A web-based multi-perspective decision support system for information security planning

Decision Support Systems

Volumn 50, Issue 1, 2010, Pages 43-54

  El Gayar, Omar F ^a   Fritz, Brian D ^a  

^a DAKOTA STATE UNIVERSITY   (United States)

Author keywords

Decision support; Information systems security planning; Inquiring organizations; Multiple criteria decision making

Indexed keywords

CYBER-ATTACKS; DECISION SITUATION; DECISION SUPPORTS; INFORMATION SECURITY; INFORMATION SYSTEMS SECURITY PLANNING; INQUIRING ORGANIZATIONS; MULTI-CRITERIA; MULTI-PERSPECTIVE; MULTI-STAKEHOLDER; MULTICRITERIA DECISION; MULTIPLE CRITERIA DECISION MAKING; SECURITY CONTROLS; SECURITY PLANNING; SELECTION DECISIONS; THEORETICAL BASIS;

ARTIFICIAL INTELLIGENCE; COMPUTER CRIME; DECISION SUPPORT SYSTEMS; DECISION THEORY; INFORMATION SYSTEMS; PLANNING; SECURITY OF DATA;

DECISION MAKING;

EID: 78049467029     PISSN: 01679236     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.dss.2010.07.001     Document Type: Article

References (66)

1. J. Aczel, and T. Saaty Procedures for synthesizing ratio judgments Journal of Mathematical Psychology 27 1 1983 93 102
2. A. Arbel, and R. Tong On the generation of alternatives in decision analysis problems Journal of the Operational Research Society 33 1982 377 387 (Pubitemid 12522706)
3. R. Baskerville, and M.T. Siponen An information security meta-policy for emergent organizations Journal of Logistic Information Management 2001
4. L.D. Bodin, L.A. Gordon, and M.B. Loeb Evaluating information security investments using the analytic hierarchy process Communications of the ACM 48 2 2005
5. R. Bojanc, and B. Jenman-Blazic Towards a standard approach for quantifying an ICT security investment Computer Standards & Interfaces 30 4 2008 216 222 (Pubitemid 351308028)
6. N. Bryson Group decision-making and the analytic hierarchy process: exploring the consensus-relevant information content Computers & Operations Research 23 1 1996 27 (Pubitemid 126349181)
7. H. Cavusoglu, B. Mishra, and S. Raghunathan A model for evaluating IT security investments Communications of the ACM 47 7 2004 87
8. C.W. Churchman The Design of Inquiring Systems: Basic Concepts of Systems and Organizations 1971 Basic Books New York, NY
9. J.F. Courtney Decision making and knowledge management in inquiring organizations: toward a new decision-making paradigm for DSS Decision Support Systems 31 1 2001 17 38
10. R.F. Dyer, and E.H. Forman Group decision support with the analytic hierarchy process Decision Support Systems 8 2 1992 99 123
11. T. Efraim, J. Aronson, T.P. Liang, and R. Sharda Decision Support and Business Intelligence Systems 8 ed. 2007 Prentice Hall Upper Saddle River, NJ
12. J. Eloff, and M. Eloff Information security management - a new paradigm presented at Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology 2003
13. M.C. Er, and A.C. Ng The anonymity and proximity factors in group decision support systems Decision support system 14 1995 75 83
14. M.T. Escobar, and J.M. Moreno-Jimenez Aggregation of individual preference structures in AHP-group decision making Group Decision and Negotiation 16 2007 287 301
15. T. Finne The three categories of decision-making and information security Computers & Security 17 5 1998 397 405 (Pubitemid 128386700)
16. E.H. Forman Facts and fictions about the analytic hierarchy process Mathematical Computer Modeling 17 4-5 1993 19 26
17. S. Frosdick The techniques for risk analysis are insufficient in themselves Disaster prevention and management 6 3 1997 165 177
18. G. Gaskell "Simplifying the Onerous Task of Writing Security Policies," presented at First Australian Information Security Workshop 2000 Deakin University Geelang, Victoria
19. M. Gerber, and R. von Solms Management of risk in the information age Computers & Security 24 1 2005 16 30 (Pubitemid 40415397)
20. L.A. Gordon, and M.B. Loeb The economics of information security investment ACM Transaction on Information System and Security 5 4 2002 438 457
21. S.J. Greenwald Discussion Topic: What is the old security Paradigm? presented at Proceedings of the New Security Paradigms Workshop, Charlottesville, Virginia 1998
22. A.R. Hevner, S.T. March, J. Park, and S. Ram Design science in information systems research MIS Quarterly 28 1 2004 75
23. L.J. Hoffman Risk analysis and computer security: towards a theory at last Computers & Security 8 1 1989 23 24
24. P.J.H. Hu User acceptance of intelligence and security informatics technology: a study of COPLINK Journal of the American Society for Information Science and Technology 56 3 2005 235 244
25. C.L. Hwang, and K. Yoon Multiple attribute decision making: methods and applications 1981 Springer-Verlag Berlin, Germany
26. P. Jager The myth of technical security, American Bankers Association ABA Banking Journal 96 1 2004 8
27. A. Jones, and D. Ashenden Risk Management for Computer Security 2005 Elsevier Butterworth-Heinemann Burlington, MA
28. P.M. Kort, J.L. Haunschmied, and G. Feichtinger Optimal firm investment in security Annals of Operations Research 88 1999 81
29. J. Leach Security engineering and security ROI Computers & Security 22 6 2003
30. H.A. Linstone Multiple Perspectives for Decision Making 1984 North-Holland New York
31. J.G. March, and Z. Shapira Managerial perspectives on risk and risk taking Management Science 33 11 1987 1404
32. R.O. Mason, and I.I. Mitroff Challenging Strategic Planning Assumptions 1981 Wiley New York
33. Mercuri Analysing security costs Communications of the ACM 46 6 2003
34. I.I. Mitroff, and H.A. Linstone The Unbounded Mind: Breaking the Chains of Traditional Business Thinking 1993 Oxford University Press New York - Oxford
35. C. Muralidharan, N. Anantharaman, and S.G. Deshmukh A multi-criteria group decision making model for supplier rating Journal of Supply Chain Management 38 4 2002 22 33
36. J.F. Nunamaker, R.O. Briggs, and D.R. Mittelman Lessons from a decade of group support systems research presented at Hawaii International Conference on Systems Science (HICSS), Hawaii 1996
37. D.L. Olson Decision Aids for Selection Problems 1996 Springer-Verlag New York
38. D.L. Olson, A.I. Mechitov, and H. Moshkovich Comparison of AHP with six other selection aids presented at Fouth International Conference on AHP, Burnaby, BC 1996
39. D.L. Olson, M. Venkataramanan, and J.L. Mote A technique using analytical hierarchy process in multi-objective planning models Socio-economic Planning Sciences 20 6 1986 361 368
40. D. Parker The strategic values of information security in business Computers & Security 16 7 1997 572 582
41. K. Peffers, T. Tuunanen, M. Tothenberger, and S. Chaterjee A design science research methodology for information systems research Journal of Management Information Systems 24 3 2008 45 77
42. D. Petkov, O. Petkova, T. Andrew, and T. Nepal Mixing multiple criteria decision making with soft systems thinking techniques for decision support in complex situations Decision Support Systems 43 4 2007 1615 1629 (Pubitemid 47223468)
43. S.L. Pfleeger, and R. Rue Cybersecurity economic issues: clearing the path to good practice IEEE Software 25 1 2008 35 42 (Pubitemid 351266657)
44. S.A. Purser Improving the ROI of the security management process Computers & Security 23 7 2004 542 546
45. R. Ramanathan, and L.S. Ganesh Group preference aggregation methods employed in AHOP: an evaluation and intrinsic process for deriving members' weightages European Journal of Operational Research 79 1994 249 265
46. R. Richardson 2008 CSI Computer Crime and Security Survey 2008 Computer Security Institute
47. S.M. Richardson, J.F. Courtney, and D.B. Paradice An assessment of the Singerian inquiring organizational model: cases from academia and the utility industry Information Systems Frontiers 3 1 2001 49
48. H.W. Rittle, and M.M. Webber Dilemmas in a general theory of planning Policy Sciences 4 1973 155 169
49. J. Ryan, and D.J. Ryan Expected benefits of information security investments Computers & Security 25 8 2006 579 588 (Pubitemid 44765086)
50. T. Saaty The Analytic Hierarchy Process 1980 McGraw-Hill New York
51. P. Senge, and J. Sterman Systems thinking and organizational learning: acting locally and thinking globally in the organization of the future European Journal of Operational Research 59 1 1992 137 150
52. H. Simon The New Science of Management Decision 1960 Harper and Brothers New York, NY
53. M.T. Siponen Five dimensions of information security awareness ACM SIGCAS Computers and Society 31 2 2001 24 29
54. B. Srdjevic Linking analytic hierarchy process and social choice methods to support group decision-making in water management Decision Support Systems 42 2007 2261 2273 (Pubitemid 46019807)
55. E. Stein, and V. Zwass Actualizing organizational memory with information systems Information Systems Research 6 2 1995 85 117 (Pubitemid 126102973)
56. T. Stewart A critical survey of the status of multiple criteria decision making theory and practice OMEGA 20 5-6 1992 569 586
57. D.W. Straub, and R.J. Welke Coping with systems risk: security planning models for management decision making MIS Quarterly 22 4 1998 441 469
58. Strutt Risk assessment and management: the engineering approach Center for Industrial Safety and Reliability 1993 Cranfield University
59. L.L. Sun, R.P. Srivastava, and T.J. Mock An information systems security risk assessment model under the Dempster-Shafer theory of belief functions Journal of Management Information Systems 22 4 2006 109 142
60. M. Tavana Cross: a multicriteria group-decision-making model for evaluating and prioritizing advanced-technology projects at NASA Interfaces 33 3 2003 40 (Pubitemid 36881232)
61. V. Vaishnavi, and W.J. Kuechler Design Science Research Methods and Patterns: Innovating Information and Communication Technology 2008 Auerbach Publications - Taylor & Francis Group Boca Raton, FL
62. L.G. Vargas An overview of the analytic hierarchy process and its applications European Journal of Operational Research 48 1990 2 8
63. P. Vihakapirom and K. Li, A Framework for Distributed Group Multi-Criteria Decision Support Systems., Retrieved from http://ausweb.scu.edu. au/aw03/papers/li/paper.html on (February 2004).
64. R. Willison, and J. Backhouse Understanding criminal opportunity in the is context presented at IRIS, Finland 2003
65. W.T. Yue, M. Cakanyildirim, Y.U. Ryu, and D. Liu Network externalities Layered Protection and IT Security Risk Management, Decision Support Systems 44 1 2007 1 16
66. A. Zuccato Holistic security requirement engineering for electronic commerce Computers & Security 23 1 2004 63