Information Security Risk Analysis Methods and Research Trends: AHP and Fuzzy Comprehensive Method

Lee, Ming Chang

doi:10.5121/ijcsit.2014.6103

Cited by 33 publications

(7 citation statements)

References 31 publications

(33 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Additionally, this literature research has revealed that there is a trend of developing hybrid models for risk analysis and assessment, and for deciding on the state of security or choosing an appropriate information system by using multicriteria decision-making (specifically indicated in the studies [38,43]), which is actually a logical phenomenon of interdisciplinarity in conducting researches as information security risk management is necessarily integrated into other business domains, and thus becoming one of the top priority activities in protecting the assets and operations of each modern organization.…”

Section: Discussion and Recommendationsmentioning

confidence: 99%

“…Also, the AHP model for classification of information assets is presented, taking into account the already mentioned risk assessment factors as evaluation criteria, but the paper does not specify to which exact information systems the proposed model would be applied and no necessary (inherent) interdependencies defined between risk assessment factors (which is actually a drawback of the AHP itself). Lee [43] proposes identical risk analysis factors as in the paper [42], except that for each of the 4 criteria in the AHP certain additional sub-criteria are also defined. E.g.…”

Section: Analysis Of Papersmentioning

confidence: 99%

“…data, software, hardware, attacks on the network environment, etc. ), but unlike [42,43] also considering the impact relationships between the elements of risk assessment and the uncertainty created by the security and privacy risk assessment process itself, and thus proposes a new security and privacy risk assessment model for an information system based on DEMATEL method and the ANP combined with a gray system theory.…”

Section: Analysis Of Papersmentioning

confidence: 99%

See 2 more Smart Citations

A Systematic Literature Review on the Application of Multicriteria Decision Making Methods for Information Security Risk Assessment

Maček¹,

Magdalenić²,

Ređep³

2020

IJSSE

View full text Add to dashboard Cite

In today's fast, agile, complex and interconnected business world, one of the main goals and concerns is to find an efficient and effective way of managing information security risks. So, one of the means is usage of multicriteria decision-making techniques for such purposes. The vast majority of research begins with some form of literature review. Thus, the review of the literature must be done thoroughly and impartially in order to obtain certain scientific value. This paper provides a systematic literature review (SLR) of relevant and recent literature from both research domains, namely information security risk management and multicriteria decision-making, identifying the standards, methods, techniques and tools that are considered to be the most relevant in the research areas observed. The main purpose of the paper is to discover complementary ISRA and MCDM methods that could be used as a basis to create a new hybrid model for more efficient evaluation of critical IT solutions. The related context, main goals, review methods, relevant results of each research phase along with the findings, papers' analysis, recommendations and conclusions are all given in this review article in order to fully comply with the SLR requirements.

show abstract

Section: Discussion and Recommendationsmentioning

confidence: 99%

Section: Analysis Of Papersmentioning

confidence: 99%

Section: Analysis Of Papersmentioning

confidence: 99%

See 1 more Smart Citation

A Systematic Literature Review on the Application of Multicriteria Decision Making Methods for Information Security Risk Assessment

Maček¹,

Magdalenić²,

Ređep³

2020

IJSSE

View full text Add to dashboard Cite

show abstract

“…More generally, this is a multicriteria decision-making (MCDM) problem, and a review of the literature highlights a significant application of MCDM in the context of risk assessment, as well as a need for a new hybrid model with the integration of information security elements [37]. There is a trend of research in hybrid models for risk analysis and assessment [38,39], implying interdisciplinarity in conducting researches, and consequently integration with other business domains.…”

Section: Information Security Elements In Service Sciencementioning

confidence: 99%

Safeguarding Information in Service Science with Service Integration

2021

View full text Add to dashboard Cite

Service Science can be described through information, that underpins knowledge as enabler of service value chain. Therefore data, as a part of information, is a basic asset of the service market where undertakings constantly face high competition and try to protect such assets from malicious attackers. Information as to be preserved also for regulatory constraints, and traditional organizational models can have limits in doing so. In this paper it is discussed the possibility to manage both data protection and cyber security through an information security integrated management service (ISIMS). In fact, as per other cross-functional knowledge, information security and data privacy compliance can be managed via an integrated approach, as a possible evolution of the common organizational separation between their respective domains, namely Legal and IT. Moreover, this paper identifies major areas of benefits as well as current lack of integrated systems for information safeguard in Service Science.

show abstract

“…For example, Ming-Chang Lee has used sets during management of security risk. 24 Dark et al 25 have applied the fuzzy set theory that evaluates the cost and time performance, security risk management and utilization of healthcare web application development scheme. Shedden et al 26 utilized the structure of security risk for qualitative assessment of security risk of healthcare web application.…”

Section: Related Workmentioning

confidence: 99%

<p>Security Risk Assessment of Healthcare Web Application Through Adaptive Neuro-Fuzzy Inference System: A Design Perspective</p>

Kaur¹,

Khan²,

Abushark³

et al. 2020

RMHP

View full text Add to dashboard Cite

Introduction:The imperative need for ensuring optimal security of healthcare web applications cannot be overstated. Security practitioners are consistently working at improvising on techniques to maximise security along with the longevity of healthcare web applications. In this league, it has been observed that assessment of security risks through soft computing techniques during the development of web application can enhance the security of healthcare web applications to a great extent. Methods: This study proposes the identification of security risks and their assessment during the development of the web application through adaptive neuro-fuzzy inference system (ANFIS). In this article, firstly, the security risk factors involved during healthcare web application development have been identified. Thereafter, these security risks have been evaluated by using the ANFIS technique. This research also proposes a fuzzy regression model. Results:The results have been compared with those of ANFIS, and the ANFIS model is found to be more acceptable for the estimation of security risks during the healthcare web application development. Conclusion:The proposed approach can be applied by the healthcare web application developers and experts to avoid the security risk factors during healthcare web application development for enhancing the healthcare data security.

show abstract

Information Security Risk Analysis Methods and Research Trends: AHP and Fuzzy Comprehensive Method

Abstract: ABSTRACT

Cited by 33 publications

References 31 publications

A Systematic Literature Review on the Application of Multicriteria Decision Making Methods for Information Security Risk Assessment

A Systematic Literature Review on the Application of Multicriteria Decision Making Methods for Information Security Risk Assessment

Safeguarding Information in Service Science with Service Integration

<p>Security Risk Assessment of Healthcare Web Application Through Adaptive Neuro-Fuzzy Inference System: A Design Perspective</p>

Contact Info

Product

Resources

About