IDEAS home Printed from https://ideas.repec.org/a/gam/jmathe/v9y2021i9p1045-d549430.html
   My bibliography  Save this article

A Model for the Evaluation of Critical IT Systems Using Multicriteria Decision-Making with Elements for Risk Assessment

Author

Listed:
  • Davor Maček

    (Faculty of Organization and Informatics Varaždin, University of Zagreb, Pavlinska 2, 42000 Varaždin, Croatia)

  • Ivan Magdalenić

    (Faculty of Organization and Informatics Varaždin, University of Zagreb, Pavlinska 2, 42000 Varaždin, Croatia)

  • Nina Begičević Ređep

    (Faculty of Organization and Informatics Varaždin, University of Zagreb, Pavlinska 2, 42000 Varaždin, Croatia)

Abstract

One of the important objectives and concerns today is to find efficient means to manage the information security risks to which organizations are exposed. Due to a lack of necessary data and time and resource constraints, very often it is impossible to gather and process all of the required information about an IT system in order to properly assess it within an acceptable timeframe. That puts the organization into a state of increased security risk. One of the means to solve such complex problems is the use of multicriteria decision-making methods that have a strong mathematical foundation. This paper presents a hybrid multicriteria model for the evaluation of critical IT systems where the elements for risk analysis and assessment are used as evaluation criteria. The iterative steps of the design science research (DSR) methodology for development of a new multicriteria model for the objectives of evaluation, ranking, and selection of critical information systems are delineated. The main advantage of the new model is its use of generic criteria for risk assessment instead of redefining inherent criteria and calculating related weights for each individual IT system. That is why more efficient evaluation, ranking, and decision-making between several possible IT solutions can be expected. The proposed model was validated in a case study of online banking transaction systems and could be used as a generic model for the evaluation of critical IT systems.

Suggested Citation

  • Davor Maček & Ivan Magdalenić & Nina Begičević Ređep, 2021. "A Model for the Evaluation of Critical IT Systems Using Multicriteria Decision-Making with Elements for Risk Assessment," Mathematics, MDPI, vol. 9(9), pages 1-24, May.
    • Handle: RePEc:gam:jmathe:v:9:y:2021:i:9:p:1045-:d:549430
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2227-7390/9/9/1045/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2227-7390/9/9/1045/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Nikola Kadoić & Nina Begičević Ređep & Blaženka Divjak, 2018. "A new method for strategic decision-making in higher education," Central European Journal of Operations Research, Springer;Slovak Society for Operations Research;Hungarian Operational Research Society;Czech Society for Operations Research;Österr. Gesellschaft für Operations Research (ÖGOR);Slovenian Society Informatika - Section for Operational Research;Croatian Operational Research Society, vol. 26(3), pages 611-628, September.
    2. Antoine Bouveret, 2018. "Cyber Risk for the Financial Sector: A Framework for Quantitative Assessment," IMF Working Papers 2018/143, International Monetary Fund.
    3. Claudia Biancotti, 2017. "Cyber attacks: preliminary evidence from the Bank of Italy's business surveys," Questioni di Economia e Finanza (Occasional Papers) 373, Bank of Italy, Economic Research and International Relations Area.
    4. Nikola Kadoić & Blaženka Divjak & Nina Begičević Ređep, 2019. "Integrating the DEMATEL with the analytic network process for effective decision-making," Central European Journal of Operations Research, Springer;Slovak Society for Operations Research;Hungarian Operational Research Society;Czech Society for Operations Research;Österr. Gesellschaft für Operations Research (ÖGOR);Slovenian Society Informatika - Section for Operational Research;Croatian Operational Research Society, vol. 27(3), pages 653-678, September.
    5. Sheng-Li Si & Xiao-Yue You & Hu-Chen Liu & Ping Zhang, 2018. "DEMATEL Technique: A Systematic Review of the State-of-the-Art Literature on Methodologies and Applications," Mathematical Problems in Engineering, Hindawi, vol. 2018, pages 1-33, January.
    6. Kang Zhang & Liping Shao, 2015. "Research on the Quantitative Methods of Classified Information System Security Risk Assessment," Springer Books, in: Zhenji Zhang & Zuojun Max Shen & Juliang Zhang & Runtong Zhang (ed.), Liss 2014, edition 127, pages 571-575, Springer.
    7. Yanbing Ju & Aihua Wang & Tianhui You, 2015. "Emergency alternative evaluation and selection based on ANP, DEMATEL, and TL-TOPSIS," Natural Hazards: Journal of the International Society for the Prevention and Mitigation of Natural Hazards, Springer;International Society for the Prevention and Mitigation of Natural Hazards, vol. 75(2), pages 347-379, February.
    8. Michnik, Jerzy, 2013. "Weighted Influence Non-linear Gauge System (WINGS) – An analysis method for the systems of interrelated components," European Journal of Operational Research, Elsevier, vol. 228(3), pages 536-544.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Schulze-González, Erik & Pastor-Ferrando, Juan-Pascual & Aragonés-Beltrán, Pablo, 2023. "Clustering and reference value for assessing influence in analytic network process without pairwise comparison matrices: Study of 17 real cases," Operations Research Perspectives, Elsevier, vol. 10(C).
    2. Razika Malek & Qing Yang, 2023. "Analyzing Interrelationships and Prioritizing Performance Indicators in Global Product Development: Application in the Chinese Renewable Energy Sector," Sustainability, MDPI, vol. 15(14), pages 1-26, July.
    3. Erik Schulze-González & Juan-Pascual Pastor-Ferrando & Pablo Aragonés-Beltrán, 2021. "Testing a Recent DEMATEL-Based Proposal to Simplify the Use of ANP," Mathematics, MDPI, vol. 9(14), pages 1-23, July.
    4. Iñaki Aldasoro & Leonardo Gambacorta & Paolo Giudici & Thomas Leach, 2023. "Operational and Cyber Risks in the Financial Sector," International Journal of Central Banking, International Journal of Central Banking, vol. 19(5), pages 340-402, December.
    5. Priom Mahmud & Sanjoy Kumar Paul & Abdullahil Azeem & Priyabrata Chowdhury, 2021. "Evaluating Supply Chain Collaboration Barriers in Small- and Medium-Sized Enterprises," Sustainability, MDPI, vol. 13(13), pages 1-28, July.
    6. Lin, Sheng-Hau & Zhao, Xiaofeng & Wu, Jiuxing & Liang, Fachao & Li, Jia-Hsuan & Lai, Ren-Ji & Hsieh, Jing-Chzi & Tzeng, Gwo-Hshiung, 2021. "An evaluation framework for developing green infrastructure by using a new hybrid multiple attribute decision-making model for promoting environmental sustainability," Socio-Economic Planning Sciences, Elsevier, vol. 75(C).
    7. Changping Zhao & Juanjuan Sun & Yun Zhang, 2022. "A Study of the Drivers of Decarbonization in the Plastics Supply Chain in the Post-COVID-19 Era," Sustainability, MDPI, vol. 14(23), pages 1-20, November.
    8. Botond Bertók & Tibor Csendes & Tibor Jordán, 2019. "Editorial," Central European Journal of Operations Research, Springer;Slovak Society for Operations Research;Hungarian Operational Research Society;Czech Society for Operations Research;Österr. Gesellschaft für Operations Research (ÖGOR);Slovenian Society Informatika - Section for Operational Research;Croatian Operational Research Society, vol. 27(2), pages 325-327, June.
    9. José Ramón Martínez Resano, 2022. "Digital resilience and financial stability. The quest for policy tools in the financial sector," Financial Stability Review, Banco de España, issue NOV.
    10. Chris Florakis & Christodoulos Louca & Roni Michaely & Michael Weber, 2020. "Cybersecurity Risk," Working Papers 2020-178, Becker Friedman Institute for Research In Economics.
    11. Yuan-Wei Du & Wen Zhou, 2019. "DSmT-Based Group DEMATEL Method with Reaching Consensus," Group Decision and Negotiation, Springer, vol. 28(6), pages 1201-1230, December.
    12. Hossein Yousefi & Saheb Ghanbari Motlagh & Mohammad Montazeri, 2022. "Multi-Criteria Decision-Making System for Wind Farm Site-Selection Using Geographic Information System (GIS): Case Study of Semnan Province, Iran," Sustainability, MDPI, vol. 14(13), pages 1-27, June.
    13. Pablo Aragonés‐Beltrán & Mª. Carmen González‐Cruz & Astrid León‐Camargo & Rosario Viñoles‐Cebolla, 2023. "Assessment of regional development needs according to criteria based on the Sustainable Development Goals in the Meta Region (Colombia)," Sustainable Development, John Wiley & Sons, Ltd., vol. 31(2), pages 1101-1121, April.
    14. Daniel Celeny & Loic Mar'echal & Evgueni Rousselot & Alain Mermoud & Mathias Humbert, 2024. "Prioritizing Investments in Cybersecurity: Empirical Evidence from an Event Study on the Determinants of Cyberattack Costs," Papers 2402.04773, arXiv.org.
    15. Mahmood Safaei & Elankovan A. Sundararajan & Shahla Asadi & Mehrbakhsh Nilashi & Mohd Juzaiddin Ab Aziz & M. S. Saravanan & Maha Abdelhaq & Raed Alsaqour, 2022. "A Hybrid MCDM Approach Based on Fuzzy-Logic and DEMATEL to Evaluate Adult Obesity," IJERPH, MDPI, vol. 19(23), pages 1-21, November.
    16. Matteo Malavasi & Gareth W. Peters & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang & Georgy Sofronov, 2021. "Cyber Risk Frequency, Severity and Insurance Viability," Papers 2111.03366, arXiv.org, revised Mar 2022.
    17. Caporale, Guglielmo Maria & Kang, Woo-Young & Spagnolo, Fabio & Spagnolo, Nicola, 2020. "Non-linearities, cyber attacks and cryptocurrencies," Finance Research Letters, Elsevier, vol. 32(C).
    18. Wang, Qun & Jia, Guozhu & Song, Wenyan, 2022. "Identifying critical factors in systems with interrelated components: A method considering heterogeneous influence and strength attenuation," European Journal of Operational Research, Elsevier, vol. 303(1), pages 456-470.
    19. Lin, Sheng-Hau & Huang, Xianjin & Fu, Guole & Chen, Jia-Tsong & Zhao, Xiaofeng & Li, Jia-Hsuan & Tzeng, Gwo-Hshiung, 2021. "Evaluating the sustainability of urban renewal projects based on a model of hybrid multiple-attribute decision-making," Land Use Policy, Elsevier, vol. 108(C).
    20. Andrej Kastrin & Janez Povh & Lidija Zadnik Stirn & Janez Žerovnik, 2021. "Methodologies and applications for resilient global development from the aspect of SDI-SOR special issues of CJOR," Central European Journal of Operations Research, Springer;Slovak Society for Operations Research;Hungarian Operational Research Society;Czech Society for Operations Research;Österr. Gesellschaft für Operations Research (ÖGOR);Slovenian Society Informatika - Section for Operational Research;Croatian Operational Research Society, vol. 29(3), pages 773-790, September.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jmathe:v:9:y:2021:i:9:p:1045-:d:549430. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.