Information security management : ANP based approach for risk analysis and decision making
(2016) In Agris On-line Papers in Economics and Informatics 8(1). p.13-23- Abstract
In information systems security, the objectives of risk analysis process are to help to identify new threats and vulnerabilities, to estimate their business impact and to provide a dynamic set of tools to control the security level of the information system. The identification of risk factors as well as the estimation of their business impact require tools for assessment of risk with multi-value scales according to different stakeholders' point of view. Therefore, the purpose of this paper is to model risk analysis decision making problem using semantic network to develop the decision network and the Analytical Network Process (ANP) that allows solving complex problems taking into consideration quantitative and qualitative data. As a... (More)
In information systems security, the objectives of risk analysis process are to help to identify new threats and vulnerabilities, to estimate their business impact and to provide a dynamic set of tools to control the security level of the information system. The identification of risk factors as well as the estimation of their business impact require tools for assessment of risk with multi-value scales according to different stakeholders' point of view. Therefore, the purpose of this paper is to model risk analysis decision making problem using semantic network to develop the decision network and the Analytical Network Process (ANP) that allows solving complex problems taking into consideration quantitative and qualitative data. As a decision support technique ANP also measures the dependency among risk factors related to the elicitation of individual judgement. An empirical study involving the Forestry Company is used to illustrate the relevance of ANP.
(Less)
- author
- Brožová, Helena ; Šup, L. ; Rydval, J. ; Sadok, M. and Bednar, P. LU
- organization
- publishing date
- 2016-03-01
- type
- Contribution to journal
- publication status
- published
- subject
- keywords
- Analytical network process, Case study, Information security, Multi-criteria decision making, Risk factors, Semantic networks
- in
- Agris On-line Papers in Economics and Informatics
- volume
- 8
- issue
- 1
- pages
- 11 pages
- publisher
- Faculty of Economics and Management CULS Prague
- external identifiers
-
- scopus:84963811373
- ISSN
- 1804-1930
- DOI
- 10.7160/aol.2016.080102
- language
- English
- LU publication?
- yes
- id
- df71011e-d4ce-4140-a062-f324530d60e0
- date added to LUP
- 2016-07-14 09:42:31
- date last changed
- 2022-01-30 05:09:19
@article{df71011e-d4ce-4140-a062-f324530d60e0,
abstract = {{<p>In information systems security, the objectives of risk analysis process are to help to identify new threats and vulnerabilities, to estimate their business impact and to provide a dynamic set of tools to control the security level of the information system. The identification of risk factors as well as the estimation of their business impact require tools for assessment of risk with multi-value scales according to different stakeholders' point of view. Therefore, the purpose of this paper is to model risk analysis decision making problem using semantic network to develop the decision network and the Analytical Network Process (ANP) that allows solving complex problems taking into consideration quantitative and qualitative data. As a decision support technique ANP also measures the dependency among risk factors related to the elicitation of individual judgement. An empirical study involving the Forestry Company is used to illustrate the relevance of ANP.</p>}},
author = {{Brožová, Helena and Šup, L. and Rydval, J. and Sadok, M. and Bednar, P.}},
issn = {{1804-1930}},
keywords = {{Analytical network process; Case study; Information security; Multi-criteria decision making; Risk factors; Semantic networks}},
language = {{eng}},
month = {{03}},
number = {{1}},
pages = {{13--23}},
publisher = {{Faculty of Economics and Management CULS Prague}},
series = {{Agris On-line Papers in Economics and Informatics}},
title = {{Information security management : ANP based approach for risk analysis and decision making}},
url = {{http://dx.doi.org/10.7160/aol.2016.080102}},
doi = {{10.7160/aol.2016.080102}},
volume = {{8}},
year = {{2016}},
}