A VIKOR technique based on DEMATEL and ANP for information security risk control assessment

Authors:
Yu-Ping Ou Yang;How-Ming Shieh;Gwo-Hshiung Tzeng
Affiliations:
Department of Business Administration, National Central University, 300 Chung-da Road, Chung-Li City 320, Taiwan;Department of Business Administration, National Central University, 300 Chung-da Road, Chung-Li City 320, Taiwan and Department of Information Management, National Central University, 300 Chung-da ...;Department of Information Management, Kainan University, No. 1, Kainan Road, Luchu, Taoyuan 338, Taiwan and Institute of Management of Technology, National Chiao Tung University, 1001 Ta-Hsueh Roa ...
Venue:
Information Sciences: an International Journal
Year:
2013

Citing 11
Cited 4

Using analytic network process and goal programming for interdependent information system project selection

Computers and Operations Research
Product planning in quality function deployment using a combined analytic network process and goal programming approach

Computers and Industrial Engineering
Structured Risk Analysis

InfraSec '02 Proceedings of the International Conference on Infrastructure Security
Multidimensional data in multidimensional scaling using the analytic network process

Pattern Recognition Letters
Evaluating intertwined effects in e-learning programs: A novel hybrid MCDM model based on factor analysis and DEMATEL

Expert Systems with Applications: An International Journal
Using the analytic network process (ANP) in a SWOT analysis - A case study for a textile firm

Information Sciences: an International Journal
A study on e-Taiwan information system security classification and implementation

Computer Standards & Interfaces
A fuzzy analytic network process based approach to transportation-mode selection between Turkey and Germany: A case study

Information Sciences: an International Journal
NIST Special Publication 800-53 Information Security

NIST Special Publication 800-53 Information Security
Research on fuzzy group decision making in security risk assessment

ICN'05 Proceedings of the 4th international conference on Networking - Volume Part II
Optimal generation scheduling based on AHP/ANP

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics

Determining consumers' most preferred eWOM platform for movie reviews: A fuzzy analytic hierarchy process approach

Computers in Human Behavior
Exploring smart phone improvements based on a hybrid MCDM model

Expert Systems with Applications: An International Journal
A fuzzy integral-based model for supplier evaluation and improvement

Information Sciences: an International Journal
A multi-risks group evaluation method for the informatization project under linguistic environment

Journal of Intelligent & Fuzzy Systems: Applications in Engineering and Technology

Quantified Score

Hi-index	0.07

Visualization

Abstract

As companies and organizations have grown to rely on their computer systems and networks, the issue of information security management has become more significant. To maintain their competitiveness, enterprises should safeguard their information and try to eliminate the risk of information being compromised or reduce this risk to an acceptable level. This paper proposes an information security risk-control assessment model that could improve information security for these companies and organizations. We propose an MCDM model combining VIKOR, DEMATEL, and ANP to solve the problem of conflicting criteria that show dependence and feedback. In addition, an empirical application of evaluating the risk controls is used to illustrate the proposed method. The results show that our proposed method can be effective in helping IT managers validate the effectiveness of their risk controls.