Identifying core control items of information security management and improvement strategies by applying fuzzy DEMATEL
Abstract
Purpose
The purpose of this paper is to analyze the cause-and-effect relationship and the mutually influential level among information security control items, as well as to provide organizations with a method for analyzing and making systematic decisions for improvement.
Design/methodology/approach
This study utilized the Fuzzy DEMATEL to analyze cause-and-effect relationships and mutual influence of the 11 control items of the International Organization for Standardization (ISO) 27001 Information Security Management System (ISMS), which are discussed by seven experts in Taiwan to identify the core control items for developing the improvement strategies.
Findings
The study has found that the three core control items of the ISMS are security policy (SC1), access control (SC7) and human resource security (SC4). This study provides organizations with a direction to develop improvement strategies and effectively manage the ISMS of the organization.
Originality/value
The value of this study is for an organization to effectively dedicate resources to core control items, such that other control items are driven toward positive change by analyzing the cause-and-effect relation and the mutual influential level among information security control items, through a cause-and-effect matrix and a systematic diagram.
Keywords
Citation
Ho, L.-H., Hsu, M.-T. and Yen, T.-M. (2015), "Identifying core control items of information security management and improvement strategies by applying fuzzy DEMATEL", Information and Computer Security, Vol. 23 No. 2, pp. 161-177. https://doi.org/10.1108/ICS-04-2014-0026
Publisher
:Emerald Group Publishing Limited
Copyright © 2015, Emerald Group Publishing Limited