Cover Image

ISCP: In-depth model for selecting critical security controls

The primary goal of all organizations worldwide is to reduce potential threats and vulnerabilities. An information security control assessment is a far-reaching way to deal with control analysis that can help organizations to measure the adequacy and effectiveness of their present and planned securi...

Full description

Saved in:
Bibliographic Details
Main Authors: Al-Safwani, Nadher M. A., Fazea, Yousef, Ibrahim, Huda
Format: Article
Language:English
Published: Elsevier Advanced Technology 2018
Subjects:
QA75 Electronic computers. Computer science
Online Access:http://repo.uum.edu.my/27142/1/al-safwani2018.pdf
http://repo.uum.edu.my/27142/
http://doi.org/10.1016/j.cose.2018.05.009
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.uum.repo.27142
record_format eprints
spelling my.uum.repo.271422020-06-24T03:09:54Z http://repo.uum.edu.my/27142/ ISCP: In-depth model for selecting critical security controls Al-Safwani, Nadher M. A. Fazea, Yousef Ibrahim, Huda QA75 Electronic computers. Computer science The primary goal of all organizations worldwide is to reduce potential threats and vulnerabilities. An information security control assessment is a far-reaching way to deal with control analysis that can help organizations to measure the adequacy and effectiveness of their present and planned security controls. Availability of adequate resources and proper risk analysis practices should be considered in preventing security breaches in order to achieve returns on security investments. Nonetheless, and despite the necessity for a competent security analysis framework, present frameworks and methodologies for security control analysis lack practical guidelines and mostly depend on subjective judgment and qualitative approaches. This paper proposes an information security control prioritization (ISCP) model that can determine the critical vulnerable controls based on a number of assessment criteria. The model uses techniques from the Order Performance by Similarity to Ideal Solution (TOPSIS) method, which is a sub-method of multiple attribute decision making. The proposed model provides clear guidelines on how to accomplish control analysis in a structured, self-organizing and constituent manner, with minimal overlap. Evaluation of information security controls using TOPSIS as the prioritization method involves a cost-effectiveness analysis, an effective and efficient assessment in terms of testing and selecting information security controls in organizations. Elsevier Advanced Technology 2018 Article PeerReviewed application/pdf en http://repo.uum.edu.my/27142/1/al-safwani2018.pdf Al-Safwani, Nadher M. A. and Fazea, Yousef and Ibrahim, Huda (2018) ISCP: In-depth model for selecting critical security controls. Computers & Security, 77. pp. 565-577. ISSN 01674048 http://doi.org/10.1016/j.cose.2018.05.009 doi:10.1016/j.cose.2018.05.009
institution Universiti Utara Malaysia
building UUM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Utara Malaysia
content_source UUM Institutional Repository
url_provider http://repo.uum.edu.my/
language English
topic QA75 Electronic computers. Computer science
spellingShingle QA75 Electronic computers. Computer science
Al-Safwani, Nadher M. A.
Fazea, Yousef
Ibrahim, Huda
ISCP: In-depth model for selecting critical security controls
description The primary goal of all organizations worldwide is to reduce potential threats and vulnerabilities. An information security control assessment is a far-reaching way to deal with control analysis that can help organizations to measure the adequacy and effectiveness of their present and planned security controls. Availability of adequate resources and proper risk analysis practices should be considered in preventing security breaches in order to achieve returns on security investments. Nonetheless, and despite the necessity for a competent security analysis framework, present frameworks and methodologies for security control analysis lack practical guidelines and mostly depend on subjective judgment and qualitative approaches. This paper proposes an information security control prioritization (ISCP) model that can determine the critical vulnerable controls based on a number of assessment criteria. The model uses techniques from the Order Performance by Similarity to Ideal Solution (TOPSIS) method, which is a sub-method of multiple attribute decision making. The proposed model provides clear guidelines on how to accomplish control analysis in a structured, self-organizing and constituent manner, with minimal overlap. Evaluation of information security controls using TOPSIS as the prioritization method involves a cost-effectiveness analysis, an effective and efficient assessment in terms of testing and selecting information security controls in organizations.
format Article
author Al-Safwani, Nadher M. A.
Fazea, Yousef
Ibrahim, Huda
author_facet Al-Safwani, Nadher M. A.
Fazea, Yousef
Ibrahim, Huda
author_sort Al-Safwani, Nadher M. A.
title ISCP: In-depth model for selecting critical security controls
title_short ISCP: In-depth model for selecting critical security controls
title_full ISCP: In-depth model for selecting critical security controls
title_fullStr ISCP: In-depth model for selecting critical security controls
title_full_unstemmed ISCP: In-depth model for selecting critical security controls
title_sort iscp: in-depth model for selecting critical security controls
publisher Elsevier Advanced Technology
publishDate 2018
url http://repo.uum.edu.my/27142/1/al-safwani2018.pdf
http://repo.uum.edu.my/27142/
http://doi.org/10.1016/j.cose.2018.05.009
_version_ 1671342061036503040
score 13.211869

Similar Items