A vikor-based multiple criteria decision method for improving information security risk

Yu Ping Ou Yang, How Ming Shieh, Jun Der Leu, Gwo Hshiung Tzeng

Research output: Contribution to journalArticlepeer-review

102 Scopus citations


Most multicriteria methods focus on ranking and selecting from a set of alternatives. These methods are usually used to compare all alternatives based on the synthesized scorings within a normalized scale with respect to the same criteria in multicriteria problems. However, the decision makers often simultaneously manage one or several alternatives/projects with conflicting and noncommensurable criteria to reduce the gaps to achieve the aspired grade in practice. They then need to rank the gaps that have not been reduced or improved (the unimproved gaps) for the alternatives/projects or aspects of a project to get the most benefit. Because these compared alternatives/projects do not usually have the same criteria/aspects, traditional methods are unsuitable to deal with them. Thus, this research proposes a new VIKOR method to solve this problem; this new method allows the decision maker to understand these gaps of the projects/aspects and rank them to improve these large gaps in control items to achieve the aspired level. Its concept originates in compromise solutions, in particular the VIKOR method. In addition, this research also provides an example of improving information security risk to demonstrate the suitability of this new method. The results show the effectiveness of the new method.

Original languageEnglish
Pages (from-to)267-287
Number of pages21
JournalInternational Journal of Information Technology and Decision Making
Issue number2
StatePublished - Jun 2009


  • Compromise solution
  • Information security management system (ISMS)
  • Multiple criteria decision making (MCDM)
  • Residual risk
  • Risk assessment


Dive into the research topics of 'A vikor-based multiple criteria decision method for improving information security risk'. Together they form a unique fingerprint.

Cite this