Multicriteria Evaluation and Sensitivity Analysis on Information Security

Information security plays a significant role in recent information society. Increasing number and impact of cyber attacks on information assets have resulted the increasing awareness among managers that attack on information is actually attack on organization itself. Unfortunately, particular model for information security evaluation for management levels is still not well defined. In this study, decision analysis based on Ternary Analytic Hierarchy Process (T-AHP) is proposed as a novel model to aid managers who responsible in making strategic evaluation related to information security issues. In addition, sensitivity analysis is applied to extend our analysis by using several “what-if” scenarios in order to measure the consistency of the final evaluation. Finally, we conclude that the final evaluation made by managers has a significant consistency shown by sensitivity analysis results.

[1]  Rossouw von Solms,et al.  Information security awareness: educating your users effectively , 1998, Inf. Manag. Comput. Secur..

[2]  M. Bohanec,et al.  The Analytic Hierarchy Process , 2004 .

[3]  Iwaro Takahashi,et al.  ESTIMATION METHODS BY STOCHASTIC MODEL IN BINARY AND TERNARY AHP , 2007 .

[4]  Sushil Kumar,et al.  Analytic hierarchy process: An overview of applications , 2006, Eur. J. Oper. Res..

[5]  A. Householder,et al.  Computer attack trends challenge Internet security , 2002 .

[6]  Eiji Takeda,et al.  A method for multiple pseudo-criteria decision problems , 2001, Comput. Oper. Res..

[7]  Sandy Bacik Building an Effective Information Security Policy Architecture , 2008 .

[8]  Irfan Syamsuddin,et al.  Evaluation of Strategic Information Security with Fuzzy AHP Method , 2012 .

[9]  Irfan Syamsuddin,et al.  The Use of AHP in Security Policy Decision Making: An Open Office Calc Application , 2010, J. Softw..

[10]  R. Filipek Information security becomes a business priority , 2007 .

[11]  Jan H. P. Eloff,et al.  Information Security Culture , 2002, SEC.

[12]  Ross J. Anderson Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.

[13]  Syamsuddin Irfan,et al.  The Application of AHP to Evaluate Information Security Policy Decision Making , 2014 .

[14]  Sam Ransbotham,et al.  Choice and Chance: A Conceptual Model of Paths to Information Security Compromise , 2009, Inf. Syst. Res..

[15]  Neil F. Doherty,et al.  The application of information security policies in large UK-based organizations: an exploratory investigation , 2003, Inf. Manag. Comput. Secur..

[16]  Iwaro Takahashi,et al.  AHP APPLIED TO BINARY AND TERNARY COMPARISONS , 1990 .

[17]  J. Wylder Strategic Information Security , 2003 .