Applying Fuzzy AHP to Study the KSFs of Information Security Management

Abstract

The launch of the digital era has made information security management a most significant and critical issue. However, perfect information security management requires certain factors for complete success. This study aims to collect Key Success Factors (KSFs) for information security management through literature review and design of a questionnaire survey. This comprises four major aspects: (1) External dimension, (2) Internal dimension, (3) Technology dimension, and (4) Execution dimension. Based on these, we proceed with categorization and analysis using Fuzzy Analytic Hierarchy Process (Fuzzy AHP or FAHP), which was applied to this study to overcome the seeming failure of general Analytical Hierarchy Process (AHP) in dealing with respondents' impersonal differences in paired comparison. The ordered ranking of objectives under each aspect is: system, human resource, security function, organization, performance, operation, market, and legislation. The results sifted from the FAHP approach suggest five top key success factors: "Training Plan", "MIS Staffing", "System Structure", "Regulation", and "Maintain Service".