Multicriteria analysis of the compliance for the improvement of information security

Detalhes bibliográficos
Autor(a) principal: Solana-González, Pedro
Data de Publicação: 2019
Outros Autores: Vanti, Adolfo Alberto, Fontana, Karen Hackbart Souza
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Journal of Information Systems and Technology Management (Online)
Texto Completo: https://www.revistas.usp.br/jistem/article/view/176950
Resumo: Information security is a current issue of protection of information assets that considers significant variables of a strategic, organizational and IT governance nature, and that requires to analyze the compliance with international standards that regulate business actions. In this way, the work analyzes institutional compliance to improve information security applying the Analytic Hierarchy Process methodology to the specific practices defined in ISO/IEC 27002:2013. Expert Choice has been used as Decision Support Systems that has generated as a result the ranking of priorities of the criteria and alternatives used in the decisional process. It has been later applied in a medium-sized Brazilian industrial company. The results identify that the main security practice is the one related to the independent critical analysis of information security.
id USP-33_262d5339a3c3a115fda1c5f3ff4d94df
oai_identifier_str oai:revistas.usp.br:article/176950
network_acronym_str USP-33
network_name_str Journal of Information Systems and Technology Management (Online)
repository_id_str
spelling Multicriteria analysis of the compliance for the improvement of information securityInformation securityComplianceSecurity practices,Analytic hierarchy processDecision support systemInformation security is a current issue of protection of information assets that considers significant variables of a strategic, organizational and IT governance nature, and that requires to analyze the compliance with international standards that regulate business actions. In this way, the work analyzes institutional compliance to improve information security applying the Analytic Hierarchy Process methodology to the specific practices defined in ISO/IEC 27002:2013. Expert Choice has been used as Decision Support Systems that has generated as a result the ranking of priorities of the criteria and alternatives used in the decisional process. It has been later applied in a medium-sized Brazilian industrial company. The results identify that the main security practice is the one related to the independent critical analysis of information security.TECSI - FEA - Universidade de São Paulo. Faculdade de Economia, Administração, Contabilidade e Atuária2019-03-20info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersionapplication/pdfhttps://www.revistas.usp.br/jistem/article/view/17695010.4301/S1807-1775201916007Journal of Information Systems and Technology Management; v. 16 (2019); e201916007Journal of Information Systems and Technology Management; Vol. 16 (2019); e201916007Journal of Information Systems and Technology Management; Vol. 16 (2019); e2019160071807-1775reponame:Journal of Information Systems and Technology Management (Online)instname:Universidade de São Paulo (USP)instacron:USPenghttps://www.revistas.usp.br/jistem/article/view/176950/164218Copyright (c) 2019 JISTEM - Journal of Information Systems and Technology Management (Online)http://creativecommons.org/licenses/by-nc/4.0info:eu-repo/semantics/openAccessSolana-González, Pedro Vanti, Adolfo Alberto Fontana, Karen Hackbart Souza 2021-05-17T05:33:30Zoai:revistas.usp.br:article/176950Revistahttp://www.scielo.br/scielo.php?script=sci_serial&pid=1807-1775&lng=pt&nrm=isoPUBhttps://old.scielo.br/oai/scielo-oai.php||jistem@usp.br1807-17751807-1775opendoar:2021-05-17T05:33:30Journal of Information Systems and Technology Management (Online) - Universidade de São Paulo (USP)false
dc.title.none.fl_str_mv Multicriteria analysis of the compliance for the improvement of information security
title Multicriteria analysis of the compliance for the improvement of information security
spellingShingle Multicriteria analysis of the compliance for the improvement of information security
Solana-González, Pedro
Information security
Compliance
Security practices,
Analytic hierarchy process
Decision support system
title_short Multicriteria analysis of the compliance for the improvement of information security
title_full Multicriteria analysis of the compliance for the improvement of information security
title_fullStr Multicriteria analysis of the compliance for the improvement of information security
title_full_unstemmed Multicriteria analysis of the compliance for the improvement of information security
title_sort Multicriteria analysis of the compliance for the improvement of information security
author Solana-González, Pedro
author_facet Solana-González, Pedro
Vanti, Adolfo Alberto
Fontana, Karen Hackbart Souza
author_role author
author2 Vanti, Adolfo Alberto
Fontana, Karen Hackbart Souza
author2_role author
author
dc.contributor.author.fl_str_mv Solana-González, Pedro
Vanti, Adolfo Alberto
Fontana, Karen Hackbart Souza
dc.subject.por.fl_str_mv Information security
Compliance
Security practices,
Analytic hierarchy process
Decision support system
topic Information security
Compliance
Security practices,
Analytic hierarchy process
Decision support system
description Information security is a current issue of protection of information assets that considers significant variables of a strategic, organizational and IT governance nature, and that requires to analyze the compliance with international standards that regulate business actions. In this way, the work analyzes institutional compliance to improve information security applying the Analytic Hierarchy Process methodology to the specific practices defined in ISO/IEC 27002:2013. Expert Choice has been used as Decision Support Systems that has generated as a result the ranking of priorities of the criteria and alternatives used in the decisional process. It has been later applied in a medium-sized Brazilian industrial company. The results identify that the main security practice is the one related to the independent critical analysis of information security.
publishDate 2019
dc.date.none.fl_str_mv 2019-03-20
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
info:eu-repo/semantics/publishedVersion
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv https://www.revistas.usp.br/jistem/article/view/176950
10.4301/S1807-1775201916007
url https://www.revistas.usp.br/jistem/article/view/176950
identifier_str_mv 10.4301/S1807-1775201916007
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv https://www.revistas.usp.br/jistem/article/view/176950/164218
dc.rights.driver.fl_str_mv Copyright (c) 2019 JISTEM - Journal of Information Systems and Technology Management (Online)
http://creativecommons.org/licenses/by-nc/4.0
info:eu-repo/semantics/openAccess
rights_invalid_str_mv Copyright (c) 2019 JISTEM - Journal of Information Systems and Technology Management (Online)
http://creativecommons.org/licenses/by-nc/4.0
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv TECSI - FEA - Universidade de São Paulo. Faculdade de Economia, Administração, Contabilidade e Atuária
publisher.none.fl_str_mv TECSI - FEA - Universidade de São Paulo. Faculdade de Economia, Administração, Contabilidade e Atuária
dc.source.none.fl_str_mv Journal of Information Systems and Technology Management; v. 16 (2019); e201916007
Journal of Information Systems and Technology Management; Vol. 16 (2019); e201916007
Journal of Information Systems and Technology Management; Vol. 16 (2019); e201916007
1807-1775
reponame:Journal of Information Systems and Technology Management (Online)
instname:Universidade de São Paulo (USP)
instacron:USP
instname_str Universidade de São Paulo (USP)
instacron_str USP
institution USP
reponame_str Journal of Information Systems and Technology Management (Online)
collection Journal of Information Systems and Technology Management (Online)
repository.name.fl_str_mv Journal of Information Systems and Technology Management (Online) - Universidade de São Paulo (USP)
repository.mail.fl_str_mv ||jistem@usp.br
_version_ 1800222953513680896

Registros relacionados