Multicriteria analysis of the compliance for the improvement on information security
Ver/ Abrir
Registro completo
Mostrar el registro completo DCFecha
2019Derechos
Attribution-NonCommercial 4.0 International
Publicado en
Journal of Information Systems and Technology Management - Jistem USP, Vol. 16, 2019
Editorial
Universidade de São Paulo, Faculdade de Economia, Administração e Contabilidade, Laboratório de Tecnologia e Sistemas de Informação
Palabras clave
Information security
Compliance
Security practices
Analytic hierarchy process
Decision support system
Resumen/Abstract
ABSTRACT: Information security is a current issue of protection of information assets that considers significant variables of a strategic, organizational and IT governance nature, and that requires to analyze the compliance with international standards that regulate business actions. In this way, the work analyzes institutional compliance to improve information security applying the Analytic Hierarchy Process methodology to the specific practices defined in ISO/IEC 27002:2013. Expert Choice has been used as Decision Support Systems that has generated as a result the ranking of priorities of the criteria and alternatives used in the decisional process. It has been later applied in a medium-sized Brazilian industrial company. The results identify that the main security practice is the one related to the independent critical analysis of information security.
Colecciones a las que pertenece
- D25 Artículos [480]