ISCP: In-depth model for selecting critical security controls. Issue 77 (August 2018)
- Record Type:
- Journal Article
- Title:
- ISCP: In-depth model for selecting critical security controls. Issue 77 (August 2018)
- Main Title:
- ISCP: In-depth model for selecting critical security controls
- Authors:
- Al-Safwani, Nadher
Fazea, Yousef
Ibrahim, Huda - Abstract:
- Abstract: The primary goal of all organizations worldwide is to reduce potential threats and vulnerabilities. An information security control assessment is a far-reaching way to deal with control analysis that can help organizations to measure the adequacy and effectiveness of their present and planned security controls. Availability of adequate resources and proper risk analysis practices should be considered in preventing security breaches in order to achieve returns on security investments. Nonetheless, and despite the necessity for a competent security analysis framework, present frameworks and methodologies for security control analysis lack practical guidelines and mostly depend on subjective judgment and qualitative approaches. This paper proposes an information security control prioritization (ISCP) model that can determine the critical vulnerable controls based on a number of assessment criteria. The model uses techniques from the Order Performance by Similarity to Ideal Solution (TOPSIS) method, which is a sub-method of multiple attribute decision making. The proposed model provides clear guidelines on how to accomplish control analysis in a structured, self-organizing and constituent manner, with minimal overlap. Evaluation of information security controls using TOPSIS as the prioritization method involves a cost-effectiveness analysis, an effective and efficient assessment in terms of testing and selecting information security controls in organizations.
- Is Part Of:
- Computers & security. Issue 77(2018)
- Journal:
- Computers & security
- Issue:
- Issue 77(2018)
- Issue Display:
- Volume 77, Issue 77 (2018)
- Year:
- 2018
- Volume:
- 77
- Issue:
- 77
- Issue Sort Value:
- 2018-0077-0077-0000
- Page Start:
- 565
- Page End:
- 577
- Publication Date:
- 2018-08
- Subjects:
- Information security -- Security controls assessment -- Attribute decision making -- Prioritization model -- TOPSIS -- Critical vulnerable controls
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2018.05.009 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 17623.xml