Information security management: ANP based approach for risk analysis and decision making

Helena Brožová*, L. Šup, J. Rydval, M. Sadok, P. Bednar

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

87 Downloads (Pure)

Abstract

In information systems security, the objectives of risk analysis process are to help to identify new threats and vulnerabilities, to estimate their business impact and to provide a dynamic set of tools to control the security level of the information system. The identification of risk factors as well as the estimation of their business impact require tools for assessment of risk with multi-value scales according to different stakeholders' point of view. Therefore, the purpose of this paper is to model risk analysis decision making problem using semantic network to develop the decision network and the Analytical Network Process (ANP) that allows solving complex problems taking into consideration quantitative and qualitative data. As a decision support technique ANP also measures the dependency among risk factors related to the elicitation of individual judgement. An empirical study involving the Forestry Company is used to illustrate the relevance of ANP.

Original languageEnglish
Pages (from-to)13-23
Number of pages11
JournalAgris On-line Papers in Economics and Informatics
Volume8
Issue number1
DOIs
Publication statusPublished - 1 Mar 2016

Keywords

  • Analytical network process
  • Case study
  • Information security
  • Multi-criteria decision making
  • Risk factors
  • Semantic networks

Fingerprint

Dive into the research topics of 'Information security management: ANP based approach for risk analysis and decision making'. Together they form a unique fingerprint.

Cite this