Multicriteria analysis of the compliance for the improvement of information security
DOI:
https://doi.org/10.4301/S1807-1775201916007Keywords:
Information security, Compliance, Security practices,, Analytic hierarchy process, Decision support systemAbstract
Information security is a current issue of protection of information assets that considers significant variables of a strategic, organizational and IT governance nature, and that requires to analyze the compliance with international standards that regulate business actions. In this way, the work analyzes institutional compliance to improve information security applying the Analytic Hierarchy Process methodology to the specific practices defined in ISO/IEC 27002:2013. Expert Choice has been used as Decision Support Systems that has generated as a result the ranking of priorities of the criteria and alternatives used in the decisional process. It has been later applied in a medium-sized Brazilian industrial company. The results identify that the main security practice is the one related to the independent critical analysis of information security.
Downloads
Downloads
Published
Issue
Section
License
Copyright (c) 2019 JISTEM - Journal of Information Systems and Technology Management (Online)
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.