A Model for the Evaluation of Critical IT Systems Using Multicriteria Decision-Making with Elements for Risk Assessment

One of the important objectives and concerns today is to find efficient means to manage the information security risks to which organizations are exposed. Due to a lack of necessary data and time and resource constraints, very often it is impossible to gather and process all of the required informat...

Full description

Saved in:
Bibliographic Details
Published inMathematics (Basel) Vol. 9; no. 9; p. 1045
Main Authors Maček, Davor, Magdalenić, Ivan, Begičević Ređep, Nina
Format Journal Article
LanguageEnglish
Published Basel MDPI AG 01.05.2021
Subjects
criteria dependence
critical IT systems
Decision making
Evaluation
Financial institutions
hybrid model
Information management
information security
Information systems
Iterative methods
Mathematics
multicriteria decision-making
Multiple criterion
Online banking
Ranking
Risk analysis
Risk assessment
Security
Security management
Online AccessGet full text

Cover

More Information
Summary:One of the important objectives and concerns today is to find efficient means to manage the information security risks to which organizations are exposed. Due to a lack of necessary data and time and resource constraints, very often it is impossible to gather and process all of the required information about an IT system in order to properly assess it within an acceptable timeframe. That puts the organization into a state of increased security risk. One of the means to solve such complex problems is the use of multicriteria decision-making methods that have a strong mathematical foundation. This paper presents a hybrid multicriteria model for the evaluation of critical IT systems where the elements for risk analysis and assessment are used as evaluation criteria. The iterative steps of the design science research (DSR) methodology for development of a new multicriteria model for the objectives of evaluation, ranking, and selection of critical information systems are delineated. The main advantage of the new model is its use of generic criteria for risk assessment instead of redefining inherent criteria and calculating related weights for each individual IT system. That is why more efficient evaluation, ranking, and decision-making between several possible IT solutions can be expected. The proposed model was validated in a case study of online banking transaction systems and could be used as a generic model for the evaluation of critical IT systems.
ISSN:2227-7390
2227-7390
DOI:10.3390/math9091045