Combination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment

Issue title: Special section: Intelligent data analysis and applications & smart vehicular technology, communications and applications

Guest editors: Valentina Emilia Balas and Lakhmi C. Jain

Article type: Research Article

Authors: Tariq, Muhammad Imran^{a; *} | Tayyaba, Shahzadi^b | Ali Mian, Natash^c | Sarfraz, Muhammad Shahzad^d | De-la-Hoz-Franco, Emiro^e | Butt, Shariq Aziz^b | Santarcangelo, Vito^f | Rad, Dana V.^g

Affiliations: [a] Department of Computer Science, the Superior University, Lahore, Pakistan | [b] Deparment of Computer Engineering, the University of Lahore, Lahore, Pakistan | [c] School of Computer and Information Technology, Beaconhouse National University, Lahore | [d] Department of Computer Science, National University of Computer and Emerging Sciences, Islamabad, Chiniot-Faisalabad Campus, Pakistan | [e] Universidad De La Costa, CUC, Colombia | [f] iInformatica S.r.l.s. – Corso Italia 77 Trapani | [g] Aurel Vlaicu University of Arad, Romania

Correspondence: [*] Corresponding author. Muhammad Imran Tariq, Department of Computer Science, the Superior University, Gold Campus, Raiwind Road, Lahore, Pakistan. Tel.: +92 333 4778823; E-mail: [email protected].

Abstract: The organizations utilizing the cloud computing services are required to select suitable Information Security Controls (ISCs) to maintain data security and privacy. Many organizations bought popular products or traditional tools to select ISCs. However, selecting the wrong information security control without keeping in view severity of the risk, budgetary constraints, measures cost, and implementation and mitigation time may lead to leakage of data and resultantly, organizations may lose their user’s information, face financial implications, even reputation of the organization may be damaged. Therefore, the organizations should evaluate each control based on certain criteria like implementation time, mitigation time, exploitation time, risk, budgetary constraints, and previous effectiveness of the control under review. In this article, the authors utilized the methodologies of the Multi Criteria Decision Making (MCDM), Analytic Hierarchy Process (AHP) and Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) to help the cloud organizations in the prioritization and selection of the best information security control. Furthermore, a numerical example is also given, depicting the step by step utilization of the method in cloud organizations for the prioritization of the information security controls.

Keywords: Information security, Analytical Hierarchy Process, TOPSIS, fuzzy logic, MCDM, MADM

DOI: 10.3233/JIFS-179692

Journal: Journal of Intelligent & Fuzzy Systems, vol. 38, no. 5, pp. 6075-6088, 2020