Multicriteria analysis of the compliance for the improvement of information security

Authors

DOI:

https://doi.org/10.4301/S1807-1775201916007

Keywords:

Information security, Compliance, Security practices,, Analytic hierarchy process, Decision support system

Abstract

Information security is a current issue of protection of information assets that considers significant variables of a strategic, organizational and IT governance nature, and that requires to analyze the compliance with international standards that regulate business actions. In this way, the work analyzes institutional compliance to improve information security applying the Analytic Hierarchy Process methodology to the specific practices defined in ISO/IEC 27002:2013. Expert Choice has been used as Decision Support Systems that has generated as a result the ranking of priorities of the criteria and alternatives used in the decisional process. It has been later applied in a medium-sized Brazilian industrial company. The results identify that the main security practice is the one related to the independent critical analysis of information security.

Downloads

Download data is not yet available.

Downloads

Published

2019-03-20

Issue

Vol. 16 (2019)

Section

Original Article

License

Copyright (c) 2019 JISTEM - Journal of Information Systems and Technology Management (Online)

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

How to Cite

Multicriteria analysis of the compliance for the improvement of information security. (2019). Journal of Information Systems and Technology Management, 16, e201916007. https://doi.org/10.4301/S1807-1775201916007