Authors: Theodoros Ntouskas; Nineta Polemi
Addresses: Informatics Department, University of Piraeus, Karaoli and Dimitriou str 80, 18534 Piraeus, Greece. ' Informatics Department, University of Piraeus, Karaoli and Dimitriou str 80, 18534 Piraeus, Greece
Abstract: Risk management (RM) is a necessary process in order to identify, categorise and handle security threats, vulnerabilities and risks of information and communication systems (ICS). Existing RM methodologies for the implementation of standards impose various barriers (e.g., limitation in knowledge gathering, time and resources consumption, and cost) which make them unable to meet the growing needs of the current distributed and complex ICS and their hosting critical data and services. Identifying these weaknesses, we treat RM as a multi-criteria problem and we propose a multi-criteria group decision making methodology STORM-RM for its solution combining the analytic hierarchy process (AHP) with security management standards (ISO27001 and AS/NZS 4360).
Keywords: risk management; STORM-RM; analytical hierarchy process; AHP; multicriteria decision making; MCDM; collaboration; methodology; group decision making; security management standards.
International Journal of Multicriteria Decision Making, 2012 Vol.2 No.2, pp.159 - 177
Published online: 22 May 2012 *Full-text access for editors Access for subscribers Purchase this article Comment on this article