Identifying core control items of information security management and improvement strategies by applying fuzzy DEMATEL. (8th June 2015)
- Record Type:
- Journal Article
- Title:
- Identifying core control items of information security management and improvement strategies by applying fuzzy DEMATEL. (8th June 2015)
- Main Title:
- Identifying core control items of information security management and improvement strategies by applying fuzzy DEMATEL
- Authors:
- Ho, Li-Hsing
Hsu, Ming-Tsai
Yen, Tieh-Min - Abstract:
- Abstract : Purpose: – The purpose of this paper is to analyze the cause-and-effect relationship and the mutually influential level among information security control items, as well as to provide organizations with a method for analyzing and making systematic decisions for improvement. Design/methodology/approach: – This study utilized the Fuzzy DEMATEL to analyze cause-and-effect relationships and mutual influence of the 11 control items of the International Organization for Standardization (ISO) 27001 Information Security Management System (ISMS), which are discussed by seven experts in Taiwan to identify the core control items for developing the improvement strategies. Findings: – The study has found that the three core control items of the ISMS are security policy (SC1), access control (SC7) and human resource security (SC4). This study provides organizations with a direction to develop improvement strategies and effectively manage the ISMS of the organization. Originality/value: – The value of this study is for an organization to effectively dedicate resources to core control items, such that other control items are driven toward positive change by analyzing the cause-and-effect relation and the mutual influential level among information security control items, through a cause-and-effect matrix and a systematic diagram.
- Is Part Of:
- Information and computer security. Volume 23:Number 2(2015)
- Journal:
- Information and computer security
- Issue:
- Volume 23:Number 2(2015)
- Issue Display:
- Volume 23, Issue 2 (2015)
- Year:
- 2015
- Volume:
- 23
- Issue:
- 2
- Issue Sort Value:
- 2015-0023-0002-0000
- Page Start:
- 161
- Page End:
- 177
- Publication Date:
- 2015-06-08
- Subjects:
- Information management -- Identification -- Information security -- Organizational decision-making -- Fuzzy logic -- British standards
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-04-2014-0026 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 8134.xml