Ranking Criteria of Enterprise Information Security Architecture Using Fuzzy Topsis

Abstract

Information security against hacking, altering, corrupting, and divulging data is vital and inevitable and it requires an effective management in every organization. Some of the upcoming challenges can be the study of available frameworks in Enterprise Information Security Architecture (EISA) as well as criteria extraction in this field. In this study a method has been adopted in order to extract and categorize important and effective criteria in the field of information security by studying the major dimensions of EISA including standards, policies and procedures, organization infrastructure, user awareness and training, security base lines, risk assessment and compliance. Gartner's framework has been applied as a fundamental model to categorize the criteria. To assess the proposed model, a questionnaire was prepared and a group of EISA professionals completed it. The Fuzzy TOPSIS was used to quantify the data and prioritize criteria. It could be concluded that the database and database security criteria, inner software security, electronic exchange security and supervising malicious software can be high priorities.