A VIKOR-BASED MULTIPLE CRITERIA DECISION METHOD FOR IMPROVING INFORMATION SECURITY RISK

Abstract

Most multicriteria methods focus on ranking and selecting from a set of alternatives. These methods are usually used to compare all alternatives based on the synthesized scorings within a normalized scale with respect to the same criteria in multicriteria problems. However, the decision makers often simultaneously manage one or several alternatives/projects with conflicting and noncommensurable criteria to reduce the gaps to achieve the aspired grade in practice. They then need to rank the gaps that have not been reduced or improved (the unimproved gaps) for the alternatives/projects or aspects of a project to get the most benefit. Because these compared alternatives/projects do not usually have the same criteria/aspects, traditional methods are unsuitable to deal with them. Thus, this research proposes a new VIKOR method to solve this problem; this new method allows the decision maker to understand these gaps of the projects/aspects and rank them to improve these large gaps in control items to achieve the aspired level. Its concept originates in compromise solutions, in particular the VIKOR method. In addition, this research also provides an example of improving information security risk to demonstrate the suitability of this new method. The results show the effectiveness of the new method.