UUM Repository | Universiti Utara Malaysian Institutional Repository
FAQs | Feedback | Search Tips | Sitemap

ISCP: In-depth model for selecting critical security controls


Al-Safwani, Nadher M. A. and Fazea, Yousef and Ibrahim, Huda (2018) ISCP: In-depth model for selecting critical security controls. Computers & Security, 77. pp. 565-577. ISSN 01674048

[img] PDF
Restricted to Registered users only

Download (2MB) | Request a copy

Abstract

The primary goal of all organizations worldwide is to reduce potential threats and vulnerabilities. An information security control assessment is a far-reaching way to deal with control analysis that can help organizations to measure the adequacy and effectiveness of their present and planned security controls. Availability of adequate resources and proper risk analysis practices should be considered in preventing security breaches in order to achieve returns on security investments. Nonetheless, and despite the necessity for a competent security analysis framework, present frameworks and methodologies for security control analysis lack practical guidelines and mostly depend on subjective judgment and qualitative approaches. This paper proposes an information security control prioritization (ISCP) model that can determine the critical vulnerable controls based on a number of assessment criteria. The model uses techniques from the Order Performance by Similarity to Ideal Solution (TOPSIS) method, which is a sub-method of multiple attribute decision making. The proposed model provides clear guidelines on how to accomplish control analysis in a structured, self-organizing and constituent manner, with minimal overlap. Evaluation of information security controls using TOPSIS as the prioritization method involves a cost-effectiveness analysis, an effective and efficient assessment in terms of testing and selecting information security controls in organizations.

Item Type: Article
Uncontrolled Keywords: Information securitySecurity controls assessmentAttribute decision makingPrioritization modelTOPSISCritical vulnerable controls
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: School of Computing
Depositing User: Mrs. Norazmilah Yaakub
Date Deposited: 24 Jun 2020 03:09
Last Modified: 24 Jun 2020 03:09
URI: http://repo.uum.edu.my/id/eprint/27142

Actions (login required)

View Item View Item