A VIKOR technique based on DEMATEL and ANP for information security risk control assessment

As companies and organizations have grown to rely on their computer systems and networks, the issue of information security management has become more significant. To maintain their competitiveness, enterprises should safeguard their information and try to eliminate the risk of information being com...

Full description

Saved in:
Bibliographic Details
Published inInformation sciences Vol. 232; pp. 482 - 500
Main Authors Ou Yang, Yu-Ping, Shieh, How-Ming, Tzeng, Gwo-Hshiung
Format Journal Article
LanguageEnglish
Published Elsevier Inc 20.05.2013
Subjects
Analytic network process (ANP)
DEMATEL
Information security
Multiple criteria decision making (MCDM)
Risk control assessment
VIKOR
Analytic network process (ANP)
Risk control assessment
DEMATEL
VIKOR
Multiple criteria decision making (MCDM)
Information security
Online AccessGet full text

Cover

More Information
Summary:As companies and organizations have grown to rely on their computer systems and networks, the issue of information security management has become more significant. To maintain their competitiveness, enterprises should safeguard their information and try to eliminate the risk of information being compromised or reduce this risk to an acceptable level. This paper proposes an information security risk-control assessment model that could improve information security for these companies and organizations. We propose an MCDM model combining VIKOR, DEMATEL, and ANP to solve the problem of conflicting criteria that show dependence and feedback. In addition, an empirical application of evaluating the risk controls is used to illustrate the proposed method. The results show that our proposed method can be effective in helping IT managers validate the effectiveness of their risk controls.
ISSN:0020-0255
1872-6291
DOI:10.1016/j.ins.2011.09.012