Show simple item record

dc.creatorTariq, Muhammad Imran
dc.creatorTayyaba, Shahzadi
dc.creatorAli Mian, Natash
dc.creatorSarfraz, Muhammad Shahzad
dc.creatorDe-la-Hoz-Franco, Emiro
dc.creatorButt, Shariq Aziz
dc.creatorSantarcangelo, Vito
dc.creatorRad, Dana V
dc.date.accessioned2020-11-14T21:34:08Z
dc.date.available2020-11-14T21:34:08Z
dc.date.issued2020
dc.identifier.urihttps://hdl.handle.net/11323/7314
dc.description.abstractThe organizations utilizing the cloud computing services are required to select suitable Information Security Controls (ISCs) to maintain data security and privacy. Many organizations bought popular products or traditional tools to select ISCs. However, selecting the wrong information security control without keeping in view severity of the risk, budgetary constraints, measures cost, and implementation and mitigation time may lead to leakage of data and resultantly, organizations may lose their user’s information, face financial implications, even reputation of the organization may be damaged. Therefore, the organizations should evaluate each control based on certain criteria like implementation time, mitigation time, exploitation time, risk, budgetary constraints, and previous effectiveness of the control under review. In this article, the authors utilized the methodologies of the Multi Criteria Decision Making (MCDM), Analytic Hierarchy Process (AHP) and Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) to help the cloud organizations in the prioritization and selection of the best information security control. Furthermore, a numerical example is also given, depicting the step by step utilization of the method in cloud organizations for the prioritization of the information security controls.spa
dc.format.mimetypeapplication/pdfspa
dc.language.isoengspa
dc.publisherCorporación Universidad de la Costaspa
dc.rightsAttribution-NonCommercial-NoDerivatives 4.0 International*
dc.rights.urihttp://creativecommons.org/licenses/by-nc-nd/4.0/*
dc.sourceJournal of Intelligent & Fuzzy Systemsspa
dc.subjectInformation securityspa
dc.subjectAnalytical Hierarchy Processspa
dc.subjectTOPSISspa
dc.subjectfuzzy logicspa
dc.subjectMCDMspa
dc.subjectMADMspa
dc.titleCombination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environmentspa
dc.typearticlespa
dcterms.referencesA. Barabanov, A. Markov and V. Tsirlov, Information Security Controls against Cross-Site Request Forgery Attacks on Software Applications of Automated Systems, in: IOP Publishing, (2018), pp. 042034.spa
dcterms.referencesE. Pricop, S.F. Mihalache, N. Paraschiv, J. Fattahi and F. Zamfir, Considerations regarding security issues impact on systems availability, in: 2016 8th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), IEEE, (2016), pp. 1–6.spa
dcterms.referencesE. Pricop and S.F. Mihalache, Assessing the security risks of a wireless sensor network from a gas compressor station, in: IEEE, (2014), pp. 45–50.spa
dcterms.referencesM.I. Tariq, S. Tayyaba, M.W. Ashraf, H. Rasheed and F. Khan, Analysis of NIST SP 800-53 Rev. 3 Controls Effectiveness for Cloud Computing, in: 1st National Conference on Emerging Trends and Innovations in Computing & Technology, Bahria University, Karachi, Karachi, (2016), pp. 88–92.spa
dcterms.referencesM.I. Tariq, Towards information security metrics framework for cloud computing, International Journal of Cloud Computing and Services Science 1 (2012), 209.spa
dcterms.referencesH. Khajouei, M. Kazemi and S.H. Moosavirad, Ranking information security controls by using fuzzy analytic hierarchy process, Information Systems and E-Business Management 15 (2017), 1–19.spa
dcterms.referencesM.I. Tariq, S. Tayyaba, M.W. Ashraf and H. Rasheed, Risk Based NIST Effectiveness Analysis for Cloud Security, Bahria University Journal of Information & Communication Technologies (BUJICT) 10 (2017).spa
dcterms.referencesM.I. Tariq, S. Tayyaba, H. Rasheed and M.W. Ashraf, Factors influencing the Cloud Computing adoption in Higher Education Institutions of Punjab, Pakistan, in:IEEE, (2017), pp. 179–184.spa
dcterms.referencesF. Rahimian, A. Bajaj and W. Bradley, Estimation of deficiency risk and prioritization of information security controls: A data-centric approach, International Journal of Accounting Information Systems 20 (2016), 38–64.spa
dcterms.referencesS.A. Butt, M.I. Tariq, T. Jamal, A. Ali, J.L.D. Martinez and E. De-La-Hoz-Franco, Predictive Variables for Agile Devel opment Merging Cloud Computing Services, IEEE Access 7 (2019), 99273–99282.spa
dcterms.referencesM.I. Tariq, Agent Based Information Security Framework for Hybrid Cloud Computing,KSII Transactions on Internet & Information Systems 13 (2019).spa
dcterms.referencesA. Hafezalkotob, A. Hafezalkotob, H. Liao and F. Her697 rera, An overview of MULTIMOORA for multi-criteria decision-making: Theory, developments, applications, and challenges, Information Fusion 51 (2019), 145–177.spa
dcterms.referencesA. Trivedi, S. Jha, S. Choudhary and R. Shandley, Fuzzy TOPSIS Multi-criteria Decision Making for Selection of Electric Molding Machine, in: Innovations in Computer Science and Engineering, Springer, (2019), pp. 325–332.spa
dcterms.referencesB. Javaid, M.A. Arshad, S. Ahmad and S.A.A. Kazmi, Comparison of Different Multi Criteria Decision Analysis Techniques for Performance Evaluation of Loop Configured Micro Grid, in: IEEE, (2019), pp. 1–7.spa
dcterms.referencesT.L. Saaty, What is the analytic hierarchy process?, in: Mathematical Models for Decision Support, Springer, (1988), pp. 710 109–121.spa
dcterms.referencesT.L. Saaty, A scaling method for priorities in hierarchical structures, Journal of Mathematical Psychology 15 (1977), 234–281spa
dcterms.referencesT.L. Saaty, The analytical hierarchy process, planning, priority, Resource Allocation. RWS Publications, USA. (1980).spa
dcterms.referencesT.L. Saaty, Decision making with the analytic hierarchy process, International Journal of Services Sciences 1 (2008), 718 83–98.spa
dcterms.referencesM. Mahmoudzadeh and A. Bafandeh, A new method for consistency test in fuzzy AHP, Journal of Intelligent & Fuzzy Systems 25 (2013), 457–461.spa
dcterms.referencesP. Pandey, and R. Litoriya, Fuzzy AHP based identification model for efficient application development, Journal of Intelligent & Fuzzy Systems (n.d.), 1–12.spa
dcterms.referencesD. Yong, Plant location selection based on fuzzy TOPSIS, The International Journal of Advanced Manufacturing Technology 28 (2006), 839–844.spa
dcterms.referencesK. Khalif, K.M. Naim, A. Gegov, A. Bakar and A. Syafadhli, Hybrid fuzzy MCDM model for Z-numbers using intuitive vectorial centroid, Journal of Intelligent & Fuzzy Systems 33 (2017), 791–805.spa
dcterms.referencesB. Ashtiani, F. Haghighirad, A. Makui and G. ali Montazer, Extension of fuzzy TOPSIS method based on interval734 valued fuzzy sets, Applied Soft Computing 9 (2009), 457–461.spa
dcterms.referencesB. Ashtiani, F. Haghighirad, A. Makui and G. ali Montazer, Extension of fuzzy TOPSIS method based on interval valued fuzzy sets, Applied Soft Computing 9 (2009), 457–461.spa
dcterms.referencesF.R.L. Junior, L. Osiro and L.C.R. Carpinetti, A comparison between Fuzzy AHP and Fuzzy TOPSIS methods to supplier selection, Applied Soft Computing 21 (2014), 194–209.spa
dcterms.referencesY. Beikkhakhian, M. Javanmardi, M. Karbasian and B. Khayambashi, The application of ISM model in evaluating agile suppliers selection criteria and ranking suppliers using fuzzy TOPSIS-AHP methods, Expert Systems with Applications 42 (2015), 6224–6236.spa
dcterms.referencesL. Barnard and R. Von Solms, A formalized approach to the effective selection and evaluation of information security controls, Computers & Security 19 (2000), 185–194.spa
dcterms.referencesA.R. Otero, G. Tejay, L.D. Otero and A.J. Ruiz-Torres, A fuzzy logic-based information security control assessment for organizations, in: IEEE, (2012), pp. 1-6spa
dcterms.referencesA. Ejnioui, A.R. Otero, G. Tejay, C. Otero and A. Qureshi, A Multi-attribute Evaluation of Information Security Controls in Organizations Using Grey Systems Theory, in: The Steering Committee of The World Congress in Computer Science, Computer ..., (2012), pp. 1.spa
dcterms.referencesJ. Breier and L. Hudec, On Selecting Critical Security Controls, in: 2013 International Conference on Availability, Reliability and Security, IEEE, Regensburg, Germany, (2013), pp. 582–588. doi:10.1109/ARES.2013.77spa
dcterms.referencesJ.J. Lv, Y.S. Zhou and Y.Z. Wang, A Multi-criteria Evaluation Method of Information Security Controls, in: 2011 Fourth International Joint Conference on Computational Sciences and Optimization, (2011), pp. 190–194. doi:10.1109/CSO.2011.43spa
dcterms.referencesA.R. Otero, C.E. Otero and A. Qureshi, A Multi-Criteria Evaluation of Information Security Controls Using Boolean Features, International Journal of Network Security & Its Applications 2 (2010), 1–11. doi:10.5121/ijnsa.2010.2401spa
dcterms.referencesN. Al-Safwani, S. Hassan and N. Katuk, A Multiple Attribute Decision Making for Improving Information Security Control Assessment, International Journal of Computer Applications 89 (2014), 19–24. doi:10.5120/15482-4222 772spa
dcterms.referencesA.R. Otero, An Information Security Control Assessment Methodology for Organizations, (2014), 176.spa
dcterms.referencesA.R. Otero, An information security control assessment methodology for organizations’ financial information, International Journal of Accounting Information Systems 18 (2015), 26–45. doi:10.1016/j.accinf.2015.06.001spa
dcterms.referencesA.R. Otero, A. Ejnioui, C.E. Otero and G. Tejay, Evaluation of information security controls in organizations by grey relational analysis, International Journal of Dependable and Trustworthy Information Systems (IJDTIS) 2 (2011), 36–54.spa
dcterms.referencesA.M. Muiyuro, An Information technology controls evaluation prototype for financial institutions in Kenya, (2017).spa
dcterms.referencesT. Llanso, CIAM: A data-driven approach for selecting and prioritizing security controls, in: IEEE, (2012), pp. 1–8.spa
dcterms.referencesL. Almeida and A. Resp´ıcio, Decision support for selecting information security controls, Journal of Decision Systems 27 (2018), 173–180. doi:10.1080/12460125.2018.1468177spa
dcterms.referencesJ. Waxler, Prioritizing Security Controls Using Multiple Criteria Decision Making for Home Users, (2018).spa
dcterms.referencesK.K. Choo, S. Mubarak and D. Mani, Selection of information security controls based on AHP and GRA, in: Pacific Asia Conference on Information Systems, 2014.spa
dcterms.referencesI. Yevseyeva, F.V. Basto, A. van Moorsel, H. Janicke and T. Michael, Two-stage security controls selection, Procedia Computer Science 100 (2016), 8.spa
dcterms.referencesT.L. Saaty, The analytic hierarchy process McGraw-Hill, New York 324 (1980).spa
dc.type.hasVersioninfo:eu-repo/semantics/publishedVersionspa
dc.source.urlhttps://content.iospress.com/articles/journal-of-intelligent-and-fuzzy-systems/ifs179692spa
dc.rights.accessrightsinfo:eu-repo/semantics/openAccessspa
dc.identifier.doihttp://doi.org/10.3233/JIFS-179692


Files in this item

Thumbnail
Thumbnail

This item appears in the following Collection(s)

Show simple item record

Attribution-NonCommercial-NoDerivatives 4.0 International
Except where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivatives 4.0 International