AHP–TOPSIS integration extended with Pythagorean fuzzy sets for information security risk analysis

Risk analysis (RA) contains several methodologies that object to ensure the protection and safety of occupational stakeholders. Multi attribute decision-making (MADM) is one of the most important RA methodologies that is applied to several areas from manufacturing to information technology. With the widespread use of computer networks and the Internet, information security has become very important. Information security is vital as institutions are mostly dependent on information, technology, and systems. This requires a comprehensive and effective implementation of information security RA. Analytic hierarchy process (AHP) and technique for order preference by similarity to ideal solution (TOPSIS) are commonly used MADM methods and recently used for RA. In this study, a new RA methodology is proposed based on AHP–TOPSIS integration extended with Pythagorean fuzzy sets. AHP strengthened by interval-valued Pythagorean fuzzy numbers is used to weigh risk parameters with expert judgment. Then, TOPSIS with Pythagorean fuzzy numbers is used to prioritize previously identified risks. A comparison of the proposed approach with three approaches (classical RA method, Pythagorean fuzzy VIKOR and Pythagorean fuzzy MOORA) is also provided. To illustrate the feasibility and practicality of the proposed approach, a case study for information security RA in corrugated cardboard sector is executed.

[1]  Harish Garg,et al.  Some methods for strategic decision‐making problems with immediate probabilities in Pythagorean fuzzy environment , 2018, Int. J. Intell. Syst..

[2]  Harish Garg,et al.  New exponential operational laws and their aggregation operators for interval‐valued Pythagorean fuzzy multicriteria decision‐making , 2018, Int. J. Intell. Syst..

[3]  Silvia Carpitella,et al.  A combined multi-criteria approach to support FMECA analyses: A real-world case , 2018, Reliab. Eng. Syst. Saf..

[4]  Muhammet Gul,et al.  A fuzzy multi criteria risk assessment based on decision matrix technique: A case study for aluminum industry , 2016 .

[5]  Sohag Kabir,et al.  A fuzzy Bayesian network approach for risk analysis in process industries , 2017 .

[6]  Gülin Feryal Can,et al.  A novel fuzzy risk matrix based risk assessment approach , 2018, Kybernetes.

[7]  Ali Fuat Guneri,et al.  Use of FAHP for Occupational Safety Risk Assessment: An Application in the Aluminum Extrusion Industry , 2017 .

[8]  Harish Garg,et al.  Confidence levels based Pythagorean fuzzy aggregation operators and its application to decision-making process , 2017, Computational and Mathematical Organization Theory.

[9]  Muhammet Gul,et al.  A review of occupational health and safety risk assessment approaches based on multi-criteria decision-making methods and their fuzzy versions , 2018 .

[10]  Özlem Müge Testik,et al.  Analysis of personal information security behavior and awareness , 2016, Comput. Secur..

[11]  M. Gul,et al.  A fuzzy-based model for risk assessment of routes in oil transportation , 2018, International Journal of Environmental Science and Technology.

[12]  Mohammad Reza Hairi Yazdi,et al.  Hybrid Probabilistic Risk Assessment Using Fuzzy FTA and Fuzzy AHP in a Process Industry , 2017, Journal of Failure Analysis and Prevention.

[13]  Harish Garg,et al.  Generalized Pythagorean Fuzzy Geometric Aggregation Operators Using Einstein t‐Norm and t‐Conorm for Multicriteria Decision‐Making Process , 2017, Int. J. Intell. Syst..

[14]  Harish Garg,et al.  A novel accuracy function under interval-valued Pythagorean fuzzy environment for solving multicriteria decision making problem , 2016, J. Intell. Fuzzy Syst..

[15]  Gülin Feryal Can,et al.  An intutionistic approach based on failure mode and effect analysis for prioritizing corrective and preventive strategies , 2018 .

[16]  Per Hasvold,et al.  Risk analysis of information security in a mobile instant messaging and presence system for healthcare , 2007, Int. J. Medical Informatics.

[17]  Luis Alberto Rodríguez-Picón,et al.  MOORA under Pythagorean Fuzzy Set for Multiple Criteria Decision Making , 2018, Complex..

[18]  Jan H. P. Eloff,et al.  A comparative framework for risk analysis methods , 1993, Comput. Secur..

[19]  Ali Fuat Guneri,et al.  Occupational health and safety risk assessment in hospitals: A case study using two-stage fuzzy multi-criteria approach , 2017 .

[20]  Ross J. Anderson Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.

[21]  Ali Fuat Guneri,et al.  A fuzzy AHP methodology for selection of risk assessment methods in occupational safety , 2015 .

[22]  Erkan Celik,et al.  Fuzzy rule-based Fine–Kinney risk assessment approach for rail transportation systems , 2018 .

[23]  Erkan Celik,et al.  Assessment of occupational hazards and associated risks in fuzzy environment: A case study of a university chemical laboratory , 2017 .

[24]  Zeshui Xu,et al.  Extension of TOPSIS to Multiple Criteria Decision Making with Pythagorean Fuzzy Sets , 2014, Int. J. Intell. Syst..

[25]  Selcuk Cebi,et al.  A novel approach to risk assessment for occupational health and safety using Pythagorean fuzzy AHP & fuzzy inference system , 2018 .

[26]  Lazim Abdullah,et al.  Pythagorean fuzzy analytic hierarchy process to multi-criteria decision making , 2017 .

[27]  Yong Qin,et al.  A fuzzy Fine-Kinney-based risk evaluation approach with extended MULTIMOORA method based on Choquet integral , 2018, Comput. Ind. Eng..

[28]  M. Gul,et al.  An occupational risk assessment approach for construction and operation period of wind turbines , 2018 .

[29]  Ali Fuat Guneri,et al.  A new Fine-Kinney-based risk assessment framework using FAHP-FVIKOR incorporation , 2017 .

[30]  Muhammet Gul,et al.  Application of Pythagorean fuzzy AHP and VIKOR methods in occupational health and safety risk assessment: the case of a gun and rifle barrel external surface oxidation and colouring unit , 2018, International journal of occupational safety and ergonomics : JOSE.

[31]  Zhang Yu-qing Survey of information security risk assessment , 2004 .

[32]  Sheng-Yuan Wang,et al.  Survey of Information Security Risk Assessment , 2010, 2010 International Conference on Electrical and Control Engineering.

[33]  Graeme G. Shanks,et al.  A situation awareness model for information security risk management , 2014, Comput. Secur..

[34]  Ana Paula Cabral Seixas Costa,et al.  Information security risk analysis model using fuzzy decision theory , 2016, Int. J. Inf. Manag..

[35]  Suleyman Mete,et al.  Risk assessment for clearing and grading process of a natural gas pipeline project: An extended TOPSIS model with Pythagorean fuzzy sets for prioritizing hazards , 2018, Human and Ecological Risk Assessment: An International Journal.

[36]  Harish Garg,et al.  A New Generalized Pythagorean Fuzzy Information Aggregation Using Einstein Operations and Its Application to Decision Making , 2016, Int. J. Intell. Syst..

[37]  Eric W. T. Ngai,et al.  Fuzzy decision support system for risk analysis in e-commerce development , 2005, Decis. Support Syst..

[38]  Harish Garg,et al.  New logarithmic operational laws and their aggregation operators for Pythagorean fuzzy set and their applications , 2018, Int. J. Intell. Syst..

[39]  Ibrahim Sogukpinar,et al.  ISRAM: information security risk analysis method , 2005, Comput. Secur..

[40]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[41]  Jianping Chen,et al.  A Hybrid Method for Pythagorean Fuzzy Multiple-Criteria Decision Making , 2016, Int. J. Inf. Technol. Decis. Mak..

[42]  Yong Fu,et al.  A risk evaluation and prioritization method for FMEA with prospect theory and Choquet integral , 2018, Safety Science.

[43]  Mohammad A. Khalilzadeh,et al.  Risk evaluation using a novel hybrid method based on FMEA, extended MULTIMOORA, and AHP methods under fuzzy environment , 2018, Safety Science.

[44]  Rita Gamberini,et al.  A fuzzy multi-attribute model for risk evaluation in workplaces. , 2009 .

[45]  Harish Garg,et al.  A Linear Programming Method Based on an Improved Score Function for Interval-Valued Pythagorean Fuzzy Numbers and Its Application to Decision-Making , 2018, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[46]  Erkan Celik,et al.  A hybrid risk-based approach for maritime applications: The case of ballast tank maintenance , 2017 .

[47]  M. Gul,et al.  A comparative outline for quantifying risk ratings in occupational health and safety risk assessment , 2018, Journal of Cleaner Production.

[48]  Ronald R. Yager,et al.  Pythagorean Membership Grades in Multicriteria Decision Making , 2014, IEEE Transactions on Fuzzy Systems.

[49]  Harish Garg,et al.  Linguistic Pythagorean fuzzy sets and its applications in multiattribute decision‐making process , 2018, Int. J. Intell. Syst..

[50]  Janine L. Spears A Holistic Risk Analysis Method for Identifying Information Security Risks , 2004, IICIS.

[51]  Selcuk Cebi,et al.  A new risk assessment approach: Safety and Critical Effect Analysis (SCEA) and its extension with Pythagorean fuzzy sets , 2018, Safety Science.