TY - JOUR
T1 - Information security management
T2 - ANP based approach for risk analysis and decision making
AU - Brožová, Helena
AU - Šup, L.
AU - Rydval, J.
AU - Sadok, M.
AU - Bednar, P.
PY - 2016/3/1
Y1 - 2016/3/1
N2 - In information systems security, the objectives of risk analysis process are to help to identify new threats and vulnerabilities, to estimate their business impact and to provide a dynamic set of tools to control the security level of the information system. The identification of risk factors as well as the estimation of their business impact require tools for assessment of risk with multi-value scales according to different stakeholders' point of view. Therefore, the purpose of this paper is to model risk analysis decision making problem using semantic network to develop the decision network and the Analytical Network Process (ANP) that allows solving complex problems taking into consideration quantitative and qualitative data. As a decision support technique ANP also measures the dependency among risk factors related to the elicitation of individual judgement. An empirical study involving the Forestry Company is used to illustrate the relevance of ANP.
AB - In information systems security, the objectives of risk analysis process are to help to identify new threats and vulnerabilities, to estimate their business impact and to provide a dynamic set of tools to control the security level of the information system. The identification of risk factors as well as the estimation of their business impact require tools for assessment of risk with multi-value scales according to different stakeholders' point of view. Therefore, the purpose of this paper is to model risk analysis decision making problem using semantic network to develop the decision network and the Analytical Network Process (ANP) that allows solving complex problems taking into consideration quantitative and qualitative data. As a decision support technique ANP also measures the dependency among risk factors related to the elicitation of individual judgement. An empirical study involving the Forestry Company is used to illustrate the relevance of ANP.
KW - Analytical network process
KW - Case study
KW - Information security
KW - Multi-criteria decision making
KW - Risk factors
KW - Semantic networks
UR - http://www.scopus.com/inward/record.url?scp=84963811373&partnerID=8YFLogxK
UR - http://online.agris.cz/instructions-for-authors
U2 - 10.7160/aol.2016.080102
DO - 10.7160/aol.2016.080102
M3 - Article
AN - SCOPUS:84963811373
SN - 1804-1930
VL - 8
SP - 13
EP - 23
JO - Agris On-line Papers in Economics and Informatics
JF - Agris On-line Papers in Economics and Informatics
IS - 1
ER -