A Systematic Literature Review on the Application of Multicriteria Decision Making Methods for Information Security Risk Assessment

  title={A Systematic Literature Review on the Application of Multicriteria Decision Making Methods for Information Security Risk Assessment},
  author={D. Macek and Ivan Magdalenic and Nina Begi{\vc}evi{\'c} Ređep},
  journal={International Journal of Safety and Security Engineering},
Received: 12 January 2020 Accepted: 26 March 2020 In today's fast, agile, complex and interconnected business world, one of the main goals and concerns is to find an efficient and effective way of managing information security risks. So, one of the means is usage of multicriteria decision-making techniques for such purposes. The vast majority of research begins with some form of literature review. Thus, the review of the literature must be done thoroughly and impartially in order to obtain… 

Figures and Tables from this paper

A Model for the Evaluation of Critical IT Systems Using Multicriteria Decision-Making with Elements for Risk Assessment

A hybrid multicriteria model for the evaluation of critical IT systems where the elements for risk analysis and assessment are used as evaluation criteria and the main advantage of the new model is its use of generic criteria for risk assessment.

Assessing Security Risks Method in E-Commerce System for IT Portfolio Management

The authors propose the prediction of the results of massive risk trials in e-commerce systems and the allowable residual levels of risk and the feasibility of using the specific security options.

Design of coordination contract for quality control-based supply chain under consumer balking behavior with fuzzy environment

  • C. Lan
  • Business
    J. Intell. Fuzzy Syst.
  • 2021
The research results show that the QC-based SC under the CBB cannot be coordinated by wholesale price contract alone, but can be coordinated perfectly by this contract when the retailer shares the quality effort and the manufacturer shares the oversupply cost.

Safeguarding Information in Service Science with Service Integration

The possibility to manage both data protection and cyber security through an information security integrated management service (ISIMS), as a possible evolution of the common organizational separation between their respective domains, namely Legal and IT is discussed.

An empirical study of factors influencing entrepreneurship using fuzzy logic: Based on provincial panel data

The empirical results show that regional financial development level, agglomeration effect, technological innovation ability, government support and so on have a positive role in promoting the level of entrepreneurship, while urban unemployment rate has no significant effect on thelevel of entrepreneurship.

Pre-Evaluation of Industrialization Project of Local Science and Technology Achievements Based on FAHP

In order to build a scientific pre-evaluation system for the industrialization of local science and technology (sci-tech) achievements, based on the analysis of the characteristics and laws of the

Qualitative and Quantitative Characteristics Analysis for Information Security Risk Assessment in E-Commerce Systems

The article analyses the concept of information in the aspect of property rights object and investigates threats to information security in electronic commerce systems based on systematic attacks series frequency analysis on the system.

Network Modelling of Resource Consumption Intensities in Human Capital Management in Digital Business Enterprises by the Critical Path Method

The article analyses the resource consumption intensities in human capital management in digital business enterprises by the critical path method. The article provides a critical review of the use of

Construction and Application of the Online Finance Credit Risk Rating Model Based on the Artificial Neural Network

The improved neural network technology to the credit risk rating of online finance was improved and the backpropagation neural network (BPNN) was improved for online financecredit risk rating.

Enhancement Strategies for Classroom Teaching Effect of Professional Art Education

In professional art education, it is a great challenge to improve the classroom teaching effect. To cope with the challenge, this paper identifies the factors affecting the classroom teaching effect



Evaluation maturity index and risk management for it governance using Fuzzy AHP and Fuzzy TOPSIS (case Study Bank XYZ)

  • Uky YudatamaR. Sarno
  • Business
    2015 International Seminar on Intelligent Technology and Its Applications (ISITIA)
  • 2015
Fuzzy theory helps in measuring the concept of uncertainty related to human which is subjective in making a decision of structured preference maker and two applications of fuzzy namely Fuzzy AHP is used to determine the weight of the specified criteria and F fuzzy TOPSIS to rank of selected alternatives.

Identifying and Analyzing Risks and Responses for Risk Management in Information Technology Outsourcing Projects Under Fuzzy Environment

Results show that the risk factor "Supplier's lack of expertise with an IT operation" is the most significant and the best response for this factor, is "Review of monetary value and volume of suppliers' contracts prior to their selection" according to experts' point of view.

Analytical Hierarchy Process Approach for the Metrics of Information Security Management Framework

  • Michael N. MoetiB. M. Kalema
  • Computer Science, Business
    2014 Sixth International Conference on Computational Intelligence, Communication Systems and Networks
  • 2014
The study indicated that, environmental metrics play a critical role in the information security management as compared to other metrics whereas the information and risk management metrics was found to be not so significant during the rankings.

A Multiple Attribute Decision Making for Improving Information Security Control Assessment

It is argued that evaluating ISC by using TOPSIS leads to a cost-effective analysis and an efficient assessment in terms of testing and selecting ISCs in organizations.

A hybrid dynamic decision making methodology for defensive information technology contingency measure selection in the presence of cyber threats

The application of a simulation-based hybrid analytic dynamic forecasting methodology that combines the techniques of analytic hierarchy process, factor analysis, and spanning tree to the problem of selecting among a set contingency measures following events which place the organizational mission at risk is presented.

A systematic review of information security risk assessment

A systematic review of over 80 research papers published between 2004 and 2014 is presented, to construct a classification of these published papers into seven types, which aims to help researchers obtain a clear and unbiased picture of the terminology, developments and trends of information security risk assessment in the academic sector.

Risk analysis of IT applications using FMEA and AHP SAW method with COBIT 5

The method to analyze the risk Analysis using FMEA and AHP SAW Methods with COBIT 5.0 shows the most affect the course of business processes.

Incident prioritisation using analytic hierarchy process (AHP): Risk Index Model (RIM)

An incident prioritisation model, the Risk Index Model (RIM), which is based on risk assessment and the analytic hierarchy process is proposed, which shows that 100% of incidents could be rated with RIM, compared with only 17.23% with the Common Vulnerability Scoring System.