IDEAS home Printed from https://ideas.repec.org/a/gam/jmathe/v9y2021i9p1045-d549430.html
   My bibliography  Save this article

A Model for the Evaluation of Critical IT Systems Using Multicriteria Decision-Making with Elements for Risk Assessment

Author

Listed:
  • Davor Maček

    (Faculty of Organization and Informatics Varaždin, University of Zagreb, Pavlinska 2, 42000 Varaždin, Croatia)

  • Ivan Magdalenić

    (Faculty of Organization and Informatics Varaždin, University of Zagreb, Pavlinska 2, 42000 Varaždin, Croatia)

  • Nina Begičević Ređep

    (Faculty of Organization and Informatics Varaždin, University of Zagreb, Pavlinska 2, 42000 Varaždin, Croatia)

Abstract

One of the important objectives and concerns today is to find efficient means to manage the information security risks to which organizations are exposed. Due to a lack of necessary data and time and resource constraints, very often it is impossible to gather and process all of the required information about an IT system in order to properly assess it within an acceptable timeframe. That puts the organization into a state of increased security risk. One of the means to solve such complex problems is the use of multicriteria decision-making methods that have a strong mathematical foundation. This paper presents a hybrid multicriteria model for the evaluation of critical IT systems where the elements for risk analysis and assessment are used as evaluation criteria. The iterative steps of the design science research (DSR) methodology for development of a new multicriteria model for the objectives of evaluation, ranking, and selection of critical information systems are delineated. The main advantage of the new model is its use of generic criteria for risk assessment instead of redefining inherent criteria and calculating related weights for each individual IT system. That is why more efficient evaluation, ranking, and decision-making between several possible IT solutions can be expected. The proposed model was validated in a case study of online banking transaction systems and could be used as a generic model for the evaluation of critical IT systems.

Suggested Citation

  • Davor Maček & Ivan Magdalenić & Nina Begičević Ređep, 2021. "A Model for the Evaluation of Critical IT Systems Using Multicriteria Decision-Making with Elements for Risk Assessment," Mathematics, MDPI, vol. 9(9), pages 1-24, May.
    • Handle: RePEc:gam:jmathe:v:9:y:2021:i:9:p:1045-:d:549430
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2227-7390/9/9/1045/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2227-7390/9/9/1045/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Kang Zhang & Liping Shao, 2015. "Research on the Quantitative Methods of Classified Information System Security Risk Assessment," Springer Books, in: Zhenji Zhang & Zuojun Max Shen & Juliang Zhang & Runtong Zhang (ed.), Liss 2014, edition 127, pages 571-575, Springer.
    2. Yanbing Ju & Aihua Wang & Tianhui You, 2015. "Emergency alternative evaluation and selection based on ANP, DEMATEL, and TL-TOPSIS," Natural Hazards: Journal of the International Society for the Prevention and Mitigation of Natural Hazards, Springer;International Society for the Prevention and Mitigation of Natural Hazards, vol. 75(2), pages 347-379, February.
    3. Michnik, Jerzy, 2013. "Weighted Influence Non-linear Gauge System (WINGS) – An analysis method for the systems of interrelated components," European Journal of Operational Research, Elsevier, vol. 228(3), pages 536-544.
    4. Nikola Kadoić & Nina Begičević Ređep & Blaženka Divjak, 2018. "A new method for strategic decision-making in higher education," Central European Journal of Operations Research, Springer;Slovak Society for Operations Research;Hungarian Operational Research Society;Czech Society for Operations Research;Österr. Gesellschaft für Operations Research (ÖGOR);Slovenian Society Informatika - Section for Operational Research;Croatian Operational Research Society, vol. 26(3), pages 611-628, September.
    5. Antoine Bouveret, 2018. "Cyber Risk for the Financial Sector: A Framework for Quantitative Assessment," IMF Working Papers 2018/143, International Monetary Fund.
    6. Claudia Biancotti, 2017. "Cyber attacks: preliminary evidence from the Bank of Italy's business surveys," Questioni di Economia e Finanza (Occasional Papers) 373, Bank of Italy, Economic Research and International Relations Area.
    7. Nikola Kadoić & Blaženka Divjak & Nina Begičević Ređep, 2019. "Integrating the DEMATEL with the analytic network process for effective decision-making," Central European Journal of Operations Research, Springer;Slovak Society for Operations Research;Hungarian Operational Research Society;Czech Society for Operations Research;Österr. Gesellschaft für Operations Research (ÖGOR);Slovenian Society Informatika - Section for Operational Research;Croatian Operational Research Society, vol. 27(3), pages 653-678, September.
    8. Sheng-Li Si & Xiao-Yue You & Hu-Chen Liu & Ping Zhang, 2018. "DEMATEL Technique: A Systematic Review of the State-of-the-Art Literature on Methodologies and Applications," Mathematical Problems in Engineering, Hindawi, vol. 2018, pages 1-33, January.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Schulze-González, Erik & Pastor-Ferrando, Juan-Pascual & Aragonés-Beltrán, Pablo, 2023. "Clustering and reference value for assessing influence in analytic network process without pairwise comparison matrices: Study of 17 real cases," Operations Research Perspectives, Elsevier, vol. 10(C).
    2. Razika Malek & Qing Yang, 2023. "Analyzing Interrelationships and Prioritizing Performance Indicators in Global Product Development: Application in the Chinese Renewable Energy Sector," Sustainability, MDPI, vol. 15(14), pages 1-26, July.
    3. Erik Schulze-González & Juan-Pascual Pastor-Ferrando & Pablo Aragonés-Beltrán, 2021. "Testing a Recent DEMATEL-Based Proposal to Simplify the Use of ANP," Mathematics, MDPI, vol. 9(14), pages 1-23, July.
    4. Iñaki Aldasoro & Leonardo Gambacorta & Paolo Giudici & Thomas Leach, 2023. "Operational and Cyber Risks in the Financial Sector," International Journal of Central Banking, International Journal of Central Banking, vol. 19(5), pages 340-402, December.
    5. Priom Mahmud & Sanjoy Kumar Paul & Abdullahil Azeem & Priyabrata Chowdhury, 2021. "Evaluating Supply Chain Collaboration Barriers in Small- and Medium-Sized Enterprises," Sustainability, MDPI, vol. 13(13), pages 1-28, July.
    6. Botond Bertók & Tibor Csendes & Tibor Jordán, 2019. "Editorial," Central European Journal of Operations Research, Springer;Slovak Society for Operations Research;Hungarian Operational Research Society;Czech Society for Operations Research;Österr. Gesellschaft für Operations Research (ÖGOR);Slovenian Society Informatika - Section for Operational Research;Croatian Operational Research Society, vol. 27(2), pages 325-327, June.
    7. José Ramón Martínez Resano, 2022. "Digital resilience and financial stability. The quest for policy tools in the financial sector," Financial Stability Review, Banco de España, issue Autumn.
    8. Matteo Malavasi & Gareth W. Peters & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang & Georgy Sofronov, 2021. "Cyber Risk Frequency, Severity and Insurance Viability," Papers 2111.03366, arXiv.org, revised Mar 2022.
    9. Junling Zhang & Gajanan G. Hegde & Jennifer Shang & Xiaowen Qi, 2016. "Evaluating Emergency Response Solutions for Sustainable Community Development by Using Fuzzy Multi-Criteria Group Decision Making Approaches: IVDHF-TOPSIS and IVDHF-VIKOR," Sustainability, MDPI, vol. 8(4), pages 1-28, March.
    10. Amstad, Marlene, 2019. "Regulating Fintech: Objectives, Principles, and Practices," ADBI Working Papers 1016, Asian Development Bank Institute.
    11. Haidong Guo & Xingshan Gao & Qiangqiang Lin & Baosheng Gao, 2023. "Assessing the Degradation of Safety Management Performance in Large Construction Projects: An Investigation and Decision Model Based on Complex Network Modeling," Sustainability, MDPI, vol. 15(16), pages 1-26, August.
    12. Silvia Facchinetti & Paolo Giudici & Silvia Angela Osmetti, 2020. "Cyber risk measurement with ordinal data," Statistical Methods & Applications, Springer;Società Italiana di Statistica, vol. 29(1), pages 173-185, March.
    13. Rui Meng & Lirong Zhang & Hongkuan Zang & Shichao Jin, 2021. "Evaluation of Environmental and Economic Integrated Benefits of Photovoltaic Poverty Alleviation Technology in the Sanjiangyuan Region of Qinghai Province," Sustainability, MDPI, vol. 13(23), pages 1-19, November.
    14. Gul Shah Sabary & Lukáš Durda & Arif Ibne Asad & Aleksandr Kljuènikov, 2023. "Key motivational factors behind Asian immigrant entrepreneurship: A causal relationship analysis employing the DEMATEL approach for Germany," Equilibrium. Quarterly Journal of Economics and Economic Policy, Institute of Economic Research, vol. 18(1), pages 287-318, March.
    15. Chris Florackis & Christodoulos Louca & Roni Michaely & Michael Weber, 2023. "Cybersecurity Risk," The Review of Financial Studies, Society for Financial Studies, vol. 36(1), pages 351-407.
    16. Chang, Victor & Hahm, Nattareya & Xu, Qianwen Ariel & Vijayakumar, P. & Liu, Ling, 2024. "Towards data and analytics driven B2B-banking for green finance: A cross-selling use case study," Technological Forecasting and Social Change, Elsevier, vol. 206(C).
    17. Dan Wang & Liang Yan & Fangli Ruan, 2022. "A Combined IO-DEMATEL Analysis for Evaluating Sustainable Effects of the Sharing Related Industries Development," Sustainability, MDPI, vol. 14(9), pages 1-23, May.
    18. Aldasoro, Iñaki & Gambacorta, Leonardo & Giudici, Paolo & Leach, Thomas, 2022. "The drivers of cyber risk," Journal of Financial Stability, Elsevier, vol. 60(C).
    19. Salman Shooshtarian & Argaw Tarekegn Gurmu & Muhammad Nateque Mahmood, 2024. "Application of the DEMATEL approach to analyse the root causes of building defects," Quality & Quantity: International Journal of Methodology, Springer, vol. 58(5), pages 4641-4660, October.
    20. Isabela Caroline de Sousa & Tiago F. A. C. Sigahi & Izabela Simon Rampasso & Gustavo Hermínio Salati Marcondes de Moraes & Walter Leal Filho & João Henrique Paulino Pires Eustachio & Rosley Anholon, 2024. "A Delphi–Fuzzy Delphi Study on SDGs 9 and 12 after COVID-19: Case Study in Brazil," Forecasting, MDPI, vol. 6(3), pages 1-18, July.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jmathe:v:9:y:2021:i:9:p:1045-:d:549430. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.