AHP\u2013TOPSIS integration extended with Pythagorean fuzzy sets for information security risk analysis

M Fatih Ak,Muhammet Gul

doi:10.1007/s40747-018-0087-7

Abstract

Risk analysis (RA) contains several methodologies that object to ensure the protection and safety of occupational stakeholders. Multi attribute decision-making (MADM) is one of the most important RA methodologies that is applied to several areas from manufacturing to information technology. With the widespread use of computer networks and the Internet, information security has become very important. Information security is vital as institutions are mostly dependent on information, technology, and systems. This requires a comprehensive and effective implementation of information security RA. Analytic hierarchy process (AHP) and technique for order preference by similarity to ideal solution (TOPSIS) are commonly used MADM methods and recently used for RA. In this study, a new RA methodology is proposed based on AHP–TOPSIS integration extended with Pythagorean fuzzy sets. AHP strengthened by interval-valued Pythagorean fuzzy numbers is used to weigh risk parameters with expert judgment. Then, TOPSIS with Pythagorean fuzzy numbers is used to prioritize previously identified risks. A comparison of the proposed approach with three approaches (classical RA method, Pythagorean fuzzy VIKOR and Pythagorean fuzzy MOORA) is also provided. To illustrate the feasibility and practicality of the proposed approach, a case study for information security RA in corrugated cardboard sector is executed.

Highlights

Information is a tool that people use to communicate among themselves from the moment they start living together
These methods determine the score of risk parameters using crisp values, assume the risk parameters as independent and produce the same risk value by different combinations of risk parameters’
A new Risk analysis (RA) methodology is proposed based on Analytic hierarchy process (AHP)–TOPSIS integration extended with Pythagorean fuzzy sets and applied to the information security RA

Summary

Introduction

Information is a tool that people use to communicate among themselves from the moment they start living together. Simple and single batch applications are transformed into distributed computing environments including multitasking real-time control, and distributed processing It is at least as important as the information itself to determine that information is valuable or worthless, or to measure the value carried by it. RA is a core part of a risk management process designed to set up required appropriate level of security for information systems [3]. With the widespread use of the internet and the development of technology, threats related to information security are increasing and diversifying. There is a rapid development of information security risk assessment ways. To ensure the security of computers and networks, to keep unauthorized persons away from the system, or to prevent them from entering the system and acquiring the information, firstly, comprehensive risk assessment is required for the whole system. RA deals with all aspects of information security [5]

Objectives

Methods

Results

Conclusion