Introduction

Literature review

Methodology

Case study: information security RA for corrugated cardboard sector

Conclusion

References

Abstract

Risk analysis (RA) contains several methodologies that object to ensure the protection and safety of occupational stakeholders. Multi attribute decision-making (MADM) is one of the most important RA methodologies that is applied to several areas from manufacturing to information technology.With the widespread use of computer networks and the Internet, information security has become very important. Information security is vital as institutions are mostly dependent on information, technology, and systems. This requires a comprehensive and effective implementation of information security RA. Analytic hierarchy process (AHP) and technique for order preference by similarity to ideal solution (TOPSIS) are commonly used MADM methods and recently used for RA. In this study, a new RA methodology is proposed based on AHP–TOPSIS integration extended with Pythagorean fuzzy sets. AHP strengthened by interval-valued Pythagorean fuzzy numbers is used to weigh risk parameters with expert judgment. Then, TOPSIS with Pythagorean fuzzy numbers is used to prioritize previously identified risks. A comparison of the proposed approach with three approaches (classical RA method, Pythagorean fuzzy VIKOR and Pythagorean fuzzy MOORA) is also provided. To illustrate the feasibility and practicality of the proposed approach, a case study for information security RA in corrugated cardboard sector is executed.

Introduction

Information is a tool that people use to communicate among themselves from the moment they start living together. The nature and type of information technology have changed dramatically over the past decade. Simple and single batch applications are transformed into distributed computing environments including multitasking real-time control, and distributed processing. It is at least as important as the information itself to determine that information is valuable or worthless, or to measure the value carried by it. The most general definition of information security is that our own information is not passed on to anyone else. It is a combination of three main elements called “privacy”, “integrity”, and “accessibility”. Information is protected from unauthorized access which is called privacy. Integrity defined as information that is not altered by unauthorized persons. Information is available when authorized people are needed. Information is reachable and available when authorized people are needed which is called accessibility. If any of these three basic security elements are damaged, a security weakness occurs. Information security RA is essential for any corporate organizational system. It is essential to ensure that controls and expenditures are in full compliance with the risks that the organization is experiencing or experienced before. Organizations’ heavy dependence on information systems necessitates managing risks related to them [1]. One of the most important aspects of information security is technical measures. Given better access control policy models, better tools for system assessment and assurance should be resolved, including better ways to detect cryptographic formal evidence, protocols, approved firewalls, intrusions and malicious codes [2].