A multiple attribute decision making for improving information security control assessment
Information security control assessment provides a comprehensive control analysis approach to assist an organization in measuring the effectiveness of its current and planned security controls.ISO/IEC 27005 is a risk management framework that can manage and treat risks in organizations.However, ISO...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Foundation of Computer Science
2014
|
| Subjects: | |
| Online Access: | https://repo.uum.edu.my/id/eprint/12243/1/pxc.pdf |
| _version_ | 1825802974661705728 |
|---|---|
| author | Al-Safwani, Nadher Hassan, Suhaidi Katuk, Norliza |
| author_facet | Al-Safwani, Nadher Hassan, Suhaidi Katuk, Norliza |
| author_sort | Al-Safwani, Nadher |
| collection | UUM |
| description | Information security control assessment provides a comprehensive control analysis approach to assist an organization in measuring the effectiveness of its current and
planned security controls.ISO/IEC 27005 is a risk management framework that can manage and treat risks in organizations.However, ISO/IEC 27005 does not define a clear guideline on how to select and prioritize information
security control despite the need for an efficient security analysis method.The ISO 27005 framework mostly depends on subjective judgment and qualitative approaches for
security control analysis.This paper aims to improve the ISC analysis method by proposing the concept of multiple attribute decision making to provide clear guidelines in solving these issues.Order performance by similarity to ideal solution (TOPSIS) method was utilized to determine the critical vulnerable controls on the basis of different evaluation
criteria.We argue that evaluating ISC by using TOPSIS leads to a cost-effective analysis and an efficient assessment in
terms of testing and selecting ISCs in organizations. |
| first_indexed | 2024-07-04T05:49:22Z |
| format | Article |
| id | uum-12243 |
| institution | Universiti Utara Malaysia |
| language | English |
| last_indexed | 2024-07-04T05:49:22Z |
| publishDate | 2014 |
| publisher | Foundation of Computer Science |
| record_format | eprints |
| spelling | uum-122432016-04-28T01:05:26Z https://repo.uum.edu.my/id/eprint/12243/ A multiple attribute decision making for improving information security control assessment Al-Safwani, Nadher Hassan, Suhaidi Katuk, Norliza QA76 Computer software Information security control assessment provides a comprehensive control analysis approach to assist an organization in measuring the effectiveness of its current and planned security controls.ISO/IEC 27005 is a risk management framework that can manage and treat risks in organizations.However, ISO/IEC 27005 does not define a clear guideline on how to select and prioritize information security control despite the need for an efficient security analysis method.The ISO 27005 framework mostly depends on subjective judgment and qualitative approaches for security control analysis.This paper aims to improve the ISC analysis method by proposing the concept of multiple attribute decision making to provide clear guidelines in solving these issues.Order performance by similarity to ideal solution (TOPSIS) method was utilized to determine the critical vulnerable controls on the basis of different evaluation criteria.We argue that evaluating ISC by using TOPSIS leads to a cost-effective analysis and an efficient assessment in terms of testing and selecting ISCs in organizations. Foundation of Computer Science 2014-03 Article PeerReviewed application/pdf en https://repo.uum.edu.my/id/eprint/12243/1/pxc.pdf Al-Safwani, Nadher and Hassan, Suhaidi and Katuk, Norliza (2014) A multiple attribute decision making for improving information security control assessment. International Journal of Computer Applications, 89 (3). pp. 19-24. ISSN 0975-8887 http://dx.doi.org/10.5120/15482-4222 doi:10.5120/15482-4222 doi:10.5120/15482-4222 |
| spellingShingle | QA76 Computer software Al-Safwani, Nadher Hassan, Suhaidi Katuk, Norliza A multiple attribute decision making for improving information security control assessment |
| title | A multiple attribute decision making for improving information security control assessment |
| title_full | A multiple attribute decision making for improving information security control assessment |
| title_fullStr | A multiple attribute decision making for improving information security control assessment |
| title_full_unstemmed | A multiple attribute decision making for improving information security control assessment |
| title_short | A multiple attribute decision making for improving information security control assessment |
| title_sort | multiple attribute decision making for improving information security control assessment |
| topic | QA76 Computer software |
| url | https://repo.uum.edu.my/id/eprint/12243/1/pxc.pdf |
| work_keys_str_mv | AT alsafwaninadher amultipleattributedecisionmakingforimprovinginformationsecuritycontrolassessment AT hassansuhaidi amultipleattributedecisionmakingforimprovinginformationsecuritycontrolassessment AT katuknorliza amultipleattributedecisionmakingforimprovinginformationsecuritycontrolassessment AT alsafwaninadher multipleattributedecisionmakingforimprovinginformationsecuritycontrolassessment AT hassansuhaidi multipleattributedecisionmakingforimprovinginformationsecuritycontrolassessment AT katuknorliza multipleattributedecisionmakingforimprovinginformationsecuritycontrolassessment |