A web-based multi-perspective decision support system for information security planning

With the increasing exposure and vulnerability to cyber attacks, it becomes necessary to develop methodologies and systems that are capable of dealing with the complex and multifaceted nature of decision situations encountered in security planning and management. In this paper we present the theoretical basis, architecture and design of a web-based multi-perspective decision support system (DSS) and an underlying decision multi-criteria decision framework that is consistent with security and decision theory. The system is illustrated through a multi-stakeholder scenario that captures the complexity encountered in a multi-criteria security control selection decision problem

Information Security Risk Management: In Which Security Solutions Is It Worth Investing?

As companies are increasingly exposed to information security threats, decision makers are permanently forced to pay attention to security issues. Information security risk management provides an approach for measuring the security through risk assessment, risk mitigation, and risk evaluation. Although a variety of approaches have been proposed, decision makers lack well-founded techniques that (1) show them what they are getting for their investment, (2) show them if their investment is efficient, and (3) do not demand in-depth knowledge of the IT security domain. This article defines a methodology for management decision makers that effectively addresses these problems. This work involves the conception, design, and implementation of the methodology into a software solution. The results from two qualitative case studies show the advantages of this methodology in comparison to established methodologies