Title :
A Ranking Method for Information Security Risk Management Based on AHP and PROMETHEE
Author :
Lv, Jun-Jie ; Wang, Yuan-Zhuo
Author_Institution :
Bus. Sch. Dept., Beijing Technol. & Bus. Univ., Beijing, China
Abstract :
Information security risk management plays an increasingly important role in enterprises with the constant improvement of computer and communications technology. In this paper, an information security risk management method is proposed to ranking available risk controls quantitatively with the help of PROMETHEE methodology considering the criteria concerned. The weights of criteria are obtained by AHP method. Given the preference function, the criteria values and criteria weights of decision-makers, "leaving flow" "entering flow" and "net flow" of each preparation program is calculated to compare advantages and disadvantages of control measurements, then the complete sequence is obtained. Finally, an example is given to illustrate the application of the proposed method. The major contribution of this work is to make available a control ranking model, considering multiple criteria analysis and the interests of different decision makers, for a security control plan to be carried out.
Keywords :
decision making; information systems; risk management; security of data; AHP; AHP method; PROMETHEE; enterprises; information security risk management; multiple criteria analysis; ranking method; Biological system modeling; Computers; Economics; Information security; Investments; Risk management;
Conference_Titel :
Management and Service Science (MASS), 2010 International Conference on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-5325-2
Electronic_ISBN :
978-1-4244-5326-9
DOI :
10.1109/ICMSS.2010.5575678
