Open Access Open Access  Restricted Access Subscription Access

Ranking Criteria of Enterprise Information Security Architecture Using Fuzzy Topsis


Affiliations
1 Najafabad Branch, Islamic Azad University, Najafabad, Iran, Islamic Republic of
 

Information security against hacking, altering, corrupting, and divulging data is vital and inevitable and it requires an effective management in every organization. Some of the upcoming challenges can be the study of available frameworks in Enterprise Information Security Architecture (EISA) as well as criteria extraction in this field. In this study a method has been adopted in order to extract and categorize important and effective criteria in the field of information security by studying the major dimensions of EISA including standards, policies and procedures, organization infrastructure, user awareness and training, security base lines, risk assessment and compliance. Gartner's framework has been applied as a fundamental model to categorize the criteria. To assess the proposed model, a questionnaire was prepared and a group of EISA professionals completed it. The Fuzzy TOPSIS was used to quantify the data and prioritize criteria. It could be concluded that the database and database security criteria, inner software security, electronic exchange security and supervising malicious software can be high priorities.

Keywords

Enterprise Information Security Architecture (EISA), Information Security Architecture's Criteria, Categorizing Criteria, Fuzzy TOPSIS.
User
Notifications
Font Size

Abstract Views: 362

PDF Views: 201




  • Ranking Criteria of Enterprise Information Security Architecture Using Fuzzy Topsis

Abstract Views: 362  |  PDF Views: 201

Authors

Farzaneh Sadat Jalayer
Najafabad Branch, Islamic Azad University, Najafabad, Iran, Islamic Republic of
Akbar Nabiollahi
Najafabad Branch, Islamic Azad University, Najafabad, Iran, Islamic Republic of

Abstract


Information security against hacking, altering, corrupting, and divulging data is vital and inevitable and it requires an effective management in every organization. Some of the upcoming challenges can be the study of available frameworks in Enterprise Information Security Architecture (EISA) as well as criteria extraction in this field. In this study a method has been adopted in order to extract and categorize important and effective criteria in the field of information security by studying the major dimensions of EISA including standards, policies and procedures, organization infrastructure, user awareness and training, security base lines, risk assessment and compliance. Gartner's framework has been applied as a fundamental model to categorize the criteria. To assess the proposed model, a questionnaire was prepared and a group of EISA professionals completed it. The Fuzzy TOPSIS was used to quantify the data and prioritize criteria. It could be concluded that the database and database security criteria, inner software security, electronic exchange security and supervising malicious software can be high priorities.

Keywords


Enterprise Information Security Architecture (EISA), Information Security Architecture's Criteria, Categorizing Criteria, Fuzzy TOPSIS.