Muhammad Azam,Muhammad Sajjad Ali Khan,Shilin Yang

DOI: https://doi.org/10.1155/2022/9704466

2022-02-21

Journal of Mathematics

Abstract:Since intuitionistic fuzzy set only deals with uncertainty but not periodicity, therefore to overcome, this situation complex intuitionistic fuzzy set is a better tool that deals with both uncertainty and periodicity. Also, Bonferroni mean operator has the advantage of considering interrelationships between parameters, but it deals with only the crisp data. Recently, to deal with fuzzy data, many extensions of Bonferroni operators have been developed. Motivated by the CIFS and BM operators, in this paper, we proposed some Dombi Bonferroni mean operators to deal with CIF information. Dombi Bonferroni mean operators are special cases of general T-conorm and T-norm, which have the advantage of good flexibility with a general parameter. We proposed the complex intuitionistic fuzzy Dombi Bonferroni mean (CIFDBM) operator, complex intuitionistic fuzzy Dombi weighted Bonferroni mean (CIFDWBM) operator, complex intuitionistic fuzzy Dombi geometric Bonferroni mean (CIFDGBM) operator, and complex intuitionistic fuzzy Dombi weighted geometric Bonferroni mean (CIFDWGBM) operator. Some properties of the developed operators are discussed in detail, and different cases are investigated. Moreover, a multicriteria group decision-making (MCGDM) method is developed based on the proposed aggregation operators. Finally, a numerical example of information security management evaluation is given in order to demonstrate the application and effectiveness of the proposed approach. A comparative study is also conducted in order to show the advantage of the developed method.

mathematics

Irfan Syamsuddin,Junseok Hwang

DOI: https://doi.org/10.48550/arXiv.1007.0302

2010-07-02

Computers and Society

Abstract:Changes in technology have resulted in new ways for bankers to deliver their services to costumers. Electronic banking systems in various forms are the evidence of such advancement. However, information security threats also evolving along this trend. This paper proposes the application of Analytic Hierarchy Process (AHP) methodology to guide decision makers in banking industries to deal with information security policy. The model is structured according aspects of information security policy in conjunction with information security elements. We found that cultural aspect is valued on the top priority among other security aspects, while confidentiality is considered as the most important factor in terms of information security elements.

Alva Hendi Muhammad,Joko Dwi Santoso,Ananda Fikri Akbar

DOI: https://doi.org/10.11591/ijeecs.v31.i1.pp271-280

2023-07-01

Indonesian Journal of Electrical Engineering and Computer Science

Abstract:In recent years, cyber security has become an increasingly important aspect of the decision-making process of corporations. It is essential to make investments in cybersecurity at this point to guard against the frequent disruption of business operations posed by cyberattacks. In the context of small and medium-sized organizations, this study recommends using a multicriteria decision-making technique to evaluate information security aspects. The information security index is derived as the foundation for every one of these features. The best-worst method is carried out to establish the best and worst possible security investments. In order to validate these findings, a survey was distributed to a variety of professionals and business decisionmakers. The criteria for selection are laid forth in the form of categories labeled technology and organization, respectively. The findings are presented in a rating system with three tiers, with the highest level representing the absolute best of the results. In the final section of the study, we will examine potential future possibilities for research and policy.

Wajdi Alhakami

DOI: https://doi.org/10.3390/pr11051366

IF: 3.5

2023-04-30

Processes

Abstract:Numerous cyberattacks on connected control systems are being reported every day. Such control systems are subject to hostile external attacks due to their communication system. Network security is vital because it protects sensitive information from cyber threats and preserves network operations and trustworthiness. Multiple safety solutions are implemented in strong and reliable network security plans to safeguard users and companies from spyware and cyber attacks, such as distributed denial of service attacks. A crucial component that must be conducted prior to any security implementation is a security analysis. Because cyberattack encounters in power control networks are currently limited, a comprehensive security evaluation approach for power control technology in communication networks is required. According to previous studies, the challenges of security evaluation include a power control process security assessment as well as the security level of every control phase. To address such issues, the fuzzy technique for order preference by similarity to ideal solution (TOPSIS) based on multiple criteria decision-making (MCDM) is presented for a security risk assessment of the communication networks of energy management and control systems (EMCS). The methodology focuses on quantifying the security extent in each control step; in order to value the security vulnerability variables derived by the protection analysis model, an MCDM strategy incorporated as a TOPSIS is presented. Ultimately, the example of six communication networks of a power management system is modelled to conduct the security evaluation. The outcome validates the utility of the security evaluation.

engineering, chemical

Alexander A. Ganin,Phuoc Quach,Mahesh Panwar,Zachary A. Collier,Jeffrey M. Keisler,Dayton Marchese,Igor Linkov

DOI: https://doi.org/10.1111/risa.12891

2017-09-05

Risk Analysis

Abstract:Risk assessors and managers face many difficult challenges related to novel cyber systems. Among these challenges are the constantly changing nature of cyber systems caused by technical advances, their distribution across the physical, information, and sociocognitive domains, and the complex network structures often including thousands of nodes. Here, we review probabilistic and risk-based decision-making techniques applied to cyber systems and conclude that existing approaches typically do not address all components of the risk assessment triplet (threat, vulnerability, consequence) and lack the ability to integrate across multiple domains of cyber systems to provide guidance for enhancing cybersecurity. We present a decision-analysis-based approach that quantifies threat, vulnerability, and consequences through a set of criteria designed to assess the overall utility of cybersecurity management alternatives. The proposed framework bridges the gap between risk assessment and risk management, allowing an analyst to ensure a structured and transparent process of selecting risk management alternatives. The use of this technique is illustrated for a hypothetical, but realistic, case study exemplifying the process of evaluating and ranking five cybersecurity enhancement strategies. The approach presented does not necessarily eliminate biases and subjectivity necessary for selecting countermeasures, but provides justifiable methods for selecting risk management actions consistent with stakeholder and decisionmaker values and technical data.

public, environmental & occupational health,mathematics, interdisciplinary applications,social sciences, mathematical methods

Jefferson Costa,Maisa Silva

DOI: https://doi.org/10.3390/math12111754

IF: 2.4

2024-06-06

Mathematics

Abstract:The Multiple Criteria Decision-Making/Analysis (MCDM/A) methods have been widely used in several management contexts. In public security, their use enhances managerial decision-making by considering the decision-maker's preference structure and providing a multidimensional view of problems. However, methodological support for their applications in this field lacks clarity, including selecting appropriate methods, addressing pertinent problematics, and identifying alternatives and criteria. To address this gap, this article conducts a Systematic Literature Review (SLR) to diagnose the state of the art and identify the main directions of the research in multicriteria models applied to public security management. The research methodology involves five main research questions, and the extraction and analysis of data from 51 articles selected through a structured filtering process. The analysis includes identifying the number of publications and citations, as well as listing the MCDM/A approaches and issues employed. Furthermore, the criteria used and the number of criteria considered are discussed, as well as the method employed. Finally, the identification of the main research directions in MCDM/A models applied to public security is presented. The findings suggest that prioritization and classification are common problematics, social criteria are frequently considered, and the AHP method is widely used, often employing fuzzy sets and hybrid models.

mathematics

Rainer Diesch,Matthias Pfaff,Helmut Krcmar

DOI: https://doi.org/10.1016/j.cose.2020.101747

2020-05-01

Abstract:<p>Decision-making in the context of organizational information security is highly dependent on various information. For information security managers, not only relevant information has to be clarified but also their interdependencies have to be taken into account. Thus, the purpose of this research is to develop a comprehensive model of relevant management success factors (MSF) for organizational information security. First, a literature survey with an open-axial-selective analysis of 136 articles was performed to identify factors influencing information security. These factors were categorized into 12 areas: physical security, vulnerability, infrastructure, awareness, access control, risk, resources, organizational factors, CIA, continuity, security management, compliance &amp; policy. Second, an interview series with 19 experts from the industry was used to evaluate the relevance of these factors in practice and explore interdependencies between them. Third, a comprehensive model was developed. The model shows that there are key-security-indicators, which directly impact the security-status of an organization while other indicators are only indirectly connected. Based on these results, information security managers should be aware of direct and indirect MSFs to make appropriate decisions.</p>

computer science, information systems

Dejian Yu,Jose M. Merigo,Yejun Xu

DOI: https://doi.org/10.1002/int.21804

IF: 8.993

2016-01-01

International Journal of Intelligent Systems

Abstract:Network information system security has become a global issue since it is related to the economic development and national security. Information system security assessment plays an important role in the development of security solutions. Aiming at this issue, a dual hesitant fuzzy (DHF) group decision-making (GDM) method was proposed in this paper to assist the assessment of network information system security. A systemic index containing four aspects was established including organization security, management security, technical security, and personnel management security. The DHF group evaluation matrix was constructed based on the individual evaluation information from each expert. Some power average operator-based DHF information aggregation operators are proposed and used to fusion the performance of each criterion for information systems. The advantage of these operators is that they can describe the relationship between the indexes quantitatively. Finally, a case study about information systems security assessment was presented to verify the effectiveness of proposed GDM methods. (C) 2016 Wiley Periodicals, Inc.

Liang Liang,Peng Wang,Lin Tan

2013-01-01

Disaster Advances

Abstract:The comprehensive evaluation of information security risk is the key for executives in complex organizations to make macro decisions. Modern organizations have complicated structures and many levels. In addition, the influencing factors of organizing information security risk involve techniques, staffs and management. Under consideration of uncertainty on decision information, an improved fuzzy multi-criteria decision method is proposed. It combines fuzzy mathematics with partitioning method of space region, and provides a computing method for criteria weights by fusing criterion, thus to realize the comprehensive evaluation of organizing information security risk. Finally, an example of information security risk management for some large joint research project is taken to illustrate the guidance for actual work by the proposed method.

Milad Bagheri,Zelina Zaiton Ibrahim,Shattri Mansor,Latifah Abd Manaf,Mohd Fadzil Akhir,Wan Izatul Asma Wan Talaat,Amin Beiranvand Pour

DOI: https://doi.org/10.3390/urbansci5040084

2021-11-01

Urban Science

Abstract:Climate change is regarded as a serious threat to both environment and humanity, and as a result, it has piqued worldwide attention in the twenty-first century. Natural hazards are expected to have major effects in the coastal cities of the globe. At the same time, about two-thirds of the world’s human population lives in the coastal margins. One of the fundamental issues for coastal city planners is the coastal cities’ environmental change. This paper presents the application of a model framework for the management and sustainable development of coastal cities under a changing climate in Kuala Terengganu Malaysia. The analytic hierarchy process (AHP) is performed in the Expert Choice software for coastal city hazard management. This approach enables decision-makers to evaluate and identify the relative priorities of vulnerability and hazard criteria and sub-criteria based on a set of preferences, criteria, and alternatives. This paper also presents a hierarchy erosion design applied in Kuala Terengganu to choose the important sustainable weights of criteria and sub-criteria as well as the zone as an alternative model.

Heru Susanto,Mohammad Nabil Almunawar,Yong Chee Tuan,Mehmet Sabih Aksoy,Wahyudin P. Syam

DOI: https://doi.org/10.48550/arXiv.1203.6214

2012-03-28

Abstract:Actually Information security becomes a very important part for the organization's intangible assets, so level of confidence and stakeholder trusted are performance indicator as successes organization. Since information security has a very important role in supporting the activities of the organization, we need a standard or benchmark which regulates governance over information security. The main objective of this paper is to implement a novel practical approach framework to the development of information security management system (ISMS) assessment and monitoring software, called by I-SolFramework. System / software is expected to assist stakeholders in assessing the level of their ISO27001 compliance readiness, the software could help stakeholders understood security control or called by compliance parameters, being shorter and more structured. The case study illustrated provided to the reader with a set of guidelines, that aims easy understood and applicable as measuring tools for ISMS standards (ISO27001) compliance.

Cryptography and Security

Heru Susanto,Mohammad Nabil Almunawar,Yong Chee Tuan,Mehmet Sabih Aksoy,Wahyudin P Syam

DOI: https://doi.org/10.48550/arXiv.1204.0240

2012-04-02

Abstract:Actually Information security becomes a very important part for the organization's intangible assets, so level of confidence and stakeholder trusted are performance indicator as successes organization. Since information security has a very important role in supporting the activities of the organization, we need a standard or benchmark which regulates governance over information security. The main objective of this paper is to implement a novel practical approach framework to the development of information security management system (ISMS) assessment and monitoring software, called by I-SolFramework. System / software is expected to assist stakeholders in assessing the level of their ISO27001 compliance readiness, the software could help stakeholders understood security control or called by compliance parameters, being shorter and more structured. The case study illustrated provided to the reader with a set of guidelines, that aims easy understood and applicable as measuring tools for ISMS standards (ISO27001) compliance.

Cryptography and Security,Software Engineering

Mohd Anjum,Vladimir Simic,Melfi A. Alrasheedi,Sana Shahab

DOI: https://doi.org/10.1109/access.2024.3392019

IF: 3.9

2024-05-03

IEEE Access

Abstract:In response to the transportation industry's immediate need for more proactive and foresighted management, cooperative intelligent transportation systems (C-ITS) use wireless technology to foster real-time communication between vehicles and infrastructure, with the goal of increasing road safety and streamlining traffic flow. The introduction of self-powered sensors, which have the clever capacity to produce their own electricity, is critical for the reliability of transport operations across a wide range of C-ITS applications. Our analytical technique, which employs the criteria importance through intercriteria correlation (CRITIC) methodology and the weighted aggregated sum product assessment (WASPAS) approach, does not end there. We have taken it a step further by using the T-spherical fuzzy (T-SF) form of CRITIC-WASPAS, which adds a more subtle layer to our evaluation. We embark on an in-depth case study, methodically evaluating five choices against eight criteria. In the context of the CRITIC-WASPAS framework, the application of the T-SF logic enhances analytical precision by taking into account uncertainty throughout the decision-making process. This is particularly beneficial in the context of complex systems like C-ITS. The incorporation of CRITIC also makes it possible to evaluate the correlations between different criteria, which ultimately results in decision outcomes that are more nuanced and robust. This is accomplished by aggregating all of the criteria and options. This rigorous and intelligent strategy goes beyond simply meeting urgent system needs. It tactically impacts decision-making, moving the transport industry forward significantly.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yiyang Jia,Hanyan Wu,Dongxing Jiang

DOI: https://doi.org/10.1109/CyberC.2015.47

2015-01-01

Abstract:Security situation assessment is an effective way to analyze the situation of an information system, which helps administrator understand the current system risk status and make policy to response in time. However, the existing researches for security situation assessment mostly focus on network. The proposed methods for network are not so suitable for information systems. This paper proposes a hierarchical security situation analysis framework for information system, based on a classical NSSA [1] (network security situation analysis) model. The framework provides a standard flow for analyzing the security situation of information system. It consists a security situation analysis model of information system, an index system used in the model proposed, and a quantitative index fusion method to calculate a security situational value. We divided information system into 3 levels: sub-system level, composition level and index level. The collected information from the index level can be combined with grey model to determine the correlation degree between each major index and secondary index. Finally we calculate the whole system security situational value level by level. We use data from Tsinghua University information system to verify the proposed model and method. The result shows that this model can reflect the current security situation of information system comprehensively.

M. Fatih Ak,Muhammet Gul

DOI: https://doi.org/10.1007/s40747-018-0087-7

2018-12-27

Abstract:Risk analysis (RA) contains several methodologies that object to ensure the protection and safety of occupational stakeholders. Multi attribute decision-making (MADM) is one of the most important RA methodologies that is applied to several areas from manufacturing to information technology. With the widespread use of computer networks and the Internet, information security has become very important. Information security is vital as institutions are mostly dependent on information, technology, and systems. This requires a comprehensive and effective implementation of information security RA. Analytic hierarchy process (AHP) and technique for order preference by similarity to ideal solution (TOPSIS) are commonly used MADM methods and recently used for RA. In this study, a new RA methodology is proposed based on AHP–TOPSIS integration extended with Pythagorean fuzzy sets. AHP strengthened by interval-valued Pythagorean fuzzy numbers is used to weigh risk parameters with expert judgment. Then, TOPSIS with Pythagorean fuzzy numbers is used to prioritize previously identified risks. A comparison of the proposed approach with three approaches (classical RA method, Pythagorean fuzzy VIKOR and Pythagorean fuzzy MOORA) is also provided. To illustrate the feasibility and practicality of the proposed approach, a case study for information security RA in corrugated cardboard sector is executed.

computer science, artificial intelligence

Huan Wang,Zhanfang Chen,Xin Feng,Xiaoqiang Di,Dan Liu,Jianping Zhao,Xin Sui

DOI: https://doi.org/10.1007/s11277-017-5202-3

IF: 2.017

2018-01-03

Wireless Personal Communications

Abstract:In hierarchical network security situation assessment model, there are many problems, such as subjective index weight factor, large evaluation index system, large amount of calculation and low efficiency. A network security situation assessment model and quantification method based on AHP is proposed to solve this problem. The AHP analytic hierarchy process (AHP) is combined with the hierarchical model of situation assessment to simplify the situation assessment problem. The D–S evidence theory is used to fuse the fuzzy results of multi-source equipment to solve the problem of single information source and large deviation of accuracy. Through the construction of three evaluation indexes of risk situation, basic operation situation and damage situation, the problem of large evaluation index system and low evaluation efficiency is solved. AHP analytic hierarchy process is used to determine the weights of different index items, so as to avoid the subjectivity and randomness of weighting factors. The simulation results show that the model can reflect the security status of the network as a whole, and the situation assessment is accurate and can better serve the high-level decision-making.

telecommunications

Haider Abbas,Christer Magnusson,Louise Yngstrom,Ahmed Hemani

DOI: https://doi.org/10.1108/09685221111115836

2011-03-22

Abstract:Purpose The purpose of this paper is to address three main problems resulting from uncertainty in information security management: dynamically changing security requirements of an organization; externalities caused by a security system; and obsolete evaluation of security concerns. Design/methodology/approach In order to address these critical concerns, a framework based on options reasoning borrowed from corporate finance is proposed and adapted to evaluation of security architecture and decision making for handling these issues at organizational level. The adaptation as a methodology is demonstrated by a large case study validating its efficacy. Findings The paper shows through three examples that it is possible to have a coherent methodology, building on options theory to deal with uncertainty issues in information security at an organizational level. Practical implications To validate the efficacy of the methodology proposed in this paper, it was applied to the Spridnings‐och Hämtningssystem (SHS: dissemination and retrieval system) system. The paper introduces the methodology, presents its application to the SHS system in detail and compares it to the current practice. Originality/value This research is relevant to information security management in organizations, particularly issues on changing requirements and evaluation in uncertain circumstances created by progress in technology.

Ihab Mohamed,Hesham A. Hefny,Nagy R. Darwish

2024-07-27

Abstract:Cybersecurity is a big challenge as hackers are always trying to find new methods to attack and exploit system vulnerabilities. Cybersecurity threats and risks have increased in recent years, due to the increasing number of devices and networks connected. This has led to the development of new cyberattack patterns, such as ransomware, data breaches, and advanced persistent threats (APT). Consequently, defending such complicated attacks needs to stay up to date with the latest system vulnerabilities and weaknesses to set a proper cybersecurity defense strategy. This paper aims to propose a defense strategy for the presented security threats by determining and prioritizing which security control to put in place based on combining the MITRE ATT&CK framework with multi-criteria decision-making (MCDM) techniques. This approach helps organizations achieve a more robust and resilient cybersecurity posture.

Cryptography and Security

Andrew Fielder,Emmanouil Panaousis,Pasquale Malacaria,Chris Hankin,Fabrizio Smeraldi

DOI: https://doi.org/10.48550/arXiv.1502.05532

2015-02-19

Abstract:When investing in cyber security resources, information security managers have to follow effective decision-making strategies. We refer to this as the cyber security investment challenge. In this paper, we consider three possible decision-support methodologies for security managers to tackle this challenge. We consider methods based on game theory, combinatorial optimisation and a hybrid of the two. Our modelling starts by building a framework where we can investigate the effectiveness of a cyber security control regarding the protection of different assets seen as targets in presence of commodity threats. In terms of game theory we consider a 2-person control game between the security manager who has to choose among different implementation levels of a cyber security control, and a commodity attacker who chooses among different targets to attack. The pure game theoretical methodology consists of a large game including all controls and all threats. In the hybrid methodology the game solutions of individual control-games along with their direct costs (e.g. financial) are combined with a knapsack algorithm to derive an optimal investment strategy. The combinatorial optimisation technique consists of a multi-objective multiple choice knapsack based strategy. We compare these approaches on a case study that was built on SANS top critical controls. The main achievements of this work is to highlight the weaknesses and strengths of different investment methodologies for cyber security, the benefit of their interaction, and the impact that indirect costs have on cyber security investment.

Computer Science and Game Theory,Cryptography and Security

Jianqiang Wang

DOI: https://doi.org/10.1016/s1004-4132(06)60020-0

IF: 1.363

2006-01-01

Journal of Systems Engineering and Electronics

Abstract:It is not uncommon in multiple criteria decision-making that the numerical values of alternatives of some criteria are subject to imprecision, uncertainty and indetermination and the information on weights of criteria is incomplete certain. A new multiple criteria decision-making method with incomplete certain information based on ternary AHP is proposed. This improves on Takeda&#39;s method. In this ...