Multi-level hesitant fuzzy based model for usable-security assessment

Abstract

Present day healthcare sector is frequently victimized by the intruders. Healthcare data industry has borne the brunt of the highest number of data breach episodes in the last few years. The key reason for this is attributed to the sensitiv-ity of healthcare data and the high costs entailed in trading the data over the dark web. Hence, usable-security evaluation of healthcare information systems is the need of hour so as to identify the vulnerabilities and provide preventive measures as a shield against the breaches. Usable-security assessment will help the software designers and developers to prioritize usable-security attributes according to the customers’ needs and bridge the security gap. This study, in particular, evaluates the usable-security of Health Information Software Systems (HISS) in design tactics perspective by using Multi Criteria Decision Making (MCDM) problem solving techniques. Hesitant fuzzy based Analytical Hierarchy Process (AHP) and Technique for Order of Preference by Similarity to Ideal-Solutions (TOPSIS) methods have been applied to conduct the quantitative analysis of usable-security of software. Five attributes and 12 sub-attributes with 6 HISS alternatives of Indian hospitals have been considered in this work for usable-security assessment. To draw a priority list from the analysis, the results of the study show that the selected usable-security attributes attained the following ranking order: User-Error protection, Learnability, Data validation, Robustness, Revoke access, Intrusion detection, Authentication, Encryption, Limit access, Reliability, Efficiency, Audit trail respectively. Furthermore, HISS-1 alternative achieved the highest satisfac-tion degree followed by HISS-2 and HISS-4. HISS-6 got the lowest score in the context of providing ideal usable-security mechanism. The present research endeavour will be helpful for the software designers as the findings of the study will facilitate in developing secure and usable software products from the initial stages of the software development process itself.