FAHP-TOPSIS risks ranking models in ISMS

One of the main features of the Information security management system which should be performed according to the organization requirements is the information security risk management. Risk evaluation and risk ranking is a key procedure in this management activity. This research introduces a new method for ranking risks of information security by using two decision making models, TOPSIS model and AHP in fuzzy environment. Comparing test results of the new FAHP-TOPSIS model with the FAHP model shows that the average weights of new model has increased dramatically with smaller error ratio and provides more precise results.

[1]  Mohammad Izadikhah,et al.  Extension of the TOPSIS method for decision-making problems with fuzzy data , 2006, Appl. Math. Comput..

[2]  Gwo-Hshiung Tzeng,et al.  Defuzzification within a Multicriteria Decision Model , 2003, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[3]  Yu Zhiwei,et al.  A Survey on the Evolution of Risk Evaluation for Information Systems Security , 2012 .

[4]  Jurgita Antucheviciene,et al.  Evaluation of Ranking Accuracy in Multi-Criteria Decisions , 2006, Informatica.

[5]  T. Saaty,et al.  The Analytic Hierarchy Process , 1985 .

[6]  Slaven Smojver Selection of Information Security Risk Management Method Using Analytic Hierarchy Process (AHP) , 2011 .

[7]  Zhihu Wang,et al.  Study on the risk assessment quantitative method of information security , 2010, 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE).

[8]  Ahmad Makui,et al.  Extension of fuzzy TOPSIS method based on interval-valued fuzzy sets , 2009, Appl. Soft Comput..

[9]  Niu Honghui,et al.  Research on risk assessment model of information security based on particle swarm algorithm -RBF neural network , 2010, 2010 Second Pacific-Asia Conference on Circuits, Communications and System.

[10]  Reza Tavakkoli-Moghaddam,et al.  A Fuzzy Stochastic Multi-Attribute Group Decision-Making Approach for Selection Problems , 2011, Group Decision and Negotiation.

[11]  Jeroen J. van der Meer Multi-criteria decision model inference and application in information security risk classification , 2012 .

[12]  Michel Dagenais,et al.  FEMRA: Fuzzy Expert Model for Risk Assessment , 2010, 2010 Fifth International Conference on Internet Monitoring and Protection.

[13]  Michel Dagenais,et al.  Fuzzy Multi-Criteria Decision-Making for Information Security Risk Assessment , 2012 .

[14]  Gwo-Hshiung Tzeng,et al.  A VIKOR technique based on DEMATEL and ANP for information security risk control assessment , 2013, Inf. Sci..

[15]  Ying-Ming Wang,et al.  Fuzzy TOPSIS method based on alpha level sets with an application to bridge risk assessment , 2006, Expert Syst. Appl..

[16]  Cheng-Wei Lin,et al.  Multi-criteria analysis of alternative-fuel buses for public transportation , 2005 .

[17]  H. Susanto,et al.  Information Security Management System Standards : A Comparative Study of the Big Five , 2011 .