index in the context of the i-th country.The second type of the curve: S-shaped growth, asymmetric curve with rapid initial growth:(4) …”

mentioning

confidence: 99%

Evaluating the threat to national information security

Yarovenko

2020

Problems and Perspectives in Management

View full text Add to dashboard Cite

An effective strategy for managing the national information security with capabilities to resist information threats significantly impacts its further development. This study aims to assess the level of threat to the information security of countries based on the integral index. It is proposed to use five indicators characterizing individual areas of information security and 37 world development indicators, selected from the World Bank database. Correlation analysis selected 12 out of 37 development indicators relevant to security indicators for which the correlation coefficient exceeded 0.5 or –0.5. The Harrington-Mencher function is proposed to determine the information security threat index. Nonlinear normalization was carried out to bring the initial data to a comparable measurement. Canonical analysis was performed to determine the indicator weights. The data from 159 countries were taken for 2018 to assess the index. The result was presented on the map showing countries’ distribution by the information security threat index, thus forming five groups. The group with a “very well” resistance to threats includes economically developed countries with a high level of information security. The “well” group was formed by new industrial and developing countries with economic potential sufficient to prevent information threats and combat their consequences. The information security level in developing countries, where the results of overcoming information threats will affect the economic sphere, is defined as “acceptable”. Countries with a low level of development and information security formed groups designated as “bad” and “very bad”, which indicates a high level of threats to their information security. AcknowledgmentThis work is carried out with in the tax payer – funded researches: No. 0118U003574 “Cybersecurity in the banking fraud enforcement: protection of financial service consumers and the financial and economic security growth in Ukraine”.

show abstract

Information Security Management: ANP Based Approach for Risk Analysis and Decision Making

Cited by 5 publications

References 8 publications

Respite for SMEs: A Systematic Review of Socio-Technical Cybersecurity Metrics

Respite for SMEs: A Systematic Review of Socio-Technical Cybersecurity Metrics

Comparison of Fuzzy Multi-Criteria Decision-Making Methods to Rank Business Strategies and Marketing Resources

Evaluating the threat to national information security

Contact Info

Product

Resources

About