| Summary: | This study deals with the problem of prioritization of Information Security Controls where most organizations aim to address and manage them effectively. Current information security analysis methods lack a quantitative approach and mostly depend on subjective judgments of information security experts.Although, expert opinions assist organizations in measuring the effectiveness of security controls, the subjective judgments may yield different results.Hence, a more objective approach that can be quantified is an alternative.This study implements multiple attribute decision-making concepts for prioritizing and selecting security controls using Hierarchical Adaptive Weighting (HAW) and Simple Adaptive Weighting (SAW).The results of these analysis methods are reported and compared.
|
|---|