The use of AHP in security policy decision making: An open office calc application

Journal of Software

Volumn 5, Issue 10, 2010, Pages 1162-1169

  Syamsuddin, Irfan ^a   Hwang, Junseok ^b  

^a Politeknik Negeri Ujung Pandang   (Indonesia)

^b Seoul National University   (South Korea)

Author keywords

Analytic hierarchy process; Decision making; Information security policy; Open source

Indexed keywords

DATA ANALYSIS; DECISION MAKERS; DECISION-MAKING MECHANISMS; DECISION-MAKING PROBLEM; FUTURE STRATEGY; INFORMATION SECURITY; INFORMATION SECURITY POLICIES; OPEN SOURCE SOFTWARE; OPEN SOURCES; PROPRIETARY SOFTWARE; SECURITY POLICY;

ANALYTIC HIERARCHY PROCESS; DATA REDUCTION; DECISION MAKING; HIERARCHICAL SYSTEMS; OPEN SYSTEMS; SECURITY SYSTEMS;

SECURITY OF DATA;

EID: 78651563645     PISSN: 1796217X     EISSN: None     Source Type: Journal    
DOI: 10.4304/jsw.5.10.1162-1169     Document Type: Article

References (35)

1. T.L. Saaty, The Analytic Hierarchy Process, RWS Publications, Pittsburgh, PA. 1990.
2. B.L. Golden, E.A. Wasil, and P.T. Harker, The Analytic Hierarchy Process: Applications and Studies. New York, NY: Springer-Verlag, 1989.
3. Open Office, available at http://www.openoffice.org (accessed 2 December 2009).
4. F. Zahedi, "The analytic hierarchy process-a survey of the method and its applications", Interfaces, vol.16, no. 4, pp. 96-108, 1986.
5. D.F. Sterne, "On the Buzzword 'Security Policy,'" Proc. IEEE Computer Society Symp. Research in Security and Privacy, IEEE Computer Society Press, Los Alamitos, California, pp. 219-230, 1991.
6. W.E. Kuhnhauser and M.K. Ostrowski, "A Formal Framework to Support Multiple Security Policies," Proc. 7th Canadian Computer Security Symposium. Ottawa, Communication Security Establishment Press, pp. 1-19. 1995.
7. S. Bacik, "Building an effective information security policy architecture", CRC Press. LLC, Boca Raton, 2008.
8. R. Filipek, "Information security becomes a business priority", Internal Auditor, vol. 64, no.1, pp.18, 2007.
9. O. Zakaria, "Information Security Culture and Leadership", Proceedings of the 4th European Conference on Information Warfare and Security, Cardiff, Wales, pp 415-420, 2005.
10. A. Householder, K. Houle, and C. Dougherty, "Computer attack trends challenge Internet security", Computer IEEE, vol. 35, no. 4, pp. 5-7, 2002.
11. R. Anderson, "Why Information Security is Hard: An Economic Perspective", Proceedings of 17th Annual Computer Security Applications Conference, pp. 10-14, 2001.
12. L.A. Gordon and M. P. Loeb, "The Economics of Investment in Information Security", ACM Transactions on Information and System Security, vol. 5, no. 4, pp. 438-457, 2002.
13. S.E. Schecter and D.S. Michael, "How much security is enough to stop a thief? The economics of outsider theft via computer systems networks", Proceedings of theFinancial Cryptography Conference, Guadeloupe. pp. 122-137, 2003.
14. A. Martins and J. Eloff, "Information security culture", IFIP TC11, 17th international conference on information security (SEC2002), Cairo, Egypt, pp. 203-214, 2002.
15. M.E. Thomson and R. von Solms, "Information security awareness: educating your users effectively", Information Management and Computer Security, vol. 6, no. 4, pp. 167-173, 1998.
16. T. Schlienger and S. Teufel, "Information Security Culture: The Socio-Cultural Dimension in Information Security Management", Proceedings of the IFIP TC11 17th International Conference on Information Security, pp. 191-202, 2002.
17. J. Hwang and I. Syamsuddin, "Information Security Policy Decision Making: An Analytic Hierarchy Process Approach", Proceeding of IEEE 2009 Third Asia International Conference on Modelling & Simulation, pp. 158-163, 2009.
18. Kahraman, Cengiz, Demirel, N. Cetin, Demirel and Tufan, "Prioritization of e-Government strategies using a SWOT-AHP analysis: the case of Turkey", European Journal of Information Systems, vol. 16, no. 3, pp. 284-298, 2007.
19. M.C. Lin, C.C. Wang, M.S. Chen and C.A. Chang, Using AHP and TOPSIS approaches in customer-driven product design process, Computers in Industry, vol. 59, no. 1, pp. 17-31, 2008.
20. C. Unal and G.G. Mucella, "Selection of ERP suppliers using AHP tools in the clothing industry", International Journal of Clothing Science and Technology, vol. 21, no. 4, pp. 239-251, 2009.
21. L.A. Vidal, E. Sahin, N. Martelli, M. Berhoune and B. Bonan, "Applying AHP to select drugs to be produced by anticipation in a chemotherapy compounding unit", Expert Systems with Applications, vol. 37, no. 2, pp. 1528-1534, 2010.
22. W. Ho, H.E. Higson, P.K. Dey, X. Xu and R. Bahsoon, "Measuring performance of virtual learning environment system in higher education", Quality Assurance in Education, vol.17, no. 1, pp. 6-29, 2009.
23. O.S. Vaidya and S. Kumar, "Analytic hierarchy process: An overview of applications", European Journal of Operational Research, vol. 169, no. 1, pp. 1-29, 2006.
24. H. Fulford and N.F. Doherty, "The application of information security policies in large UK-based organizations: an exploratory investigation", Information Management & Computer Security, vol. 11, no. 3, pp. 106-114, 2003.
25. C.Y. Ku, Y.W. Chang and D.C. Yen, "National information security policy and its implementation: A case study in Taiwan", Telecommunications Policy, vol. 33, no. 7, pp. 371-384, 2009.
26. K. Shannon, P. Anne, H. Ben, P. Chad and C. Matt, "Information security threats and practices in small businesses", Information Systems Management, vol. 22, no 2 pp. 7-19, 2005.
27. A. Herzog and N. Shahmehri, "Usable Set-up of Runtime Security Policies", Information Management & Computer Security, vol. 15, no. 5, pp 394-407, 2007.
28. M.C. Lee and T. Chang, "Applying ISO 17799:2005 in information security management", International Journal of Services and Standards, vol. 3, no. 3, pp.352-373, 2007.
29. T. Herath and H.R. Rao, "Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness", Decision Support Systems, vol. 47, no. 2, pp. 154-165, 2009.
30. S. Ransbotham and S. Mitra, "Choice and Chance: A Conceptual Model of Paths to Information Security Compromise", Information Systems Research, vol. 20, no. 1, pp. 121-139, 2009.
31. C. Huang, J. Sun, X. Wang and Y.J. Si, "Security Policy Management for Systems Employing Role Based Access Control Model", Information Technology Journal, vol. 8, no. 5, pp. 726-734, 2009.
32. C. Jin, J. Liu, and Q. Deng, "Network Virus Propagation Model Based on Effects of Removing Time and User Vigilance", International Journal of Network Security, vol. 9, no. 2, pp. 156-163, 2009.
33. T. Komninos, P. Spirakis, Y.C. Stamatiou, G. Vavitsas, "A Worm Propagation Model based on Scale Free Network Structures and People's Email Acquaintance Profiles", International Journal of Computer Science and Network Security, vol. 7, no. 2, pp. 308-315, 2007.
34. S.A. Butler, "Security attribute evaluation method: a cost-benefit approach", Proceedings of the 24th International Conference on Software Engineering, pp. 232-240, 2002.
35. Verizon, "Data Breach Investigations Report 2009", available at: http://www.verizonbusiness.com (accessed 22 February 2010).