Risk Factor Assessment Improvement for China's Cloud Computing Auditing Using a New Hybrid MADM Model

With the rapid growth of modern technology in all facets of trade and industry, traditional auditing systems can no longer meet today’s ever-increasing technological requirements; contemporary auditing is in urgent need of straightforward and quick cloud computing services to meet the needs of auditors. In keeping with current trends, auditors must be provided with the means of using data and auditing information stored in cloud systems for more efficient and elastic auditing. However, the risks involved in cloud computing auditing are widespread and complex. Dimensions should be established, a mutually influential relationship used to delineate the influence weights of the dimensions and criteria should be determined. To this end, a Multiple Attribute Decision Making (MADM) model can precisely solve multi-criteria problems simultaneously. Therefore, the main focus of this study is to determine how to assess and establish the best improvement strategies to achieve the aspiration level for cloud auditing risk factors, by using the opinions and practical experience of China’s accounting experts, applied with a Decision-Making Trial and Evaluation Laboratory (DEMATEL) technique, DEMATEL-based ANP (DANP) and modified VIKOR method. The results provide cloud auditing risks with a knowledge-based understanding of the problem sources in order to establish the best improvement strategies for reducing risk-auditing performance gaps and attaining the aspiration levels. Based on the degree of impact of the dimensions/criteria on an Influence Network Relation Map (INRM), improvements should be prioritized as follows: system operations, technology risks, identity and access management and data protection.

[1]  Gwo-Hshiung Tzeng,et al.  Multicriteria selection for a restaurant location in Taipei , 2002 .

[2]  Alan T. Sherman,et al.  Design and Implementation of FROST - Digital Forensic Tools for the OpenStack Cloud Computing Platform , 2016 .

[3]  Hongyang Yan,et al.  Server-aided anonymous attribute-based authentication in cloud computing , 2015, Future Gener. Comput. Syst..

[4]  Gwo-Hshiung Tzeng,et al.  A fuzzy integral-based model for supplier evaluation and improvement , 2014, Inf. Sci..

[5]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[6]  H. Simon,et al.  A Behavioral Model of Rational Choice , 1955 .

[7]  Hassan Rasheed,et al.  Data and infrastructure security auditing in cloud computing environments , 2014, Int. J. Inf. Manag..

[8]  Kunihiko Hiraishi,et al.  Improving reliability in management of cloud computing infrastructure by formal methods , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[9]  Gang Kou,et al.  Enhancing data consistency in decision matrix: Adapting Hadamard model to mitigate judgment contradiction , 2014, Eur. J. Oper. Res..

[10]  Jinzhu Kong,et al.  AdjointVM: a new intrusion detection model for cloud computing , 2011 .

[11]  H. Simon,et al.  Rational choice and the structure of the environment. , 1956, Psychological review.

[12]  Young-Jou Lai,et al.  Fuzzy Multiple Objective Decision Making , 2016 .

[13]  LinLin Shen,et al.  Differentiated security levels for personal identifiable information in identity management system , 2011, Expert Syst. Appl..

[14]  Hongcan Yan,et al.  Research on Key Technologies of Cloud Computing , 2012 .

[15]  Yi Mu,et al.  On the security of auditing mechanisms for secure cloud storage , 2014, Future Gener. Comput. Syst..

[16]  Yi Peng,et al.  Evaluation of clustering algorithms for financial risk analysis using MCDM methods , 2014, Inf. Sci..

[17]  Gwo-Hshiung Tzeng,et al.  New hybrid COPRAS-G MADM Model for improving and selecting suppliers in green supply chain management , 2016 .

[18]  Yi Mu,et al.  Identity-based data storage in cloud computing , 2013, Future Gener. Comput. Syst..

[19]  Ahsan Arefin,et al.  CloudInsight: Shedding Light on the Cloud , 2011, 2011 IEEE 30th International Symposium on Reliable Distributed Systems.

[20]  Cheng-Wei Lin,et al.  Multi-criteria analysis of alternative-fuel buses for public transportation , 2005 .

[21]  Gwo-Hshiung Tzeng,et al.  Improving tourism policy implementation – The use of hybrid MCDM models , 2012 .

[22]  Doan B. Hoang,et al.  Adaptive Data Replicas Management Based on Active Data-centric Framework in Cloud Environment , 2013, 2013 IEEE 10th International Conference on High Performance Computing and Communications & 2013 IEEE International Conference on Embedded and Ubiquitous Computing.

[23]  Dale Young Access Management: Human Resources have a vital role to play within employee identity and access management , 2004 .

[24]  Zhixiong Chen,et al.  IT Auditing to Assure a Secure Cloud Computing , 2010, 2010 6th World Congress on Services.

[25]  David C. Chou,et al.  Cloud computing risk and audit issues , 2015, Comput. Stand. Interfaces.

[26]  Sandeep K. Sood,et al.  A combined approach to ensure data security in cloud computing , 2012, J. Netw. Comput. Appl..

[27]  Gwo-Hshiung Tzeng,et al.  Fuzzy Multicriteria Model for Postearthquake Land-Use Planning , 2003 .

[28]  Gwo-Hshiung Tzeng,et al.  Comments on “Multiple criteria decision making (MCDM) methods in economics: an overview” , 2012 .

[29]  Man-tak Shing,et al.  A Cloud Computing Application for Synchronized Disaster Response Operations , 2011, 2011 IEEE World Congress on Services.

[30]  Zhiqiang Zhan,et al.  Incident management process for the cloud computing environments , 2011, 2011 IEEE International Conference on Cloud Computing and Intelligence Systems.

[31]  Yang Chen,et al.  Pairwise comparison matrix in multiple criteria decision making , 2016 .

[32]  Gwo-Hshiung Tzeng,et al.  Evaluating the Enhancement of Corporate Social Responsibility Websites Quality Based on a New Hybrid MADM Model , 2015, Int. J. Inf. Technol. Decis. Mak..

[33]  Xiaolei Dong,et al.  Security and privacy for storage and computation in cloud computing , 2014, Inf. Sci..

[34]  Murat Kantarcioglu,et al.  Towards Data Confidentiality and a Vulnerability Analysis Framework for Cloud Computing , 2014, Secure Cloud Computing.

[35]  Gwo-Hshiung Tzeng,et al.  Improving RFID adoption in Taiwan's healthcare industry based on a DEMATEL technique with a hybrid MCDM model , 2013, Decis. Support Syst..

[36]  Dong Hyun Jeong,et al.  An integrated framework for managing sensor data uncertainty using cloud computing , 2013, Inf. Syst..

[37]  Siani Pearson,et al.  A Metamodel for Measuring Accountability Attributes in the Cloud , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[38]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[39]  Gwo-Hshiung Tzeng,et al.  Evaluating the implementation of business-to-business m-commerce by SMEs based on a new hybrid MADM model , 2015 .

[40]  Ulrich Lang,et al.  OpenPMF SCaaS: Authorization as a Service for Cloud & SOA Applications , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[41]  Sebastien Goasguen,et al.  Virtual Organization Clusters: Self-provisioned clouds on the grid , 2010, Future Gener. Comput. Syst..

[42]  Jinjun Chen,et al.  CCBKE - Session key negotiation for fast and secure scheduling of scientific applications in cloud computing , 2013, Future Gener. Comput. Syst..

[43]  Jason Goode The importance of identity security , 2012 .

[44]  Gwo-Hshiung Tzeng,et al.  Compromise solution by MCDM methods: A comparative analysis of VIKOR and TOPSIS , 2004, Eur. J. Oper. Res..

[45]  Fu-Hsiang Chen,et al.  Application of a new DEMATEL to explore key factors of China’s corporate social responsibility: evidence from accounting experts , 2015 .

[46]  Gwo-Hshiung Tzeng,et al.  Multicriteria Planning of Post‐Earthquake Sustainable Reconstruction , 2002 .

[47]  Gwo-Hshiung Tzeng,et al.  A VIKOR technique based on DEMATEL and ANP for information security risk control assessment , 2013, Inf. Sci..

[48]  Stephen S. Yau,et al.  Efficient audit service outsourcing for data integrity in clouds , 2012, J. Syst. Softw..

[49]  Fu-Hsiang Chen,et al.  Probing Organization Performance Using a New Hybrid Dynamic MCDM Method Based on the Balanced Scorecard Approach , 2015 .

[50]  Cong Wang,et al.  Dynamic Data Operations with Deduplication in Privacy-Preserving Public Auditing for Secure Cloud Storage , 2017, 22017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC).

[51]  Thomas L. Morin,et al.  Multi-Attribute Decision Making in a Bidding Game with Imperfect Information and Uncertainty , 2016, Int. J. Inf. Technol. Decis. Mak..

[52]  Ahmed Patel,et al.  An intrusion detection and prevention system in cloud computing: A systematic review , 2013, J. Netw. Comput. Appl..

[53]  Gang Kou,et al.  A cosine maximization method for the priority vector derivation in AHP , 2014, Eur. J. Oper. Res..

[54]  Gwo-Hshiung Tzeng,et al.  New Hybrid Multiple Attribute Decision-Making Model for Improving Competence Sets: Enhancing a Company's Core Competitiveness , 2016 .

[55]  Yi Peng,et al.  Evaluation of Classification Algorithms Using MCDM and Rank Correlation , 2012, Int. J. Inf. Technol. Decis. Mak..

[56]  Ching-Lai Hwang,et al.  Fuzzy Multiple Attribute Decision Making - Methods and Applications , 1992, Lecture Notes in Economics and Mathematical Systems.

[57]  Serafim Pricovic,et al.  Multi‐criteria model for post‐earthquake land‐use planning , 2002 .

[58]  James J.H. Liou,et al.  New concepts and trends of MCDM for tomorrow – in honor of Professor Gwo-Hshiung Tzeng on the occasion of his 70th birthday , 2013 .

[59]  David Woodliff,et al.  The Moral Intensity of Reduced Audit Quality Acts , 2008 .

[60]  Cath Everett Identity and Access Management: the second wave , 2011 .

[61]  John J. Rehr,et al.  A high performance scientific cloud computing environment for materials simulations , 2012, Comput. Phys. Commun..

[62]  Thomas L. Saaty,et al.  Decision making with dependence and feedback : the analytic network process : the organization and prioritization of complexity , 1996 .

[63]  Fu-Hsiang Chen,et al.  Application of a hybrid dynamic MCDM to explore the key factors for the internal control of procurement circulation , 2015 .

[64]  Dan Jerker B. Svantesson Data protection in cloud computing - The Swedish perspective , 2012, Comput. Law Secur. Rev..

[65]  G. Tzeng,et al.  Improving Corporate Governance Effects on an Enterprise Crisis Based on a New Hybrid DEMATEL with the MADM Model , 2015 .

[66]  Gwo-Hshiung Tzeng,et al.  Multicriteria analysis of environmental quality in Taipei: public preferences and improvement strategies. , 2002, Journal of environmental management.

[67]  Travis Spencer Identity in the cloud , 2012 .

[68]  Gwo-Hshiung Tzeng,et al.  A hybrid dynamic MADM model for problem-improvement in economics and business , 2013 .

[69]  Roberto Di Pietro,et al.  Secure virtualization for cloud computing , 2011, J. Netw. Comput. Appl..

[70]  Gwo-Hshiung Tzeng,et al.  Extended VIKOR method in comparison with outranking methods , 2007, Eur. J. Oper. Res..

[71]  Ogan Yigitbasioglu,et al.  External auditors' perceptions of cloud computing adoption in Australia , 2015, Int. J. Account. Inf. Syst..