A Multi-criteria Evaluation Method of Information Security Controls
Information management plays an increasingly important role in enterprises with the constant improvement of computer and communications technology. It is known that enterprises have diverse security requirements when implement information security, such as cost, effectiveness, environment, commitment to law and ethic and etc. In this paper, an information security risk management method is proposed to ranking available risk controls quantitatively with the help of PROMETHEE methodology and GAIA plane considering the criteria concerned. Given the preference function, the criteria values and criteria weights of decision-makers, leaving flow entering flow and net flow of each preparation program is calculated to compare advantages and disadvantages of control measurements, then the complete sequence is obtained. The sensitivity analysis and validation are conducted further. Finally, an example is given to illustrate the application of the proposed method. The major contribution of this work is to make available a control ranking model, considering multiple criteria analysis and the interests of different decision makers, for a security control plan to be carried out.
Information security multi-criteria PROMETHEE GAIA module
Jun-Jie Lv Yong-Sheng Zhou Yuan Zhuo Wang
Business School Beijing Technology and Business University Beijing, China Institute of Computing Technology Chinese Academy of Sciences Beijing, China
国际会议
昆明、丽江
英文
190-194
2011-04-15(万方平台首次上网日期,不代表论文的发表时间)