Advanced

Information security management : ANP based approach for risk analysis and decision making

Brožová, Helena; Šup, L.; Rydval, J.; Sadok, M. and Bednar, P. LU (2016) In Agris On-line Papers in Economics and Informatics 8(1). p.13-23
Abstract

In information systems security, the objectives of risk analysis process are to help to identify new threats and vulnerabilities, to estimate their business impact and to provide a dynamic set of tools to control the security level of the information system. The identification of risk factors as well as the estimation of their business impact require tools for assessment of risk with multi-value scales according to different stakeholders' point of view. Therefore, the purpose of this paper is to model risk analysis decision making problem using semantic network to develop the decision network and the Analytical Network Process (ANP) that allows solving complex problems taking into consideration quantitative and qualitative data. As a... (More)

In information systems security, the objectives of risk analysis process are to help to identify new threats and vulnerabilities, to estimate their business impact and to provide a dynamic set of tools to control the security level of the information system. The identification of risk factors as well as the estimation of their business impact require tools for assessment of risk with multi-value scales according to different stakeholders' point of view. Therefore, the purpose of this paper is to model risk analysis decision making problem using semantic network to develop the decision network and the Analytical Network Process (ANP) that allows solving complex problems taking into consideration quantitative and qualitative data. As a decision support technique ANP also measures the dependency among risk factors related to the elicitation of individual judgement. An empirical study involving the Forestry Company is used to illustrate the relevance of ANP.

(Less)
Please use this url to cite or link to this publication:
author
organization
publishing date
type
Contribution to journal
publication status
published
subject
keywords
Analytical network process, Case study, Information security, Multi-criteria decision making, Risk factors, Semantic networks
in
Agris On-line Papers in Economics and Informatics
volume
8
issue
1
pages
11 pages
publisher
Faculty of Economics and Management CULS Prague
external identifiers
  • Scopus:84963811373
DOI
10.7160/aol.2016.080102
language
English
LU publication?
yes
id
df71011e-d4ce-4140-a062-f324530d60e0
date added to LUP
2016-07-14 09:42:31
date last changed
2016-07-14 09:42:31
@misc{df71011e-d4ce-4140-a062-f324530d60e0,
  abstract     = {<p>In information systems security, the objectives of risk analysis process are to help to identify new threats and vulnerabilities, to estimate their business impact and to provide a dynamic set of tools to control the security level of the information system. The identification of risk factors as well as the estimation of their business impact require tools for assessment of risk with multi-value scales according to different stakeholders' point of view. Therefore, the purpose of this paper is to model risk analysis decision making problem using semantic network to develop the decision network and the Analytical Network Process (ANP) that allows solving complex problems taking into consideration quantitative and qualitative data. As a decision support technique ANP also measures the dependency among risk factors related to the elicitation of individual judgement. An empirical study involving the Forestry Company is used to illustrate the relevance of ANP.</p>},
  author       = {Brožová, Helena and Šup, L. and Rydval, J. and Sadok, M. and Bednar, P.},
  keyword      = {Analytical network process,Case study,Information security,Multi-criteria decision making,Risk factors,Semantic networks},
  language     = {eng},
  month        = {03},
  number       = {1},
  pages        = {13--23},
  publisher    = {ARRAY(0x91ac110)},
  series       = {Agris On-line Papers in Economics and Informatics},
  title        = {Information security management : ANP based approach for risk analysis and decision making},
  url          = {http://dx.doi.org/10.7160/aol.2016.080102},
  volume       = {8},
  year         = {2016},
}