Multicriteria analysis of the compliance for the improvement on information security

Abstract: Information security is a current issue of protection of information assets that considers significant variables of a strategic, organizational and IT governance nature, and that requires to analyze the compliance with international standards that regulate business actions. In this way, the work analyzes institutional compliance to improve information security applying the Analytic Hierarchy Process methodology to the specific practices defined in ISO/IEC 27002:2013. Expert Choice has been used as Decision Support Systems that has generated as a result the ranking of priorities of the criteria and alternatives used in the decisional process. It has been later applied in a medium-sized Brazilian industrial company. The results identify that the main security practice is the one related to the independent critical analysis of information security.

Otras publicaciones de la misma revista o congreso con autores/as de la Universidad de Cantabria

 Fuente: Journal of Information Systems and Technology Management - Jistem USP, Vol. 16, 2019

Editorial: Universidade de São Paulo, Faculdade de Economia, Administração e Contabilidade, Laboratório de Tecnologia e Sistemas de Informação

 Año de publicación: 2019

Nº de páginas: 19

Tipo de publicación: Artículo de Revista

ISSN: 1809-2640,1807-1775