4.7 Article

A Model for the Evaluation of Critical IT Systems Using Multicriteria Decision-Making with Elements for Risk Assessment

期刊

MATHEMATICS
卷 9, 期 9, 页码 -

出版社

MDPI
DOI: 10.3390/math9091045

关键词

information security; risk assessment; multicriteria decision-making; hybrid model; criteria dependence; critical IT systems

资金

  1. Croatian Science Foundation [IP-2019-04-4864]

向作者/读者索取更多资源

The article introduces a hybrid multicriteria model for evaluating critical IT systems, utilizing risk analysis and assessment elements as evaluation criteria. Through iterative steps of design science research methodology, the model enhances efficiency in evaluating, ranking, and selecting critical information systems.
One of the important objectives and concerns today is to find efficient means to manage the information security risks to which organizations are exposed. Due to a lack of necessary data and time and resource constraints, very often it is impossible to gather and process all of the required information about an IT system in order to properly assess it within an acceptable timeframe. That puts the organization into a state of increased security risk. One of the means to solve such complex problems is the use of multicriteria decision-making methods that have a strong mathematical foundation. This paper presents a hybrid multicriteria model for the evaluation of critical IT systems where the elements for risk analysis and assessment are used as evaluation criteria. The iterative steps of the design science research (DSR) methodology for development of a new multicriteria model for the objectives of evaluation, ranking, and selection of critical information systems are delineated. The main advantage of the new model is its use of generic criteria for risk assessment instead of redefining inherent criteria and calculating related weights for each individual IT system. That is why more efficient evaluation, ranking, and decision-making between several possible IT solutions can be expected. The proposed model was validated in a case study of online banking transaction systems and could be used as a generic model for the evaluation of critical IT systems.

作者

我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。

评论

主要评分

4.7
评分不足

次要评分

新颖性
-
重要性
-
科学严谨性
-
评价这篇论文

推荐

暂无数据
暂无数据