Security risk factors: ANP model for risk management decision making

Helena Brozova; Jan Rydval; Libor Sup; Moufida Sadok; Peter Bednar

Security risk factors: ANP model for risk management decision making

Helena Brozova, Jan Rydval, Libor Sup, Moufida Sadok, Peter Bednar

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Information is a valuable asset supporting management decisions and business operations within the enterprise. Consequently, securing the company critical information assets from sophisticated insider threats and outsider attacks is essential to ensure business continuity and compliance with regulatory frameworks. Security risk management is the process that identifies threats and vulnerabilities of an enterprise information system, evaluates the likelihood of their occurrence and estimates their potential business impact. It is a continuous process that allows cost effectiveness of implemented security controls and provides a dynamic set of tools to monitor the security level of the information system. Given the uncertainty and complexity of security risks analyses, the identification of risk factors as well as the estimation of their business impact require tools for assessment of risk with multi-value scales according to different stakeholders' point of view. Therefore, the purpose of this paper is to model risk factors using semantic network to develop the decision network and the Analytical Network Process (ANP) to evaluate factors of complex problems taking into consideration quantitative and qualitative data. As a decision support technique ANP also measures the dependency among risk factors related to the elicitation of individual judgement.

Original language	English
Title of host publication	33rd International Conference on Mathematical Methods in Economics MME 2015: Conference Proceedings
Editors	David Martinčík, Jarmilla Ircingová , Petr Janeček
Place of Publication	Cheb
Publisher	University of West Bohemia
Pages	74-79
Number of pages	6
ISBN (Print)	9788026105398
Publication status	Published - 11 Sept 2015
Event	33rd International Conference on Mathematical Methods in Economics - Cheb, Czech Republic Duration: 9 Sept 2015 → 11 Sept 2015

Conference

Conference	33rd International Conference on Mathematical Methods in Economics
Country/Territory	Czech Republic
City	Cheb
Period	9/09/15 → 11/09/15

Keywords

information security
risk factors
semantic networks
analytical network process
multi-criteria decision making

Cite this

@inproceedings{04038b832ec54a73b63762146f63d52a,

title = "Security risk factors: ANP model for risk management decision making",

abstract = "Information is a valuable asset supporting management decisions and business operations within the enterprise. Consequently, securing the company critical information assets from sophisticated insider threats and outsider attacks is essential to ensure business continuity and compliance with regulatory frameworks. Security risk management is the process that identifies threats and vulnerabilities of an enterprise information system, evaluates the likelihood of their occurrence and estimates their potential business impact. It is a continuous process that allows cost effectiveness of implemented security controls and provides a dynamic set of tools to monitor the security level of the information system. Given the uncertainty and complexity of security risks analyses, the identification of risk factors as well as the estimation of their business impact require tools for assessment of risk with multi-value scales according to different stakeholders' point of view. Therefore, the purpose of this paper is to model risk factors using semantic network to develop the decision network and the Analytical Network Process (ANP) to evaluate factors of complex problems taking into consideration quantitative and qualitative data. As a decision support technique ANP also measures the dependency among risk factors related to the elicitation of individual judgement.",

keywords = "information security, risk factors, semantic networks, analytical network process, multi-criteria decision making",

author = "Helena Brozova and Jan Rydval and Libor Sup and Moufida Sadok and Peter Bednar",

year = "2015",

month = sep,

day = "11",

language = "English",

isbn = "9788026105398",

pages = "74--79",

editor = "David Martin{\v c}{\'i}k and \{Ircingov{\'a} \}, Jarmilla and Petr Jane{\v c}ek",

booktitle = "33rd International Conference on Mathematical Methods in Economics MME 2015: Conference Proceedings",

publisher = "University of West Bohemia",

address = "Czech Republic",

note = "33rd International Conference on Mathematical Methods in Economics ; Conference date: 09-09-2015 Through 11-09-2015",

}

Brozova, H, Rydval, J, Sup, L, Sadok, M & Bednar, P 2015, Security risk factors: ANP model for risk management decision making. in D Martinčík, J Ircingová & P Janeček (eds), 33rd International Conference on Mathematical Methods in Economics MME 2015: Conference Proceedings. University of West Bohemia, Cheb, pp. 74-79, 33rd International Conference on Mathematical Methods in Economics, Cheb, Czech Republic, 9/09/15.

Security risk factors: ANP model for risk management decision making. / Brozova, Helena; Rydval, Jan; Sup, Libor et al.
33rd International Conference on Mathematical Methods in Economics MME 2015: Conference Proceedings. ed. / David Martinčík; Jarmilla Ircingová ; Petr Janeček. Cheb: University of West Bohemia, 2015. p. 74-79.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Security risk factors: ANP model for risk management decision making

AU - Brozova, Helena

AU - Rydval, Jan

AU - Sup, Libor

AU - Sadok, Moufida

AU - Bednar, Peter

PY - 2015/9/11

Y1 - 2015/9/11

N2 - Information is a valuable asset supporting management decisions and business operations within the enterprise. Consequently, securing the company critical information assets from sophisticated insider threats and outsider attacks is essential to ensure business continuity and compliance with regulatory frameworks. Security risk management is the process that identifies threats and vulnerabilities of an enterprise information system, evaluates the likelihood of their occurrence and estimates their potential business impact. It is a continuous process that allows cost effectiveness of implemented security controls and provides a dynamic set of tools to monitor the security level of the information system. Given the uncertainty and complexity of security risks analyses, the identification of risk factors as well as the estimation of their business impact require tools for assessment of risk with multi-value scales according to different stakeholders' point of view. Therefore, the purpose of this paper is to model risk factors using semantic network to develop the decision network and the Analytical Network Process (ANP) to evaluate factors of complex problems taking into consideration quantitative and qualitative data. As a decision support technique ANP also measures the dependency among risk factors related to the elicitation of individual judgement.

AB - Information is a valuable asset supporting management decisions and business operations within the enterprise. Consequently, securing the company critical information assets from sophisticated insider threats and outsider attacks is essential to ensure business continuity and compliance with regulatory frameworks. Security risk management is the process that identifies threats and vulnerabilities of an enterprise information system, evaluates the likelihood of their occurrence and estimates their potential business impact. It is a continuous process that allows cost effectiveness of implemented security controls and provides a dynamic set of tools to monitor the security level of the information system. Given the uncertainty and complexity of security risks analyses, the identification of risk factors as well as the estimation of their business impact require tools for assessment of risk with multi-value scales according to different stakeholders' point of view. Therefore, the purpose of this paper is to model risk factors using semantic network to develop the decision network and the Analytical Network Process (ANP) to evaluate factors of complex problems taking into consideration quantitative and qualitative data. As a decision support technique ANP also measures the dependency among risk factors related to the elicitation of individual judgement.

KW - information security

KW - risk factors

KW - semantic networks

KW - analytical network process

KW - multi-criteria decision making

UR - https://www.bazawiedzy.ue.poznan.pl/info/book/UEPc66daaf1c7f94e38802c15dfb57e1dbe?aq=.%3AWUT382191%2C%40id%21%3DWUT382191&affil=WIiGE&r=publication&ps=20&title=Publication%2B%25E2%2580%2593%2B33rd%2BInternational%2BConference%2BMathematical%2BMethods%2Bin%2BEconomics%2BMME%2B2015%2B%253A%2BConference%2BProceedings%2B%25E2%2580%2593%2BPozna%25C5%2584%2BUniversity%2Bof%2BEconomics%2Band%2BBusiness+title&lang=en&pn=1

UR - https://mme2015.zcu.cz/conference-proceedings/

M3 - Conference contribution

SN - 9788026105398

SP - 74

EP - 79

BT - 33rd International Conference on Mathematical Methods in Economics MME 2015: Conference Proceedings

A2 - Martinčík, David

A2 - Ircingová , Jarmilla

A2 - Janeček, Petr

PB - University of West Bohemia

CY - Cheb

T2 - 33rd International Conference on Mathematical Methods in Economics

Y2 - 9 September 2015 through 11 September 2015

ER -

Security risk factors: ANP model for risk management decision making

Abstract

Conference

Keywords

Fingerprint

Cite this