• DocumentCode
    2130503
  • Title

    On Selecting Critical Security Controls

  • Author

    Breier, Jakub ; Hudec, Ladislav

  • Author_Institution
    Fac. of Inf. & Inf. Technol., Slovak Univ. of Technol., Bratislava, Slovenia
  • fYear
    2013
  • fDate
    2-6 Sept. 2013
  • Firstpage
    582
  • Lastpage
    588
  • Abstract
    Selection of proper security controls is an important part of building a secure information infrastructure in an organization. There exist many databases of security controls, but the final selection is left on security managers that have to make decisions based on their skills and experience. In this paper, we propose a novel approach, based on grey relational analysis combined with the TOPSIS decision making method, providing a quantitative technique for the security controls selection and prioritization. Our method can help security managers more effectively perform their decisions in this field.
  • Keywords
    database management systems; decision making; grey systems; security of data; TOPSIS decision making method; critical security controls; grey relational analysis; quantitative technique; secure information infrastructure; security control databases; security control prioritization; security control selection; security managers; Cost accounting; Decision making; Organizations; Risk analysis; Security; Standards organizations; TOPSIS; grey relational analysis; information security; risk analysis; security controls;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security (ARES), 2013 Eighth International Conference on
  • Conference_Location
    Regensburg
  • Type

    conf

  • DOI
    10.1109/ARES.2013.77
  • Filename
    6657293