Combination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment

摘要

The organizations utilizing the cloud computing services are required to select suitable Information Security Controls (ISCs) to maintain data security and privacy. Many organizations bought popular products or traditional tools to select ISCs. However, selecting the wrong information security control without keeping in view severity of the risk, budgetary constraints, measures cost, and implementation and mitigation time may lead to leakage of data and resultantly, organizations may lose their user's information, face financial implications, even reputation of the organization may be damaged. Therefore, the organizations should evaluate each control based on certain criteria like implementation time, mitigation time, exploitation time, risk, budgetary constraints, and previous effectiveness of the control under review. In this article, the authors utilized the methodologies of the Multi Criteria Decision Making (MCDM), Analytic Hierarchy Process (AHP) and Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) to help the cloud organizations in the prioritization and selection of the best information security control. Furthermore, a numerical example is also given, depicting the step by step utilization of the method in cloud organizations for the prioritization of the information security controls.