Group decision making with a fuzzy linguistic majority
Fuzzy Sets and Systems
On ordered weighted averaging aggregation operators in multicriteria decisionmaking
IEEE Transactions on Systems, Man and Cybernetics
Fuzzy Sets and Systems
A sequential selection process in group decision making with a linguistic assessment approach
Information Sciences—Intelligent Systems: An International Journal
Analytic properties of maximum entropy OWA operators
Information Sciences—Informatics and Computer Science: An International Journal
Direct approach processes in group decision making using linguistic OWA operators
Fuzzy Sets and Systems
On the issue of obtaining OWA operator weights
Fuzzy Sets and Systems
Computers and Operations Research
Information security is information risk management
Proceedings of the 2001 workshop on New security paradigms
Managing Information Security Risks: The Octave Approach
Managing Information Security Risks: The Octave Approach
Computers and Industrial Engineering
Information Security Risk Analysis
Information Security Risk Analysis
Multidimensional data in multidimensional scaling using the analytic network process
Pattern Recognition Letters
Expert Systems with Applications: An International Journal
A fuzzy outranking approach in risk analysis of web service security
Cluster Computing
The study of applying ANP model to assess dispatching rules for wafer fabrication
Expert Systems with Applications: An International Journal
Choosing knowledge management strategies by using a combined ANP and DEMATEL approach
Expert Systems with Applications: An International Journal
Expert Systems with Applications: An International Journal
Research on fuzzy group decision making in security risk assessment
ICN'05 Proceedings of the 4th international conference on Networking - Volume Part II
Hybrid Kansei-SOM model using risk management and company assessment for stock trading
Information Sciences: an International Journal
Hi-index | 12.05 |
Risk assessment is the core process of information security risk management. Organizations use risk assessment to determine the risks within an information system and provide sufficient means to reduce these risks. In this paper, a hybrid procedure for evaluating risk levels of information security under various security controls is proposed. First, this procedure applies the Decision Making Trial and Evaluation Laboratory (DEMATEL) approach to construct interrelations among security control areas. Secondly, likelihood ratings are obtained through the Analytic Network Process (ANP) method; as a result, the proposed procedure can detect the interdependences and feedback between security control families and function in real world situations. Lastly, the Fuzzy Linguistic Quantifiers-guided Maximum Entropy Order-Weighted averaging (FLQ-MEOWA) operator is used to aggregate impact values assessed by experts, applied to diminish the influence of extreme evaluations such as personal views and drastic perspectives. A real world application in a branch office of the health insurance institute in Taiwan was examined to verify the proposed procedure. By analyzing the acquired data, we confirm the proposed procedure certainly detects the influential factors among security control areas. This procedure also evaluates risk levels more accurately by coping with the interdependencies among security control families and determines the information systems safeguards required for better security, therefore enabling organizations to accomplish their missions.