Prioritizing Security Controls Using Multiple Criteria Decision Making Open Access
Downloadable ContentDownload PDF
Hundreds of thousands of home users are victimized by cyber-attacks every year. Many experts agree that average home users are not doing enough to protect their home computers from cyber-attacks. Improperly managed home computers can lead to individuals losing data, systems performing slowly, identity loss or theft, and ransom payments. En masse attacks can act in concert to infect personal computers in business and government. Home users currently receive conflicting guidance, often in the form of recommendations such as 'Top 10’ lists which are not appropriate for their specific needs. In many instances users ignore all guidance. Often, these ‘Top 10’ lists appear to be based solely on subjective opinion. Ultimately, the researchers asked themselves the following question: how can we provide home users with better guidance for determining and applying appropriate security controls that meet their needs and can be verified by the cyber security community? This praxis proposes a methodology for determining and prioritizing the most appropriate security controls for home computing. Using Multi Criteria Decision Making (MCDM) and subject matter expertise, this praxis identifies, analyzes and prioritizes security controls used by government and industry to determine which controls can substantively improve home computing security. This praxis will then apply our methodology using examples to demonstrate its benefits.