Show simple item record

dc.creatorTariq, Muhammad Imran
dc.creatorTayyaba, Shahzadi
dc.creatorAli Mian, Natash
dc.creatorSarfraz, Muhammad Shahzad
dc.creatorDe-la-Hoz-Franco, Emiro
dc.creatorButt, Shariq Aziz
dc.creatorSantarcangelo, Vito
dc.creatorRad, Dana V
dc.description.abstractThe organizations utilizing the cloud computing services are required to select suitable Information Security Controls (ISCs) to maintain data security and privacy. Many organizations bought popular products or traditional tools to select ISCs. However, selecting the wrong information security control without keeping in view severity of the risk, budgetary constraints, measures cost, and implementation and mitigation time may lead to leakage of data and resultantly, organizations may lose their user’s information, face financial implications, even reputation of the organization may be damaged. Therefore, the organizations should evaluate each control based on certain criteria like implementation time, mitigation time, exploitation time, risk, budgetary constraints, and previous effectiveness of the control under review. In this article, the authors utilized the methodologies of the Multi Criteria Decision Making (MCDM), Analytic Hierarchy Process (AHP) and Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) to help the cloud organizations in the prioritization and selection of the best information security control. Furthermore, a numerical example is also given, depicting the step by step utilization of the method in cloud organizations for the prioritization of the information security
dc.publisherCorporación Universidad de la Costaspa
dc.rightsAttribution-NonCommercial-NoDerivatives 4.0 International*
dc.sourceJournal of Intelligent & Fuzzy Systemsspa
dc.subjectInformation securityspa
dc.subjectAnalytical Hierarchy Processspa
dc.subjectfuzzy logicspa
dc.titleCombination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environmentspa
dcterms.referencesA. Barabanov, A. Markov and V. Tsirlov, Information Security Controls against Cross-Site Request Forgery Attacks on Software Applications of Automated Systems, in: IOP Publishing, (2018), pp.
dcterms.referencesE. Pricop, S.F. Mihalache, N. Paraschiv, J. Fattahi and F. Zamfir, Considerations regarding security issues impact on systems availability, in: 2016 8th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), IEEE, (2016), pp. 1–
dcterms.referencesE. Pricop and S.F. Mihalache, Assessing the security risks of a wireless sensor network from a gas compressor station, in: IEEE, (2014), pp. 45–
dcterms.referencesM.I. Tariq, S. Tayyaba, M.W. Ashraf, H. Rasheed and F. Khan, Analysis of NIST SP 800-53 Rev. 3 Controls Effectiveness for Cloud Computing, in: 1st National Conference on Emerging Trends and Innovations in Computing & Technology, Bahria University, Karachi, Karachi, (2016), pp. 88–
dcterms.referencesM.I. Tariq, Towards information security metrics framework for cloud computing, International Journal of Cloud Computing and Services Science 1 (2012),
dcterms.referencesH. Khajouei, M. Kazemi and S.H. Moosavirad, Ranking information security controls by using fuzzy analytic hierarchy process, Information Systems and E-Business Management 15 (2017), 1–
dcterms.referencesM.I. Tariq, S. Tayyaba, M.W. Ashraf and H. Rasheed, Risk Based NIST Effectiveness Analysis for Cloud Security, Bahria University Journal of Information & Communication Technologies (BUJICT) 10 (2017).spa
dcterms.referencesM.I. Tariq, S. Tayyaba, H. Rasheed and M.W. Ashraf, Factors influencing the Cloud Computing adoption in Higher Education Institutions of Punjab, Pakistan, in:IEEE, (2017), pp. 179–
dcterms.referencesF. Rahimian, A. Bajaj and W. Bradley, Estimation of deficiency risk and prioritization of information security controls: A data-centric approach, International Journal of Accounting Information Systems 20 (2016), 38–
dcterms.referencesS.A. Butt, M.I. Tariq, T. Jamal, A. Ali, J.L.D. Martinez and E. De-La-Hoz-Franco, Predictive Variables for Agile Devel opment Merging Cloud Computing Services, IEEE Access 7 (2019), 99273–
dcterms.referencesM.I. Tariq, Agent Based Information Security Framework for Hybrid Cloud Computing,KSII Transactions on Internet & Information Systems 13 (2019).spa
dcterms.referencesA. Hafezalkotob, A. Hafezalkotob, H. Liao and F. Her697 rera, An overview of MULTIMOORA for multi-criteria decision-making: Theory, developments, applications, and challenges, Information Fusion 51 (2019), 145–
dcterms.referencesA. Trivedi, S. Jha, S. Choudhary and R. Shandley, Fuzzy TOPSIS Multi-criteria Decision Making for Selection of Electric Molding Machine, in: Innovations in Computer Science and Engineering, Springer, (2019), pp. 325–
dcterms.referencesB. Javaid, M.A. Arshad, S. Ahmad and S.A.A. Kazmi, Comparison of Different Multi Criteria Decision Analysis Techniques for Performance Evaluation of Loop Configured Micro Grid, in: IEEE, (2019), pp. 1–
dcterms.referencesT.L. Saaty, What is the analytic hierarchy process?, in: Mathematical Models for Decision Support, Springer, (1988), pp. 710 109–
dcterms.referencesT.L. Saaty, A scaling method for priorities in hierarchical structures, Journal of Mathematical Psychology 15 (1977), 234–281spa
dcterms.referencesT.L. Saaty, The analytical hierarchy process, planning, priority, Resource Allocation. RWS Publications, USA. (1980).spa
dcterms.referencesT.L. Saaty, Decision making with the analytic hierarchy process, International Journal of Services Sciences 1 (2008), 718 83–
dcterms.referencesM. Mahmoudzadeh and A. Bafandeh, A new method for consistency test in fuzzy AHP, Journal of Intelligent & Fuzzy Systems 25 (2013), 457–
dcterms.referencesP. Pandey, and R. Litoriya, Fuzzy AHP based identification model for efficient application development, Journal of Intelligent & Fuzzy Systems (n.d.), 1–
dcterms.referencesD. Yong, Plant location selection based on fuzzy TOPSIS, The International Journal of Advanced Manufacturing Technology 28 (2006), 839–
dcterms.referencesK. Khalif, K.M. Naim, A. Gegov, A. Bakar and A. Syafadhli, Hybrid fuzzy MCDM model for Z-numbers using intuitive vectorial centroid, Journal of Intelligent & Fuzzy Systems 33 (2017), 791–
dcterms.referencesB. Ashtiani, F. Haghighirad, A. Makui and G. ali Montazer, Extension of fuzzy TOPSIS method based on interval734 valued fuzzy sets, Applied Soft Computing 9 (2009), 457–
dcterms.referencesB. Ashtiani, F. Haghighirad, A. Makui and G. ali Montazer, Extension of fuzzy TOPSIS method based on interval valued fuzzy sets, Applied Soft Computing 9 (2009), 457–
dcterms.referencesF.R.L. Junior, L. Osiro and L.C.R. Carpinetti, A comparison between Fuzzy AHP and Fuzzy TOPSIS methods to supplier selection, Applied Soft Computing 21 (2014), 194–
dcterms.referencesY. Beikkhakhian, M. Javanmardi, M. Karbasian and B. Khayambashi, The application of ISM model in evaluating agile suppliers selection criteria and ranking suppliers using fuzzy TOPSIS-AHP methods, Expert Systems with Applications 42 (2015), 6224–
dcterms.referencesL. Barnard and R. Von Solms, A formalized approach to the effective selection and evaluation of information security controls, Computers & Security 19 (2000), 185–
dcterms.referencesA.R. Otero, G. Tejay, L.D. Otero and A.J. Ruiz-Torres, A fuzzy logic-based information security control assessment for organizations, in: IEEE, (2012), pp. 1-6spa
dcterms.referencesA. Ejnioui, A.R. Otero, G. Tejay, C. Otero and A. Qureshi, A Multi-attribute Evaluation of Information Security Controls in Organizations Using Grey Systems Theory, in: The Steering Committee of The World Congress in Computer Science, Computer ..., (2012), pp.
dcterms.referencesJ. Breier and L. Hudec, On Selecting Critical Security Controls, in: 2013 International Conference on Availability, Reliability and Security, IEEE, Regensburg, Germany, (2013), pp. 582–588. doi:10.1109/ARES.2013.77spa
dcterms.referencesJ.J. Lv, Y.S. Zhou and Y.Z. Wang, A Multi-criteria Evaluation Method of Information Security Controls, in: 2011 Fourth International Joint Conference on Computational Sciences and Optimization, (2011), pp. 190–194. doi:10.1109/CSO.2011.43spa
dcterms.referencesA.R. Otero, C.E. Otero and A. Qureshi, A Multi-Criteria Evaluation of Information Security Controls Using Boolean Features, International Journal of Network Security & Its Applications 2 (2010), 1–11. doi:10.5121/ijnsa.2010.2401spa
dcterms.referencesN. Al-Safwani, S. Hassan and N. Katuk, A Multiple Attribute Decision Making for Improving Information Security Control Assessment, International Journal of Computer Applications 89 (2014), 19–24. doi:10.5120/15482-4222 772spa
dcterms.referencesA.R. Otero, An Information Security Control Assessment Methodology for Organizations, (2014),
dcterms.referencesA.R. Otero, An information security control assessment methodology for organizations’ financial information, International Journal of Accounting Information Systems 18 (2015), 26–45. doi:10.1016/j.accinf.2015.06.001spa
dcterms.referencesA.R. Otero, A. Ejnioui, C.E. Otero and G. Tejay, Evaluation of information security controls in organizations by grey relational analysis, International Journal of Dependable and Trustworthy Information Systems (IJDTIS) 2 (2011), 36–
dcterms.referencesA.M. Muiyuro, An Information technology controls evaluation prototype for financial institutions in Kenya, (2017).spa
dcterms.referencesT. Llanso, CIAM: A data-driven approach for selecting and prioritizing security controls, in: IEEE, (2012), pp. 1–
dcterms.referencesL. Almeida and A. Resp´ıcio, Decision support for selecting information security controls, Journal of Decision Systems 27 (2018), 173–180. doi:10.1080/12460125.2018.1468177spa
dcterms.referencesJ. Waxler, Prioritizing Security Controls Using Multiple Criteria Decision Making for Home Users, (2018).spa
dcterms.referencesK.K. Choo, S. Mubarak and D. Mani, Selection of information security controls based on AHP and GRA, in: Pacific Asia Conference on Information Systems,
dcterms.referencesI. Yevseyeva, F.V. Basto, A. van Moorsel, H. Janicke and T. Michael, Two-stage security controls selection, Procedia Computer Science 100 (2016),
dcterms.referencesT.L. Saaty, The analytic hierarchy process McGraw-Hill, New York 324 (1980).spa

Files in this item


This item appears in the following Collection(s)

Show simple item record

Attribution-NonCommercial-NoDerivatives 4.0 International
Except where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivatives 4.0 International