Multicriteria analysis of the compliance for the improvement of information security

Solana-González, Pedro; Vanti, Adolfo Alberto; Fontana, Karen Hackbart Souza

Multicriteria analysis of the compliance for the improvement of information security

Detalhes bibliográficos
Autor(a) principal:	Solana-González, Pedro
Data de Publicação:	2019
Outros Autores:	Vanti, Adolfo Alberto, Fontana, Karen Hackbart Souza
Tipo de documento:	Artigo
Idioma:	eng
Título da fonte:	Journal of Information Systems and Technology Management (Online)
DOI:	10.4301/S1807-1775201916007
Texto Completo:	https://www.revistas.usp.br/jistem/article/view/176950
Resumo:	Information security is a current issue of protection of information assets that considers significant variables of a strategic, organizational and IT governance nature, and that requires to analyze the compliance with international standards that regulate business actions. In this way, the work analyzes institutional compliance to improve information security applying the Analytic Hierarchy Process methodology to the specific practices defined in ISO/IEC 27002:2013. Expert Choice has been used as Decision Support Systems that has generated as a result the ranking of priorities of the criteria and alternatives used in the decisional process. It has been later applied in a medium-sized Brazilian industrial company. The results identify that the main security practice is the one related to the independent critical analysis of information security.

Metadados do item

id	USP-33_262d5339a3c3a115fda1c5f3ff4d94df
oai_identifier_str	oai:revistas.usp.br:article/176950
network_acronym_str	USP-33
network_name_str	Journal of Information Systems and Technology Management (Online)
spelling	Multicriteria analysis of the compliance for the improvement of information securityInformation securityComplianceSecurity practices,Analytic hierarchy processDecision support systemInformation security is a current issue of protection of information assets that considers significant variables of a strategic, organizational and IT governance nature, and that requires to analyze the compliance with international standards that regulate business actions. In this way, the work analyzes institutional compliance to improve information security applying the Analytic Hierarchy Process methodology to the specific practices defined in ISO/IEC 27002:2013. Expert Choice has been used as Decision Support Systems that has generated as a result the ranking of priorities of the criteria and alternatives used in the decisional process. It has been later applied in a medium-sized Brazilian industrial company. The results identify that the main security practice is the one related to the independent critical analysis of information security.TECSI - FEA - Universidade de São Paulo. Faculdade de Economia, Administração, Contabilidade e Atuária2019-03-20info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersionapplication/pdfhttps://www.revistas.usp.br/jistem/article/view/17695010.4301/S1807-1775201916007Journal of Information Systems and Technology Management; v. 16 (2019); e201916007Journal of Information Systems and Technology Management; Vol. 16 (2019); e201916007Journal of Information Systems and Technology Management; Vol. 16 (2019); e2019160071807-1775reponame:Journal of Information Systems and Technology Management (Online)instname:Universidade de São Paulo (USP)instacron:USPenghttps://www.revistas.usp.br/jistem/article/view/176950/164218Copyright (c) 2019 JISTEM - Journal of Information Systems and Technology Management (Online)http://creativecommons.org/licenses/by-nc/4.0info:eu-repo/semantics/openAccessSolana-González, Pedro Vanti, Adolfo Alberto Fontana, Karen Hackbart Souza 2021-05-17T05:33:30Zoai:revistas.usp.br:article/176950Revistahttp://www.scielo.br/scielo.php?script=sci_serial&pid=1807-1775&lng=pt&nrm=isoPUBhttps://old.scielo.br/oai/scielo-oai.php\|\|jistem@usp.br1807-17751807-1775opendoar:2021-05-17T05:33:30Journal of Information Systems and Technology Management (Online) - Universidade de São Paulo (USP)false
dc.title.none.fl_str_mv	Multicriteria analysis of the compliance for the improvement of information security
title	Multicriteria analysis of the compliance for the improvement of information security
spellingShingle	Multicriteria analysis of the compliance for the improvement of information security Multicriteria analysis of the compliance for the improvement of information security Solana-González, Pedro Information security Compliance Security practices, Analytic hierarchy process Decision support system Solana-González, Pedro Information security Compliance Security practices, Analytic hierarchy process Decision support system
title_short	Multicriteria analysis of the compliance for the improvement of information security
title_full	Multicriteria analysis of the compliance for the improvement of information security
title_fullStr	Multicriteria analysis of the compliance for the improvement of information security Multicriteria analysis of the compliance for the improvement of information security
title_full_unstemmed	Multicriteria analysis of the compliance for the improvement of information security Multicriteria analysis of the compliance for the improvement of information security
title_sort	Multicriteria analysis of the compliance for the improvement of information security
author	Solana-González, Pedro
author_facet	Solana-González, Pedro Solana-González, Pedro Vanti, Adolfo Alberto Fontana, Karen Hackbart Souza Vanti, Adolfo Alberto Fontana, Karen Hackbart Souza
author_role	author
author2	Vanti, Adolfo Alberto Fontana, Karen Hackbart Souza
author2_role	author author
dc.contributor.author.fl_str_mv	Solana-González, Pedro Vanti, Adolfo Alberto Fontana, Karen Hackbart Souza
dc.subject.por.fl_str_mv	Information security Compliance Security practices, Analytic hierarchy process Decision support system
topic	Information security Compliance Security practices, Analytic hierarchy process Decision support system
description	Information security is a current issue of protection of information assets that considers significant variables of a strategic, organizational and IT governance nature, and that requires to analyze the compliance with international standards that regulate business actions. In this way, the work analyzes institutional compliance to improve information security applying the Analytic Hierarchy Process methodology to the specific practices defined in ISO/IEC 27002:2013. Expert Choice has been used as Decision Support Systems that has generated as a result the ranking of priorities of the criteria and alternatives used in the decisional process. It has been later applied in a medium-sized Brazilian industrial company. The results identify that the main security practice is the one related to the independent critical analysis of information security.
publishDate	2019
dc.date.none.fl_str_mv	2019-03-20
dc.type.driver.fl_str_mv	info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion
format	article
status_str	publishedVersion
dc.identifier.uri.fl_str_mv	https://www.revistas.usp.br/jistem/article/view/176950 10.4301/S1807-1775201916007
url	https://www.revistas.usp.br/jistem/article/view/176950
identifier_str_mv	10.4301/S1807-1775201916007
dc.language.iso.fl_str_mv	eng
language	eng
dc.relation.none.fl_str_mv	https://www.revistas.usp.br/jistem/article/view/176950/164218
dc.rights.driver.fl_str_mv	Copyright (c) 2019 JISTEM - Journal of Information Systems and Technology Management (Online) http://creativecommons.org/licenses/by-nc/4.0 info:eu-repo/semantics/openAccess
rights_invalid_str_mv	Copyright (c) 2019 JISTEM - Journal of Information Systems and Technology Management (Online) http://creativecommons.org/licenses/by-nc/4.0
eu_rights_str_mv	openAccess
dc.format.none.fl_str_mv	application/pdf
dc.publisher.none.fl_str_mv	TECSI - FEA - Universidade de São Paulo. Faculdade de Economia, Administração, Contabilidade e Atuária
publisher.none.fl_str_mv	TECSI - FEA - Universidade de São Paulo. Faculdade de Economia, Administração, Contabilidade e Atuária
dc.source.none.fl_str_mv	Journal of Information Systems and Technology Management; v. 16 (2019); e201916007 Journal of Information Systems and Technology Management; Vol. 16 (2019); e201916007 Journal of Information Systems and Technology Management; Vol. 16 (2019); e201916007 1807-1775 reponame:Journal of Information Systems and Technology Management (Online) instname:Universidade de São Paulo (USP) instacron:USP
instname_str	Universidade de São Paulo (USP)
instacron_str	USP
institution	USP
reponame_str	Journal of Information Systems and Technology Management (Online)
collection	Journal of Information Systems and Technology Management (Online)
repository.name.fl_str_mv	Journal of Information Systems and Technology Management (Online) - Universidade de São Paulo (USP)
repository.mail.fl_str_mv	\|\|jistem@usp.br
_version_	1822180639279939584
dc.identifier.doi.none.fl_str_mv	10.4301/S1807-1775201916007

Multicriteria analysis of the compliance for the improvement of information security

Registros relacionados