DocumentCode :
2130503
Title :
On Selecting Critical Security Controls
Author :
Breier, Jakub ; Hudec, Ladislav
Author_Institution :
Fac. of Inf. & Inf. Technol., Slovak Univ. of Technol., Bratislava, Slovenia
fYear :
2013
fDate :
2-6 Sept. 2013
Firstpage :
582
Lastpage :
588
Abstract :
Selection of proper security controls is an important part of building a secure information infrastructure in an organization. There exist many databases of security controls, but the final selection is left on security managers that have to make decisions based on their skills and experience. In this paper, we propose a novel approach, based on grey relational analysis combined with the TOPSIS decision making method, providing a quantitative technique for the security controls selection and prioritization. Our method can help security managers more effectively perform their decisions in this field.
Keywords :
database management systems; decision making; grey systems; security of data; TOPSIS decision making method; critical security controls; grey relational analysis; quantitative technique; secure information infrastructure; security control databases; security control prioritization; security control selection; security managers; Cost accounting; Decision making; Organizations; Risk analysis; Security; Standards organizations; TOPSIS; grey relational analysis; information security; risk analysis; security controls;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Availability, Reliability and Security (ARES), 2013 Eighth International Conference on
Conference_Location :
Regensburg
Type :
conf
DOI :
10.1109/ARES.2013.77
Filename :
6657293
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2130503
بازگشت