Adaptive Security Activities Selection Model Using Multi-Criteria Decision-Making Methods

Adaptive security activities are a list of recommended security activities to be integrated smoothly with the software development life cycle (SDLC) to produce a secure application software. Adaptive security activities are needed due to the emergence of factors and constraints which have been determined as one of the reasons for the underutilisation of security activities implementation, especially in the earlier phase of software development process. Security activities selection models were proposed to select and recommend security activities but the models were focused on certain factors or as a solution for specific constraints, and thus the recommended security activities were not adaptive. Consequently, an adaptive security activities selection (ASAS) model was proposed by combining the factors and constraints faced by the development team in selecting security activities. The model consisted of two integrated multi-criteria decisionmaking (MCDM) methods, namely Analytic Network Process (ANP) and Reference Ideal Method (RIM). ANP was used to prioritise and weight the criteria while RIM was used to measure and evaluate the security activities with the value of constraints in regard to each criterion. To validate the model a case study was performed on four inhouse web application development teams in the Malaysian public sector. The proposed model was able to recommend security activities in the requirement and design phase based on different constraints faced by each of the development teams. The model was adaptive due to its flexibility and ability to change and suit different evolved conditions when recommending the security activities

Referans İdeal Metodu ile Finansal Performans Analizi: BİST Sigorta Şirketleri Üzerinde Bir Uygulama

Finansal oranlara dayanan performans değerlendirmesi çalışmalarında Çok Kriterli Karar Verme (ÇKKV) yöntemleri kullanılmaktadır. Referans İdeal Metodu (RİM) yeni geliştirilmiş bir ÇKKV yöntemidir. Yöntemin diğer ÇKKV yöntemlerinden farkı kriterler için ideal aralık ya da nokta kullanıyor olmasıdır. Bazı finansal oranlar için tavsiye edilen ideal aralıklar vardır. Bu finansal oranlar kullanılarak yapılan performans değerlendirmesi çalışmaları RİM’i uygun bir yöntem haline getirmektedir. Bu nedenle bu çalışmada RİM kullanarak finansal oranlara dayanan performans değerlendirmesi yapılmış ve RİM’in bu alanda kullanılmasının uygunluğu incelenmiştir. Çalışmanın sonucunda RİM’in finansal oranlara dayalı performans değerlendirilmesinde uygun bir yöntem olduğu görülmüştür. Ancak karar vericiler ideal aralık belirlenirken dikkatli olmalıdır

Dealing with User Constraints in MCDM Based Web Service Selection

International audienc