{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,3]],"date-time":"2025-10-03T17:53:02Z","timestamp":1759513982169,"version":"3.41.2"},"reference-count":51,"publisher":"Emerald","issue":"2","license":[{"start":{"date-parts":[[2015,6,8]],"date-time":"2015-06-08T00:00:00Z","timestamp":1433721600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,6,8]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-heading\">Purpose<\/jats:title><jats:p>\u2013 The purpose of this paper is to analyze the cause-and-effect relationship and the mutually influential level among information security control items, as well as to provide organizations with a method for analyzing and making systematic decisions for improvement.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title><jats:p>\u2013 This study utilized the Fuzzy DEMATEL to analyze cause-and-effect relationships and mutual influence of the 11 control items of the International Organization for Standardization (ISO) 27001 Information Security Management System (ISMS), which are discussed by seven experts in Taiwan to identify the core control items for developing the improvement strategies.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Findings<\/jats:title><jats:p>\u2013 The study has found that the three core control items of the ISMS are security policy (SC1), access control (SC7) and human resource security (SC4). This study provides organizations with a direction to develop improvement strategies and effectively manage the ISMS of the organization.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title><jats:p>\u2013 The value of this study is for an organization to effectively dedicate resources to core control items, such that other control items are driven toward positive change by analyzing the cause-and-effect relation and the mutual influential level among information security control items, through a cause-and-effect matrix and a systematic diagram.<\/jats:p><\/jats:sec>","DOI":"10.1108\/ics-04-2014-0026","type":"journal-article","created":{"date-parts":[[2015,5,22]],"date-time":"2015-05-22T08:10:47Z","timestamp":1432282247000},"page":"161-177","source":"Crossref","is-referenced-by-count":10,"title":["Identifying core control items of information security management and improvement strategies by applying fuzzy DEMATEL"],"prefix":"10.1108","volume":"23","author":[{"given":"Li-Hsing","family":"Ho","sequence":"first","affiliation":[]},{"given":"Ming-Tsai","family":"Hsu","sequence":"additional","affiliation":[]},{"given":"Tieh-Min","family":"Yen","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2020122302104724100_b1","doi-asserted-by":"crossref","unstructured":"Asai, T. and Fernando, S. (2011), \u201cHuman-related problems in information security in Thai cross-cultural environments\u201d, Contemporary Management Research , Vol. 7 No. 2, pp. 117-142.","DOI":"10.7903\/cmr.6191"},{"key":"key2020122302104724100_b2","doi-asserted-by":"crossref","unstructured":"Ashenden, D. (2008), \u201cInformation security management: a human challenge?\u201d, Information Security Technical Report , Vol. 13, pp. 195-201.","DOI":"10.1016\/j.istr.2008.10.006"},{"key":"key2020122302104724100_b3","doi-asserted-by":"crossref","unstructured":"Backhouse, J. , Hsu, C.W. and Silva, L. (2006), \u201cCircuits of power in creating de jure standards: shaping an international information systems security standard\u201d, MIS Quarterly , Vol. 30, pp. 413-438.","DOI":"10.2307\/25148767"},{"key":"key2020122302104724100_b4","doi-asserted-by":"crossref","unstructured":"Chang, B. , Chang, C.W. and Wu, C.H. (2011), \u201cFuzzy DEMATEL method for developing supplier selection criteria\u201d, Expert Systems with Applications , Vol. 38 No. 3, pp. 1850-1858.","DOI":"10.1016\/j.eswa.2010.07.114"},{"key":"key2020122302104724100_b5","doi-asserted-by":"crossref","unstructured":"Chang, S.E. and Lin, C.S. (2007), \u201cExploring organizational culture for information security management\u201d, Industrial Management & Data Systems , Vol. 107 No. 3, pp. 438-458.","DOI":"10.1108\/02635570710734316"},{"key":"key2020122302104724100_b6","doi-asserted-by":"crossref","unstructured":"Colwill, C. (2009), \u201cHuman factors in information security: the insider threat-Who can you trust these days?\u201d, Information Security Technical Report , Vol. 14, pp. 186-196.","DOI":"10.1016\/j.istr.2010.04.004"},{"key":"key2020122302104724100_b7","doi-asserted-by":"crossref","unstructured":"Fekri, R. and Aliahmadi, A. (2008), \u201cIdentifying the cause and effect factors of agile NPD process with fuzzy DEMATEL method: the case of Iranian companies\u201d, Journal of Intelligent Manufacturing , Vol. 20 No. 6, pp. 637-648.","DOI":"10.1007\/s10845-008-0153-x"},{"key":"key2020122302104724100_b8","unstructured":"Fontela, E. and Gabus, A. (1976), The DEMATEL observer, DEMATEL 1976 report\u2019 , Battelle Geneva Research Center, Geneva."},{"key":"key2020122302104724100_b9","unstructured":"Gabus, A. and Fontela, E. (1973), \u201cPerceptions of the world problematique: communication procedure, communicating with those bearing collective responsibility\u201d, DEMATEL Report No. 1, Battelle Geneva Research Center, Geneva."},{"key":"key2020122302104724100_b10","doi-asserted-by":"crossref","unstructured":"Gillies, A. (2011), \u201cImproving the quality of information security management systems with ISO 27000\u201d, The TQM Journal , Vol. 23 No. 4, pp. 367-376.","DOI":"10.1108\/17542731111139455"},{"key":"key2020122302104724100_b11","unstructured":"Hagen, J.M. , Albrechtsen, E. and Hovden, J. (2008), \u201cImplementation and effectiveness of organizational information security measures\u201d, Information Security Measures , Vol. 16 No. 4, pp. 377-397."},{"key":"key2020122302104724100_b12","unstructured":"Hajime, Y. , Kenichi, I. and Hajime, M. (2005), \u201cAn innovative product development process for resolving fundamental conflicts\u201d, Journal of the Japan Society for Precision Engineering , Vol. 71 No. 2, pp. 216-222."},{"key":"key2020122302104724100_b13","doi-asserted-by":"crossref","unstructured":"Ho, L.H. , Feng, S.Y. , Lee, Y.C. and Yen, T.M. (2012), \u201cUsing modified IPA to evaluate supplier\u2019s performance: multiple regression analysis and DEMATEL approach\u201d, Expert Systems with Applications , Vol. 39 No. 8, pp. 7102-7109.","DOI":"10.1016\/j.eswa.2012.01.034"},{"key":"key2020122302104724100_b14","doi-asserted-by":"crossref","unstructured":"Hsu, C.C. (2011), \u201cEvaluation criteria for blog design and analysis of causal relationships using factor analysis and DEMATEL\u201d, Expert Systems with Application , Vol. 39 No. 1, pp. 187-193.","DOI":"10.1016\/j.eswa.2011.07.006"},{"key":"key2020122302104724100_b15","doi-asserted-by":"crossref","unstructured":"Hu, H.Y. , Lee, Y.C. and Yen, T.M. (2009a), \u201cAmend importance-performance analysis method with Kano\u2019s model and DEMATEL\u201d, Journal of Applied Sciences , Vol. 9 No. 10, pp. 1833-1846.","DOI":"10.3923\/jas.2009.1833.1846"},{"key":"key2020122302104724100_b16","doi-asserted-by":"crossref","unstructured":"Hu, H.Y. , Lee, Y.C. , Yen, T.M. and Tsai, C.H. (2009b), \u201cUsing BPNN and DEMATEL to modify importance-performance analysis model-a study of computer industry\u201d, Expert Systems with Applications , Vol. 36, pp. 9969-9979.","DOI":"10.1016\/j.eswa.2009.01.062"},{"key":"key2020122302104724100_b17","doi-asserted-by":"crossref","unstructured":"Hu, H.Y. , Lee, Y.C. and Yen, T.M. (2010), \u201cService quality gaps analysis based on Fuzzy linguistic SERVQUAL with a case study in hospital out-patient services\u201d, The TQM Journal , Vol. 22 No. 5, pp. 499-515.","DOI":"10.1108\/17542731011072847"},{"key":"key2020122302104724100_b18","doi-asserted-by":"crossref","unstructured":"Hu, H.Y. , Chiu, S.I. , Cheng, C.C. and Yen, T.M. (2011), \u201cApplying the IPA and DEMATEL models to improve the order-winner criteria: a case study of Taiwan\u2019s network communication equipment manufacturing industry\u201d, Expert Systems with Applications , Vol. 38 No. 8, pp. 9674-9683.","DOI":"10.1016\/j.eswa.2011.01.147"},{"key":"key2020122302104724100_b19","doi-asserted-by":"crossref","unstructured":"Jassbi, J. , Mohamadnejad, F. and Nasrollahzadeh, H. (2011), \u201cA fuzzy DEMATEL framework for modeling cause and effect relationships of strategy map\u201d, Expert Systems with Applications , Vol. 38 No. 5, pp. 5967-5973.","DOI":"10.1016\/j.eswa.2010.11.026"},{"key":"key2020122302104724100_b20","doi-asserted-by":"crossref","unstructured":"Karabacak, B. and Sogukpinar, I. (2006), \u201cA quantitative method for ISO 17799 gap analysis\u201d, Computers & Security , Vol. 25 No. 6, pp. 413-419.","DOI":"10.1016\/j.cose.2006.05.001"},{"key":"key2020122302104724100_b21","doi-asserted-by":"crossref","unstructured":"Kenichi, F. and Yoshihiro, N. (2002), \u201cStudy on function and failure analysis of snow melting machines\u201d, Transactions of the Japan Society of Mechanical Engineers , Vol. 68, pp. 3447-3455.","DOI":"10.1299\/kikaic.68.3447"},{"key":"key2020122302104724100_b22","doi-asserted-by":"crossref","unstructured":"Kim, Y.H. (2006), \u201cStudy on impact mechanism for beef cattle farming and importance of evaluating agricultural information in Korea using DEMATEL, PCA and AHP\u201d, Agricultural Information Research , Vol. 15 No. 3, pp. 267-280.","DOI":"10.3173\/air.15.267"},{"key":"key2020122302104724100_b23","doi-asserted-by":"crossref","unstructured":"Kraemer, S. , Carayon, P. and Clem, J. (2009), \u201cHuman and organizational factors in computer and information security: pathways to vulnerabilities\u201d, Computer & Security , Vol. 28 No. 7, pp. 509-520.","DOI":"10.1016\/j.cose.2009.04.006"},{"key":"key2020122302104724100_b51","doi-asserted-by":"crossref","unstructured":"Laarhoven, P.J.M. van and Pedrycz, W. (1983), \u201cA fuzzy extension of Saaty\u2019s priority theory\u201d, Fuzzy Sets and Systems , Vol. 11 Nos 1\/3, pp. 199-227.","DOI":"10.1016\/S0165-0114(83)80082-7"},{"key":"key2020122302104724100_b24","doi-asserted-by":"crossref","unstructured":"Lee, Y.C. , Hu, H.Y. , Yen, T.M. and Tsai, C.H. (2008a), \u201cKano\u2019s model and decision making trial and evaluation laboratory applied to order winners and qualifiers improvement: a study of the computer industry\u201d, Information Technology Journal , Vol. 7 No. 5, pp. 702-714.","DOI":"10.3923\/itj.2008.702.714"},{"key":"key2020122302104724100_b25","doi-asserted-by":"crossref","unstructured":"Lee, Y.C. , Yen, T.M. and Tsai, C.H. (2008b), \u201cUsing importance-performance analysis and decision making trial and evaluation laboratory to enhance order-winner criteria: a study of computer industry\u201d, Information Technology Journal , Vol. 7 No. 3, pp. 396-408.","DOI":"10.3923\/itj.2008.396.408"},{"key":"key2020122302104724100_b26","doi-asserted-by":"crossref","unstructured":"Lee, Y.C. , Li, M.L. , Yen, T.M. and Huang, T.H. (2010), \u201cAnalysis of adopting an integrated decision making trial and evaluation laboratory on technology acceptance model\u201d, Expert Systems with Applications , Vol. 37 No. 2, pp. 1745-1754.","DOI":"10.1016\/j.eswa.2009.07.034"},{"key":"key2020122302104724100_b27","doi-asserted-by":"crossref","unstructured":"Lee, Y.C. , Li, M.L. , Yen, T.M. and Huang, T.H. (2011), \u201cAnalysis of fuzzy decision making trial and evaluation laboratory on technology acceptance model\u201d, Expert Systems with Applications , Vol. 38 No. 12, pp. 14407-14416.","DOI":"10.1016\/j.eswa.2011.04.088"},{"key":"key2020122302104724100_b28","doi-asserted-by":"crossref","unstructured":"Li, R.J. (1999), \u201cFuzzy method in group decision making\u201d, Computers and Mathematics with Applications , Vol. 38 No. 1, pp. 91-101.","DOI":"10.1016\/S0898-1221(99)00172-8"},{"key":"key2020122302104724100_b29","doi-asserted-by":"crossref","unstructured":"Lin, C.J. and Wu, W.W. (2008), \u201cA causal analytical method for group decision-making under fuzzy environment\u201d, Expert Systems with Applications , Vol. 34 No. 1, pp. 205-213.","DOI":"10.1016\/j.eswa.2006.08.012"},{"key":"key2020122302104724100_b30","doi-asserted-by":"crossref","unstructured":"Ma, Q. , Johnston, A.C. and Pearson, J.M. (2008), \u201cInformation security management objectives and practices: a parsimonious framework\u201d, Information Management & Computer Security , Vol. 16 No. 3, pp. 251-270.","DOI":"10.1108\/09685220810893207"},{"key":"key2020122302104724100_b31","doi-asserted-by":"crossref","unstructured":"Montesino, R. , Fenz, S. and Baluja, W. (2012), \u201cSIEM-based framework for security controls automation\u201d, Information Management & Computer Security , Vol. 20 No. 4, pp. 248-263.","DOI":"10.1108\/09685221211267639"},{"key":"key2020122302104724100_b32","unstructured":"Nanayo, F. and Toshiaki, T. (2002), \u201cA new method of paired comparison by improved DEMATEL method: application to the integrated evaluation of a medical information which has multiple factors\u201d, Japan Journal of Medical Informatics , Vol. 22 No. 2, pp. 211-216."},{"key":"key2020122302104724100_b33","doi-asserted-by":"crossref","unstructured":"Opricovic, S. and Tzeng, G.H. (2003), \u201cDefuzzification within a multicriteria decision model\u201d, International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems , Vol. 11 No. 5, pp. 635-652.","DOI":"10.1142\/S0218488503002387"},{"key":"key2020122302104724100_b34","doi-asserted-by":"crossref","unstructured":"Ou Yang, Y.P. , Shieh, H.M. and Tzeng, G.H. (2011), \u201cA VIKOR technique based on DEMATEL and ANP for information security risk control assessment\u201d, Information Science , Vol. 232, pp. 482-500.","DOI":"10.1016\/j.ins.2011.09.012"},{"key":"key2020122302104724100_b35","doi-asserted-by":"crossref","unstructured":"Qi, L. , Qingling, D. , Wei, S. and Jine, Z. (2012), \u201cModeling of risk treatment measurement model under four clusters standards (ISO 9001, 14001, 27001, OHSAS 18001)\u201d, Procedia Engineering , Vol. 37, pp. 354-358.","DOI":"10.1016\/j.proeng.2012.04.252"},{"key":"key2020122302104724100_b36","unstructured":"Saint-Germain, R. (2005), \u201cInformation security management best practice based on ISO\/IEC 17799\u201d, Information Management Journal , Vol. 39 No. 4, pp. 60-66."},{"key":"key2020122302104724100_b37","doi-asserted-by":"crossref","unstructured":"Siponen, M.T. and Oinas-Kukkonen, H. (2007), \u201cA review of information security issues and respective research contributions\u201d, The Database for Advances in Information Systems , Vol. 38 No. 1, pp. 60-81.","DOI":"10.1145\/1216218.1216224"},{"key":"key2020122302104724100_b38","doi-asserted-by":"crossref","unstructured":"Stewart, G. and Lacey, D. (2012), \u201cDeath by a thousand facts criticizing the technocratic approach to information security awareness\u201d, Information Management & Computer Security , Vol. 20 No. 1, pp. 29-38.","DOI":"10.1108\/09685221211219182"},{"key":"key2020122302104724100_b39","doi-asserted-by":"crossref","unstructured":"Tamura, H. , Okanishi, H. and Akazawa, K. (2006), \u201cDecision support for extracting and dissolving consumers\u2019 uneasiness over foods using stochastic DEMATEL\u201d, Journal of Telecommunications and Information Technology , Vol. 4, pp. 91-95.","DOI":"10.26636\/jtit.2006.4.389"},{"key":"key2020122302104724100_b40","unstructured":"Treck, D. (2006), \u201cUsing systems dynamics for human resources management in information systems security\u201d, Kybernetes , Vol. 35 Nos 7\/8, pp. 1014-1023."},{"key":"key2020122302104724100_b41","doi-asserted-by":"crossref","unstructured":"Tseng, M.L. (2009), \u201cA cause-effect decision making model of service quality expectation using grey-fuzzy DEMATEL approach\u201d, Expert Systems with Applications , Vol. 36 No. 4, pp. 7738-7748.","DOI":"10.1016\/j.eswa.2008.09.011"},{"key":"key2020122302104724100_b42","doi-asserted-by":"crossref","unstructured":"Tsohou, A. , Kokolakis, S. , Lambrinoudakis, C. and Gritzalis, S. (2010), \u201cA security standard\u2019s framework to facilitate best practices\u2019 awareness and conformity\u201d, Information Management & Computer Security , Vol. 18 No. 5, pp. 350-365.","DOI":"10.1108\/09685221011095263"},{"key":"key2020122302104724100_b43","doi-asserted-by":"crossref","unstructured":"Tsohou, A. , Karyda, M. , Kokolakis, S. and Kiountouzis, E. (2012), \u201cAnalyzing trajectories of information security awareness\u201d, Information Technology & People , Vol. 25 No. 3, pp. 327-352.","DOI":"10.1108\/09593841211254358"},{"key":"key2020122302104724100_b44","doi-asserted-by":"crossref","unstructured":"Tzeng, G.H. , Chiang, C.H. and Li, C.W. (2007), \u201cEvaluating intertwined effects in e-learning programs: a novel hybrid MCDM model based on factor analysis and DEMATEL\u201d, Expert Systems with Applications , Vol. 32 No. 4, pp. 1028-1044.","DOI":"10.1016\/j.eswa.2006.02.004"},{"key":"key2020122302104724100_b45","doi-asserted-by":"crossref","unstructured":"Von Solms, B. (2006), \u201cInformation security-the fourth wave\u201d, Computers & Security , Vol. 25 No. 3, pp. 165-168.","DOI":"10.1016\/j.cose.2006.03.004"},{"key":"key2020122302104724100_b46","doi-asserted-by":"crossref","unstructured":"Wu, H.H. and Tsai, Y.N. (2011), \u201cA DEMATEL method to evaluate the causal relations among the criteria in auto spare parts industry\u201d, Applied Mathematics and Computation , Vol. 218 No. 5, pp. 2334-2342.","DOI":"10.1016\/j.amc.2011.07.055"},{"key":"key2020122302104724100_b47","doi-asserted-by":"crossref","unstructured":"Wu, W.W. (2012), \u201cSegmenting critical factors for successful knowledge management implementation using the fuzzy DEMATEL method\u201d, Applied Soft Computing , Vol. 12 No. 1, pp. 527-535.","DOI":"10.1016\/j.asoc.2011.08.008"},{"key":"key2020122302104724100_b48","doi-asserted-by":"crossref","unstructured":"Wu, W.W. and Lee, Y.T. (2007), \u201cDeveloping global managers\u2019 competencies using fuzzy DEMATEL method\u201d, Expert Systems with Applications , Vol. 32 No. 4, pp. 499-507.","DOI":"10.1016\/j.eswa.2005.12.005"},{"key":"key2020122302104724100_b49","doi-asserted-by":"crossref","unstructured":"Zadeh, L.A. (1965), \u201cFuzzy sets\u201d, Information and Control , Vol. 8, pp. 338-353.","DOI":"10.1016\/S0019-9958(65)90241-X"},{"key":"key2020122302104724100_b50","doi-asserted-by":"crossref","unstructured":"Zhou, Q. , Huang, W. and Zhang, Y. (2011), \u201cIdentifying critical success factors in emergency management using a fuzzy DEMATEL method\u201d, Safety Science , Vol. 49 No. 2, pp. 243-252.","DOI":"10.1016\/j.ssci.2010.08.005"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-04-2014-0026","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-04-2014-0026\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-04-2014-0026\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:49Z","timestamp":1753406569000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/23\/2\/161-177\/119723"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,6,8]]},"references-count":51,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2015,6,8]]}},"alternative-id":["10.1108\/ICS-04-2014-0026"],"URL":"https:\/\/doi.org\/10.1108\/ics-04-2014-0026","relation":{},"ISSN":["2056-4961"],"issn-type":[{"type":"print","value":"2056-4961"}],"subject":[],"published":{"date-parts":[[2015,6,8]]}}}