{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,5]],"date-time":"2026-02-05T09:38:25Z","timestamp":1770284305431,"version":"3.49.0"},"reference-count":24,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2016,2,1]],"date-time":"2016-02-01T00:00:00Z","timestamp":1454284800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Inf Syst E-Bus Manage"],"published-print":{"date-parts":[[2017,2]]},"DOI":"10.1007\/s10257-016-0306-y","type":"journal-article","created":{"date-parts":[[2016,2,1]],"date-time":"2016-02-01T19:30:05Z","timestamp":1454355005000},"page":"1-19","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":25,"title":["Ranking information security controls by using fuzzy analytic hierarchy process"],"prefix":"10.1007","volume":"15","author":[{"given":"Hamid","family":"Khajouei","sequence":"first","affiliation":[]},{"given":"Mehdi","family":"Kazemi","sequence":"additional","affiliation":[]},{"given":"Seyed Hamed","family":"Moosavirad","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,2,1]]},"reference":[{"key":"306_CR1","volume-title":"Managing information security risks: the OCTAVE (SM) approach","author":"Ch Alberts","year":"2002","unstructured":"Alberts Ch, Dorofee A (2002) Managing information security risks: the OCTAVE (SM) approach. Addison-Wesley Professional, Boston"},{"issue":"2","key":"306_CR2","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1016\/S0167-4048(00)87829-3","volume":"19","author":"L Barnard","year":"2000","unstructured":"Barnard L, Von Solms R (2000) A formalized approach to the effective selection and evaluation of information security next term controls. Comput Secur 19(2):185\u2013194. doi: 10.1016\/S0167-4048(00)87829-3","journal-title":"Comput Secur"},{"key":"306_CR3","doi-asserted-by":"publisher","first-page":"649","DOI":"10.1016\/0377-2217(95)00300-2","volume":"95","author":"DY Chang","year":"1996","unstructured":"Chang DY (1996) Applications of extent analysis method on fuzzy AHP. Eur J Op Res 95:649\u2013655. doi: 10.1016\/0377-2217(95)00300-2","journal-title":"Eur J Op Res"},{"issue":"4","key":"306_CR4","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1080\/10580530701586136","volume":"24","author":"A Veiga Da","year":"2007","unstructured":"Da Veiga A, Eloff JHP (2007) An information security governance framework. Inf Syst Manag 24(4):361\u2013372. doi: 10.1080\/10580530701586136","journal-title":"Inf Syst Manag"},{"issue":"3","key":"306_CR5","doi-asserted-by":"publisher","first-page":"293","DOI":"10.1111\/j.1365-2575.2006.00219.x","volume":"16","author":"G Dhillon","year":"2006","unstructured":"Dhillon G, Torkzadeh G (2006) Value-focused assessment of information system security in organizations. Inf Syst 16(3):293\u2013314. doi: 10.1111\/j.1365-2575.2006.00219.x","journal-title":"Inf Syst"},{"key":"306_CR6","unstructured":"Economic Abrar (2008) Europe Union secure organization calls for reform of data protection laws. Abrar economic, financial Abrar, pp 12\u201313"},{"key":"306_CR7","doi-asserted-by":"publisher","DOI":"10.1007\/s10257-015-0276-5","volume-title":"Components of a multi-perspective modeling method for designing and managing IT security systems","author":"A Goldstein","year":"2015","unstructured":"Goldstein A, Frank U (2015) Components of a multi-perspective modeling method for designing and managing IT security systems. DOI, Inf Syst E-Bus Manag. doi: 10.1007\/s10257-015-0276-5"},{"key":"306_CR8","doi-asserted-by":"crossref","unstructured":"Harmer G (2014) Governance of enterprise IT based on COBIT 5: a management guide. IT Governance Ltd","DOI":"10.2307\/j.ctt7zsxfv"},{"key":"306_CR9","unstructured":"Institute of Standards and Industrial Research of Iran (2007) Information technology\u2014security techniques\u2014management of information and communications technology security, part I, concepts and models for information and communications technology security management. Tehran, Iran"},{"key":"306_CR10","unstructured":"International Standard Organization (2005) ISO\/IEC17799\u2014information technology-security technics\u2014code of practice for information security management. Geneva"},{"key":"306_CR11","unstructured":"International Standard Organization (2005) ISO 27001-2005: information technology\u2014security techniques\u2014information security management systems\u2014requirements. Geneva"},{"key":"306_CR12","doi-asserted-by":"crossref","unstructured":"Killmeyer J (2006) Information security architecture: an integrated approach to security in the organization. Auerbach Publications","DOI":"10.1201\/9780203488751"},{"issue":"10","key":"306_CR13","doi-asserted-by":"publisher","first-page":"1631","DOI":"10.1016\/j.jss.2007.01.015","volume":"80","author":"S Kwon","year":"2007","unstructured":"Kwon S, Jang S, Lee J, Kim S (2007) Common defects in information security management system of Korean companies. J Syst Softw 80(10):1631\u20131638. doi: 10.1016\/j.jss.2007.01.015","journal-title":"J Syst Softw"},{"key":"306_CR14","unstructured":"Office of Government Commerce (2009) ITIL V3 foundation handbook. The Stationery Office"},{"issue":"4","key":"306_CR15","doi-asserted-by":"publisher","first-page":"34","DOI":"10.5121\/ijnsa.2010.2401","volume":"2","author":"AR Otero","year":"2010","unstructured":"Otero AR, Otero CE, Qureshi A (2010) A multi-criteria evaluation of information security controls using boolean features. Int J Netw Secur Appl 2(4):34\u201345. doi: 10.5121\/ijnsa.2010.2401","journal-title":"Int J Netw Secur Appl"},{"key":"306_CR16","volume-title":"Implementing the capability maturity model","author":"JR Persse","year":"2001","unstructured":"Persse JR (2001) Implementing the capability maturity model. Wiley, London"},{"key":"306_CR17","volume-title":"Mathematical models for decision support","author":"T Saaty","year":"1988","unstructured":"Saaty T (1988) Mathematical models for decision support. Springer, Berlin"},{"issue":"4","key":"306_CR18","first-page":"60","volume":"39","author":"R Saint-Germain","year":"2005","unstructured":"Saint-Germain R (2005) Information security management best practice based on ISO\/IEC 17799. Inf Manag J 39(4):60\u201366","journal-title":"Inf Manag J"},{"key":"306_CR19","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/s10257-003-0026-y","volume":"2","author":"J Scott","year":"2004","unstructured":"Scott J (2004) Measuring dimensions of perceived e-business risks. IseB 2:31\u201355. doi: 10.1007\/s10257-003-0026-y","journal-title":"IseB"},{"key":"306_CR20","first-page":"223","volume":"6","author":"R Shuai","year":"2006","unstructured":"Shuai R, De-jun M, Ling-bo Z (2006) Model of information security evaluation based on gray analytical hierarchy process. J Comput Appl 6:223\u2013236","journal-title":"J Comput Appl"},{"key":"306_CR21","unstructured":"Systems Groups (2011) Today\u2019s new technologies, tomorrow development tools. Retrieved 12 July, 2011, from http:\/\/www.sgnec.net\/pages\/services\/security\/isms.aspx"},{"issue":"3","key":"306_CR22","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1016\/S0167-4048(03)00311-0","volume":"22","author":"H Haar Van der","year":"2003","unstructured":"Van der Haar H, Von Solms R (2003) A model for deriving information security controls attributeprofiles. Comput Secur 22(3):233\u2013244. doi: 10.1016\/S0167-4048(03)00311-0","journal-title":"Comput Secur"},{"issue":"3","key":"306_CR23","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1016\/0378-7206(94)90038-8","volume":"26","author":"R Solms Von","year":"1994","unstructured":"Von Solms R, Van der Haar H, Von Solms SH, Caelli WJ (1994) A framework for information security evaluation. Inf Manag 26(3):143\u2013153. doi: 10.1016\/0378-7206(94)90038-8","journal-title":"Inf Manag"},{"key":"306_CR24","doi-asserted-by":"publisher","unstructured":"Zhou Y. S, Wang Y. Z (2011) A multi-criteria evaluation method of information security controls. Fourth international joint conference on computational science and optimization. doi: 10.1109\/CSO.2011.43","DOI":"10.1109\/CSO.2011.43"}],"container-title":["Information Systems and e-Business Management"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10257-016-0306-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10257-016-0306-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10257-016-0306-y","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10257-016-0306-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,6,14]],"date-time":"2024-06-14T02:56:24Z","timestamp":1718333784000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10257-016-0306-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,2,1]]},"references-count":24,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2017,2]]}},"alternative-id":["306"],"URL":"https:\/\/doi.org\/10.1007\/s10257-016-0306-y","relation":{},"ISSN":["1617-9846","1617-9854"],"issn-type":[{"value":"1617-9846","type":"print"},{"value":"1617-9854","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,2,1]]}}}