| dc.creator | Tariq, Muhammad Imran | |
| dc.creator | Tayyaba, Shahzadi | |
| dc.creator | De-La-Hoz-Franco, Emiro | |
| dc.creator | Ashraf, Muhammad Waseem | |
| dc.creator | Rad, Dana | |
| dc.creator | Butt, Shariq Aziz | |
| dc.creator | Santarcangelo, Vito | |
| dc.date | 2022-07-07T13:58:31Z | |
| dc.date | 2022-07-07T13:58:31Z | |
| dc.date | 2021-11-26 | |
| dc.date.accessioned | 2023-10-03T20:09:36Z | |
| dc.date.available | 2023-10-03T20:09:36Z | |
| dc.identifier | Tariq, M.I. et al. (2022). Evaluation and Prioritization of Information Security Controls of ISO/IEC 27002:2013 for SMEs Through Fuzzy TOPSIS. In: Pan, JS., Balas, V.E., Chen, CM. (eds) Advances in Intelligent Data Analysis and Applications. Smart Innovation, Systems and Technologies, vol 253. Springer, Singapore. https://doi.org/10.1007/978-981-16-5036-9_27 | |
| dc.identifier | 978-981-16-5035-2 | |
| dc.identifier | https://hdl.handle.net/11323/9345 | |
| dc.identifier | https://doi.org/10.1007/978-981-16-5036-9_27 | |
| dc.identifier | 10.1007/978-981-16-5036-9_27 | |
| dc.identifier | Corporación Universidad de la Costa | |
| dc.identifier | REDICUC - Repositorio CUC | |
| dc.identifier | https://repositorio.cuc.edu.co/ | |
| dc.identifier | 978-981-16-5036-9 | |
| dc.identifier.uri | https://repositorioslatinoamericanos.uchile.cl/handle/2250/9174626 | |
| dc.description | Managing a large number of Information Security controls with slight impact may increase the extra effort and time in the shape of implementation and mitigation of risk. Therefore, Information Security Controls need to be prioritized. The main goals of this paper are to an in-depth study of ISO/IEC 27002:2013 that consists of 114 information security controls with 35 security domains and to rank/prioritize these controls. In this study, a questioner was designed and distributed it among Information Security Experts having experience of Information Security deployment in Small Medium Enterprises (SMEs). The study initially studied different methodologies for prioritization of Information Security Controls, developed criteria including effectiveness, implementation time, mitigation time, risk and budgetary constraints to evaluate ISO/IEC 27002:2013 control. The study applies a Fuzzy Technique for Order of Preference by Similarity to Ideal Solution TOPSIS technique to evaluate and rank the information security controls. A fuzzy TOPSIS methodology comprising linguistics data is used to get unclear conditions and, therefore, fuzzy TOPSIS is used as a tool to allow a more precise calculation of inaccurate parameters than old-style methods. We contend that evaluating of ISO/IEC 27002:2013 using fuzzy TOPSIS leads to a great accurate assessment and, therefore, supports an effective selection/ranking/ prioritization of information security controls in SMEs. | |
| dc.format | 1 página | |
| dc.format | application/pdf | |
| dc.format | application/pdf | |
| dc.language | eng | |
| dc.publisher | Springer Science and Business Media Deutschland GmbH | |
| dc.publisher | Germany | |
| dc.relation | Advances in Intelligent Data Analysis and Applications; | |
| dc.relation | Smart Innovation, Systems and Technologies | |
| dc.relation | Tariq, M.I., Tayyaba, S., Ashraf, M.W., Rasheed, H.: Risk based NIST effectiveness analysis for cloud security. Bahria Univ. J. Inf. Commun. Technol. (BUJICT) 10 (2017) | |
| dc.relation | Tariq, M.I.: Analysis of the effectiveness of cloud control matrix for hybrid cloud computing. Int. J. Future Gener. Commun. Netw. 11, 1–10 (2018) | |
| dc.relation | Tariq, M.I.: Agent based information security framework for hybrid cloud computing. KSII Trans. Internet Inf. Syst. 13 (2019) | |
| dc.relation | Saint-Germain, R.: Information security management best practice based on ISO/IEC 17799. Inf. Manag. J.-Prairie Village 39, 60 (2005) | |
| dc.relation | Tariq, M.I., Tayyaba, S., Hashmi, M.U., Ashraf, M.W., Mian, N.A.: Agent based information security threat management framework for hybrid cloud computing. IJCSNS 17, 57 (2017) | |
| dc.relation | Van der Haar, H., Von Solms, R.: A model for deriving information security control attribute profiles. Comput. Secur. 22, 233–244 (2003) | |
| dc.relation | Tariq, M.I., Tayyaba, S., Rasheed, H., Ashraf, M.W.: Factors influencing the cloud computing adoption in higher education institutions of Punjab, Pakistan. Presented at the 2017 International Conference on Communication, Computing and Digital Systems (C-CODE) (2017) | |
| dc.relation | De la Hoz, E., de la Hoz, E., Ortiz, A., Ortega, J., Martínez-Álvarez, A.: Feature selection by multi-objective optimisation: application to network anomaly detection by hierarchical self-organising maps. Knowl. Based Syst. 71, 322–338 (2014) | |
| dc.relation | Chen, C.-T.: Extensions of the TOPSIS for group decision-making under fuzzy environment. Fuzzy Sets Syst. 114, 1–9 (2000) | |
| dc.relation | Gharaee, H., AGHA, M.M.: Designing of multi criteria decision making model for improve ranking of information security risks (2015) | |
| dc.relation | Brožová, H., Šup, L., Rydval, J., Sadok, M., Bednar, P.: Information security management: ANP based approach for risk analysis and decision making. Agris On-line Papers Econ. Inf. 8, 13–23 (2016). https://doi.org/10.7160/aol.2016.080102 | |
| dc.relation | Sendi, A.S., Jabbarifar, M., Shajari, M., Dagenais, M.: FEMRA: fuzzy expert model for risk assessment. In: 2010 Fifth International Conference on Internet Monitoring and Protection, pp. 48–53 (2010) | |
| dc.relation | Zhao, D. m, Wang, J. h, Ma, J. f: Fuzzy risk assessment of the network security. In: 2006 International Conference on Machine Learning and Cybernetics, pp. 4400–4405 (2006) | |
| dc.relation | Eren-Dogu, Z.F., Celikoglu, C.C.: Information security risk assessment: Bayesian prioritization for AHP group decision making 8, 14 (2012) | |
| dc.relation | Xinlan, Z., Zhifang, H., Guangfu, W., Xin, Z.: Information security risk assessment methodology research: group decision making and analytic hierarchy process. In: 2010 Second World Congress on Software Engineering, pp. 157–160 (2010) | |
| dc.relation | Lv, J.J., Zhou, Y.S., Wang, Y.Z.: A multi-criteria evaluation method of information security controls. In: 2011 Fourth International Joint Conference on Computational Sciences and Optimization, pp. 190–194 (2011) | |
| dc.relation | Ejnioui, A., Otero, A.R., Tejay, G., Otero, C.E., Qureshi, A.A.: A multi-attribute evaluation of information security, 7 | |
| dc.relation | Guan, B.-C., Lo, C.-C., Wang, P., Hwang, J.-S.: Evaluation of information security related risks of an organization: the application of the multicriteria decision-making method. In: IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings, pp. 168–175 (2003) | |
| dc.relation | Ngeru, J., Bardhan, T.K.: Selecting cloud deployment model using a delphi analytic hierarchy process (DAHP). Ind. Syst. Eng. Rev. 3, 59–70 (2015) | |
| dc.relation | Supriya, M., Sangeeta, K., Patra, G.: Trustworthy cloud service provider selection using multi criteria decision making methods. Eng. Lett. 24 (2016) | |
| dc.relation | Otero, A.R., Otero, C.E., Qureshi, A.: A multi-criteria evaluation of information security controls using Boolean features. Int. J. Netw. Secur. Its Appl. 2, 1–11 (2010). https://doi.org/10.5121/ijnsa.2010.2401 | |
| dc.relation | Al-Safwani, N., Hassan, S., Katuk, N.: A multiple attribute decision making for improving information security control assessment. Int. J. Comput. Appl. 89, 19–24 (2014). https://doi.org/10.5120/15482-4222 | |
| dc.relation | Otero, A.R.: An information security control assessment methodology for organizations 176 (2014) | |
| dc.relation | Almeida, L., Respício, A.: Decision support for selecting information security controls. J. Decis. Syst. 27, 173–180 (2018). https://doi.org/10.1080/12460125.2018.1468177 | |
| dc.relation | Kierzkowski, A., Kisiel, T.: Evaluation of a security control lane with the application of fuzzy logic. Procedia Eng. 187, 656–663 (2017). https://doi.org/10.1016/j.proeng.2017.04.427 | |
| dc.relation | Waxler, J.: Prioritizing security controls using multiple criteria decision making for home users (2018) | |
| dc.relation | Jalayer, F.S., Nabiollahi, A.: Ranking criteria of enterprise information security architecture using fuzzy TOPSIS. Int. J. Comput. Sci. Inf. Technol. 8 (2016) | |
| dc.relation | Khajouei, H., Kazemi, M., Moosavirad, S.H.: Ranking information security controls by using fuzzy analytic hierarchy process. IseB 15, 1–19 (2017) | |
| dc.relation | Choo, K.K., Mubarak, S., Mani, D.: Selection of information security controls based on AHP and GRA. Presented at the (2014) | |
| dc.relation | Yevseyeva, I., Basto, F.V., van Moorsel, A., Janicke, H., Michael, T.: Two-stage security controls selection. Procedia Comput. Sci. 100, 8 (2016) | |
| dc.relation | Barnard, L., Von Solms, R.: A formalized approach to the effective selection and evaluation of information security controls. Comput. Secur. 19, 185–194 (2000) | |
| dc.relation | Otero, C.E., Dell, E., Qureshi, A., Otero, L.D.: A quality-based requirement prioritization framework using binary inputs. Presented at the (2010) | |
| dc.relation | Chen, Z., Yoon, J.: IT auditing to assure a secure cloud computing. Presented at the Services (SERVICES-1), 2010 6th World Congress on (2010) | |
| dc.relation | Dhillon, G., Torkzadeh, G.: Value-focused assessment of information system security in organizations. Inf. Syst. J. 16, 293–314 (2006) | |
| dc.relation | Baskerville, R., Siponen, M.: An information security meta-policy for emergent organizations. Logist. Inf. Manag. 15, 337–346 (2002) | |
| dc.relation | Yang, Y.-P.O., Shieh, H.-M., Tzeng, G.-H.: A VIKOR technique based on DEMATEL and ANP for information security risk control assessment. Inf. Sci. 232, 482–500 (2013) | |
| dc.relation | De-La-Hoz-Franco, E., Ariza-Colpas, P., Quero, J.M., Espinilla, M.: Sensor-based datasets for human activity recognition—a systematic review of literature. IEEE Access. 6, 59192–59210 (2018) | |
| dc.relation | Bellman, R.E., Zadeh, L.A.: Decision-making in a fuzzy environment. Manag. Sci. 17, B-141 (1970) | |
| dc.relation | SJ, C., Hwong, C., Chen, S., Hwong, C.: Fuzzy multiple attribute decision-making: methods and applications. книгa (1992) | |
| dc.relation | Pandey, M., Khare, N., Shrivastava, S.: New aggregation operator for trapezoidal fuzzy numbers based on the geometric means of the left and right apex angles. Submitted for Publication (2012) | |
| dc.relation | 289 | |
| dc.relation | 271 | |
| dc.rights | Atribución-NoComercial-CompartirIgual 4.0 Internacional (CC BY-NC-SA 4.0) | |
| dc.rights | © 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. | |
| dc.rights | https://creativecommons.org/licenses/by-nc-sa/4.0/ | |
| dc.rights | info:eu-repo/semantics/openAccess | |
| dc.rights | http://purl.org/coar/access_right/c_abf2 | |
| dc.source | https://link.springer.com/chapter/10.1007/978-981-16-5036-9_27 | |
| dc.subject | Fuzzy logic | |
| dc.subject | Information security | |
| dc.subject | Information security controls | |
| dc.subject | ISO/IEC 27002:2013 | |
| dc.subject | TOPSIS | |
| dc.title | Evaluation and prioritization of information security controls of ISO/IEC 27002:2013 for SMEs Through Fuzzy TOPSIS | |
| dc.type | Capítulo - Parte de Libro | |
| dc.type | http://purl.org/coar/resource_type/c_3248 | |
| dc.type | Text | |
| dc.type | info:eu-repo/semantics/bookPart | |
| dc.type | info:eu-repo/semantics/publishedVersion | |
| dc.type | http://purl.org/redcol/resource_type/CAP_LIB | |
| dc.type | info:eu-repo/semantics/draft | |
| dc.type | http://purl.org/coar/version/c_ab4af688f83e57aa | |
