CFP last date
20 January 2025
Reseach Article

Multicriteria Evaluation and Sensitivity Analysis on Information Security

by Irfan Syamsuddin
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 69 - Number 24
Year of Publication: 2013
Authors: Irfan Syamsuddin
10.5120/12120-8242

Irfan Syamsuddin . Multicriteria Evaluation and Sensitivity Analysis on Information Security. International Journal of Computer Applications. 69, 24 ( May 2013), 22-25. DOI=10.5120/12120-8242

@article{ 10.5120/12120-8242,
author = { Irfan Syamsuddin },
title = { Multicriteria Evaluation and Sensitivity Analysis on Information Security },
journal = { International Journal of Computer Applications },
issue_date = { May 2013 },
volume = { 69 },
number = { 24 },
month = { May },
year = { 2013 },
issn = { 0975-8887 },
pages = { 22-25 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume69/number24/12120-8242/ },
doi = { 10.5120/12120-8242 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:31:12.941960+05:30
%A Irfan Syamsuddin
%T Multicriteria Evaluation and Sensitivity Analysis on Information Security
%J International Journal of Computer Applications
%@ 0975-8887
%V 69
%N 24
%P 22-25
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Information security plays a significant role in recent information society. Increasing number and impact of cyber attacks on information assets have resulted the increasing awareness among managers that attack on information is actually attack on organization itself. Unfortunately, particular model for information security evaluation for management levels is still not well defined. In this study, decision analysis based on Ternary Analytic Hierarchy Process (T-AHP) is proposed as a novel model to aid managers who responsible in making strategic evaluation related to information security issues. In addition, sensitivity analysis is applied to extend our analysis by using several "what-if" scenarios in order to measure the consistency of the final evaluation. Finally, we conclude that the final evaluation made by managers has a significant consistency shown by sensitivity analysis results.

References
  1. Householder, Houle, K. & Dougherty, C. (2002). Computer attack trends challenge Internet security. Computer IEEE, 35 (4), 5-7, 2002.
  2. Ransbotham, S. & Mitra, S. (2009). Choice and Chance: A Conceptual Model of Paths to Information Security Compromise. Information Systems Research, 20 (1), 121-139.
  3. Syamsuddin, I and Hwang, J, 2010, The Use of AHP in Security Policy Decision Making: An Open Office Calc Application, Journal of Software, 5(10), 1162-1169
  4. Bacik, S. (2008). Building an effective information security policy architecture. United States CRC Press. LLC, Boca Raton.
  5. Wylder, J. (2004). Strategic Information Security, United States: Auerbach 2008.
  6. Filipek, R. (2007). Information security becomes a business priority. Internal Auditor, 64 (1), 18.
  7. Anderson, R. (2001). Why Information Security is Hard: An Economic Perspective. Proceedings of 17th Annual Computer Security Applications Conference, 10-14.
  8. Gordon, L. A. & Loeb, M. P. (2002). The Economics of Investment in Information Security. ACM Transactions on Information and System Security, 5(4), 438-457.
  9. Martins, A. & Eloff, J. (2002). Information security culture", IFIP TC11, 17th international conference on information security (SEC2002), Cairo, Egypt, 203–214.
  10. Saaty, T. L. (1990). The Analytic Hierarchy Process, United States: RWS Publications, Pittsburgh, PA.
  11. Syamsuddin,I and Hwang, J, 2009, The Application of AHP to Evaluate Information Security Policy Decision Making, International Journal of Simulation, Systems, Science and Technology, 10(4), 46-50.
  12. Vaidya,O. & Kumar, S. (2006). Analytic hierarchy process: An overview of applications", European Journal of Operational Research, 169(1), 1–29.
  13. Takahashi, I. (1990) AHP Applied to Binary and Ternary Comparisons. Journal of Operations Research Society of Japan, 33(3),199–206.
  14. Fulford, H. and Doherty, N. F. (2003). The application of information security policies in large UK-based organizations: an exploratory investigation. Information Management & Computer Security, 11(3). 106-14.
  15. Nishizawa, K and Takahashi,I (2007) Estimation Methods By Stochastic Model In Binary And Ternary AHP, Journal of the Operations Research Society of Japan 50(2), 101-122.
  16. Takeda,E, 2001, A method for multiple pseudo-criteria decision problems, Computers & Operations Research, 28(14), 1427–1439.
  17. Syamsuddin, I, 2012, Evaluation of Strategic Information Security with Fuzzy AHP Method, American Journal of Intelligent Systems, 2(1), 9-13
  18. Thomson, M. E, & von Solms,R. (1998). Information security awareness: educating your users effectively. Information Management and Computer Security, 6(4), 167–173
Index Terms

Computer Science
Information Sciences

Keywords

information security security evaluation Analytic Hierarchy Process Ternary AHP sensitivity analysis