nach oben

Information Systems and e-Business Management

Erschienen in:

01.02.2016 | Original Article

Ranking information security controls by using fuzzy analytic hierarchy process

verfasst von: Hamid Khajouei, Mehdi Kazemi, Seyed Hamed Moosavirad

Erschienen in: Information Systems and e-Business Management | Ausgabe 1/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Information security can be achieved by implementing a set of appropriate controls. However, identifying and selecting the most effective information security controls in organizations have been major challenges for years. Although many studies have been done to address these challenges, there is still lack of research to rank these controls. In this study, a fuzzy Analytic Hierarchy Process was used to prioritize and select effective managerial domains and control objectives in information security controls. In this research, the process of implementing ISO 27001 Information Security in National Iranian Oil Products Distribution Company was selected. According to results, the access control, information systems acquisition, development and maintenance have the highest priorities among the information security controls in managerial domains. On the other hand, the business continuity management and asset management have the lowest priorities among the studied information security controls. Furthermore, it was found that among 39 control objectives, the user access management and third party service delivery management have the highest and lowest priorities, respectively.

Nächster Artikel Feeling leads to believing: a Kansei-based approach to explore website users’ purchase intention in the travel agency sector

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

Alberts Ch, Dorofee A (2002) Managing information security risks: the OCTAVE (SM) approach. Addison-Wesley Professional, Boston

Barnard L, Von Solms R (2000) A formalized approach to the effective selection and evaluation of information security next term controls. Comput Secur 19(2):185–194. doi:10.1016/S0167-4048(00)87829-3 CrossRef

Chang DY (1996) Applications of extent analysis method on fuzzy AHP. Eur J Op Res 95:649–655. doi:10.1016/0377-2217(95)00300-2 CrossRef

Da Veiga A, Eloff JHP (2007) An information security governance framework. Inf Syst Manag 24(4):361–372. doi:10.1080/10580530701586136 CrossRef

Dhillon G, Torkzadeh G (2006) Value-focused assessment of information system security in organizations. Inf Syst 16(3):293–314. doi:10.1111/j.1365-2575.2006.00219.x CrossRef

Economic Abrar (2008) Europe Union secure organization calls for reform of data protection laws. Abrar economic, financial Abrar, pp 12–13

Goldstein A, Frank U (2015) Components of a multi-perspective modeling method for designing and managing IT security systems. DOI, Inf Syst E-Bus Manag. doi:10.1007/s10257-015-0276-5

Harmer G (2014) Governance of enterprise IT based on COBIT 5: a management guide. IT Governance Ltd

Institute of Standards and Industrial Research of Iran (2007) Information technology—security techniques—management of information and communications technology security, part I, concepts and models for information and communications technology security management. Tehran, Iran

International Standard Organization (2005) ISO/IEC17799—information technology-security technics—code of practice for information security management. Geneva

International Standard Organization (2005) ISO 27001-2005: information technology—security techniques—information security management systems—requirements. Geneva

Killmeyer J (2006) Information security architecture: an integrated approach to security in the organization. Auerbach Publications

Kwon S, Jang S, Lee J, Kim S (2007) Common defects in information security management system of Korean companies. J Syst Softw 80(10):1631–1638. doi:10.1016/j.jss.2007.01.015 CrossRef

Office of Government Commerce (2009) ITIL V3 foundation handbook. The Stationery Office

Otero AR, Otero CE, Qureshi A (2010) A multi-criteria evaluation of information security controls using boolean features. Int J Netw Secur Appl 2(4):34–45. doi:10.5121/ijnsa.2010.2401

Persse JR (2001) Implementing the capability maturity model. Wiley, London

Saaty T (1988) Mathematical models for decision support. Springer, Berlin

Saint-Germain R (2005) Information security management best practice based on ISO/IEC 17799. Inf Manag J 39(4):60–66

Scott J (2004) Measuring dimensions of perceived e-business risks. IseB 2:31–55. doi:10.1007/s10257-003-0026-y CrossRef

Shuai R, De-jun M, Ling-bo Z (2006) Model of information security evaluation based on gray analytical hierarchy process. J Comput Appl 6:223–236

Systems Groups (2011) Today’s new technologies, tomorrow development tools. Retrieved 12 July, 2011, from http://www.sgnec.net/pages/services/security/isms.aspx

Van der Haar H, Von Solms R (2003) A model for deriving information security controls attributeprofiles. Comput Secur 22(3):233–244. doi:10.1016/S0167-4048(03)00311-0 CrossRef

Von Solms R, Van der Haar H, Von Solms SH, Caelli WJ (1994) A framework for information security evaluation. Inf Manag 26(3):143–153. doi:10.1016/0378-7206(94)90038-8 CrossRef

Zhou Y. S, Wang Y. Z (2011) A multi-criteria evaluation method of information security controls. Fourth international joint conference on computational science and optimization. doi:10.1109/CSO.2011.43

Titel: Ranking information security controls by using fuzzy analytic hierarchy process
verfasst von: Hamid Khajouei
Mehdi Kazemi
Seyed Hamed Moosavirad
Publikationsdatum: 01.02.2016
Verlag: Springer Berlin Heidelberg
Erschienen in: Information Systems and e-Business Management / Ausgabe 1/2017
Print ISSN: 1617-9846
Elektronische ISSN: 1617-9854
DOI: https://doi.org/10.1007/s10257-016-0306-y

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2017

Factors influencing adoption of e-payment systems: an empirical study on Iranian customers

Learning to evaluate and recommend query in restaurant search systems

Exploring gender differences in acceptance of mobile computing devices among college students

Feeling leads to believing: a Kansei-based approach to explore website users’ purchase intention in the travel agency sector

Gender classification of microblog text based on authorial style

StockProF: a stock profiling framework using data mining approaches

Premium Partner