Computers and Operations Research
Computers and Industrial Engineering
InfraSec '02 Proceedings of the International Conference on Infrastructure Security
Multidimensional data in multidimensional scaling using the analytic network process
Pattern Recognition Letters
Expert Systems with Applications: An International Journal
Using the analytic network process (ANP) in a SWOT analysis - A case study for a textile firm
Information Sciences: an International Journal
A study on e-Taiwan information system security classification and implementation
Computer Standards & Interfaces
Information Sciences: an International Journal
NIST Special Publication 800-53 Information Security
NIST Special Publication 800-53 Information Security
Research on fuzzy group decision making in security risk assessment
ICN'05 Proceedings of the 4th international conference on Networking - Volume Part II
Optimal generation scheduling based on AHP/ANP
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Exploring smart phone improvements based on a hybrid MCDM model
Expert Systems with Applications: An International Journal
A fuzzy integral-based model for supplier evaluation and improvement
Information Sciences: an International Journal
A multi-risks group evaluation method for the informatization project under linguistic environment
Journal of Intelligent & Fuzzy Systems: Applications in Engineering and Technology
Hi-index | 0.07 |
As companies and organizations have grown to rely on their computer systems and networks, the issue of information security management has become more significant. To maintain their competitiveness, enterprises should safeguard their information and try to eliminate the risk of information being compromised or reduce this risk to an acceptable level. This paper proposes an information security risk-control assessment model that could improve information security for these companies and organizations. We propose an MCDM model combining VIKOR, DEMATEL, and ANP to solve the problem of conflicting criteria that show dependence and feedback. In addition, an empirical application of evaluating the risk controls is used to illustrate the proposed method. The results show that our proposed method can be effective in helping IT managers validate the effectiveness of their risk controls.