Year-end Sale % OFF 
Abstract
This paper aims to show how creating a risk plan can be solved with the help of the constructivist multicriteria method. A case study using Multicriteria Decision Aid Constructivist (MCDA-C) was applied, with cybersecurity framework’s controls as a reference. The study was conducted in a large Brazilian bank in Brazil. The relevance of this work is the need to show that the application of multicriteria methods can be applied in the context of information security, which recommends the use of such methods to assist in risk analysis. The methodology used in this study was both quantitative and qualitative, obtaining primary data through brainstorming with decision-makers and forms answered by experts. The secondary data were obtained through the Framework for Improving Critical Infrastructure Cybersecurity, created by NIST - the National Institute of Standards and Technology of the United States. The problem was structured according to the constructivist method, and the data collected were processed and calculated. The study concluded that the category of Security Continuous Monitoring controls stood out compared to other categories. It also shows the importance of applying the constructivist method for the management of cyber risks by unravelling a problem and providing a basis for decision making. Our work contributes to a better understanding of risk management, encouraging the adoption of the constructivist method as a form of risk management best practice.
Highlights
The role played by technology has increased drastically in individuals’ and companies' lives in recent decades
The Multicriteria Decision Aid Constructivist (MCDA-C) method was used in the controls of the incident detection module of the NIST "Framework for Improving Critical Infrastructure Cybersecurity"
This article is structured as follows: Section 2 lists some related work in cybersecurity using multicriteria methods; Section 3 presents the risk management process; Section 4 describes multicriteria decision analysis (MCDA)-C, i.e., the multicriteria method used in the paper; Section 5 presents The Framework for Improving Critical Infrastructure Cybersecurity of NIST used as a reference risk management model; Section 6 describes and explains the operation of MyMCDA-C, the software used to assist this project; Section 7 presents the research design; Section 8 discusses the results obtained in the paper; and Section 9 presents the conclusions and future work
Summary
The role played by technology has increased drastically in individuals’ and companies' lives in recent decades. Some tools can collaborate to implement this risk plan, and International Organization for Standardization (ISO) 31.010:2012 has shown that multicriteria decision methods are applicable for identifying, analyzing, evaluating, and prioritizing risks This standard displays multicriteria methods that result in an order of priorities through analyzing several criteria to be evaluated. ISO 31.010:2012 shows that in addition to multicriteria methods aiding in decision making, they make the problem more manageable In this way, multicriteria methods can reduce the complexity and help in cost-benefit analysis. The Multicriteria Decision Aid Constructivist (MCDA-C) method was used in the controls of the incident detection module of the NIST "Framework for Improving Critical Infrastructure Cybersecurity" This choice was made due to the corporation's need to review these controls within a more comprehensive process that deals with all risk management principles. This article is structured as follows: Section 2 lists some related work in cybersecurity using multicriteria methods; Section 3 presents the risk management process; Section 4 describes MCDA-C, i.e., the multicriteria method used in the paper; Section 5 presents The Framework for Improving Critical Infrastructure Cybersecurity of NIST used as a reference risk management model; Section 6 describes and explains the operation of MyMCDA-C, the software used to assist this project; Section 7 presents the research design; Section 8 discusses the results obtained in the paper; and Section 9 presents the conclusions and future work
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
