{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,2]],"date-time":"2026-05-02T06:47:56Z","timestamp":1777704476928,"version":"3.51.4"},"reference-count":43,"publisher":"SAGE Publications","issue":"5","license":[{"start":{"date-parts":[[2020,3,6]],"date-time":"2020-03-06T00:00:00Z","timestamp":1583452800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Intelligent &amp; Fuzzy Systems"],"published-print":{"date-parts":[[2020,5,29]]},"abstract":"<jats:p>The organizations utilizing the cloud computing services are required to select suitable Information Security Controls (ISCs) to maintain data security and privacy. Many organizations bought popular products or traditional tools to select ISCs. However, selecting the wrong information security control without keeping in view severity of the risk, budgetary constraints, measures cost, and implementation and mitigation time may lead to leakage of data and resultantly, organizations may lose their user\u2019s information, face financial implications, even reputation of the organization may be damaged. Therefore, the organizations should evaluate each control based on certain criteria like implementation time, mitigation time, exploitation time, risk, budgetary constraints, and previous effectiveness of the control under review. In this article, the authors utilized the methodologies of the Multi Criteria Decision Making (MCDM), Analytic Hierarchy Process (AHP) and Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) to help the cloud organizations in the prioritization and selection of the best information security control. Furthermore, a numerical example is also given, depicting the step by step utilization of the method in cloud organizations for the prioritization of the information security controls.<\/jats:p>","DOI":"10.3233\/jifs-179692","type":"journal-article","created":{"date-parts":[[2020,3,6]],"date-time":"2020-03-06T10:49:38Z","timestamp":1583491778000},"page":"6075-6088","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":10,"title":["Combination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment"],"prefix":"10.1177","volume":"38","author":[{"given":"Muhammad Imran","family":"Tariq","sequence":"first","affiliation":[{"name":"Department of Computer Science, the Superior University, Lahore, Pakistan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shahzadi","family":"Tayyaba","sequence":"additional","affiliation":[{"name":"Deparment of Computer Engineering, the University of Lahore, Lahore, Pakistan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Natash","family":"Ali Mian","sequence":"additional","affiliation":[{"name":"School of Computer and Information Technology, Beaconhouse National University, Lahore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Muhammad Shahzad","family":"Sarfraz","sequence":"additional","affiliation":[{"name":"Department of Computer Science, National University of Computer and Emerging Sciences, Islamabad, Chiniot-Faisalabad Campus, Pakistan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Emiro","family":"De-la-Hoz-Franco","sequence":"additional","affiliation":[{"name":"Universidad De La Costa, CUC, Colombia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shariq Aziz","family":"Butt","sequence":"additional","affiliation":[{"name":"Deparment of Computer Engineering, the University of Lahore, Lahore, Pakistan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vito","family":"Santarcangelo","sequence":"additional","affiliation":[{"name":"iInformatica S.r.l.s. \u2013 Corso Italia 77 Trapani"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dana V.","family":"Rad","sequence":"additional","affiliation":[{"name":"Aurel Vlaicu University of Arad, Romania"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","published-online":{"date-parts":[[2020,3,6]]},"reference":[{"key":"e_1_3_1_2_2","doi-asserted-by":"crossref","unstructured":"BarabanovA. MarkovA. and TsirlovV. Information Security Controls against Cross-Site Request Forgery Attacks on Software Applications of Automated Systems in: IOP Publishing (2018) pp. 042034.","DOI":"10.1088\/1742-6596\/1015\/4\/042034"},{"key":"e_1_3_1_3_2","doi-asserted-by":"crossref","unstructured":"PricopE. MihalacheS.F. ParaschivN. FattahiJ. and ZamfirF. Considerations regarding security issues impact on systems availability in: 2016 8th International Conference on Electronics Computers and Artificial Intelligence (ECAI) IEEE (2016) pp. 1\u20136.","DOI":"10.1109\/ECAI.2016.7861110"},{"key":"e_1_3_1_4_2","doi-asserted-by":"crossref","unstructured":"PricopE. and MihalacheS.F. Assessing the security risks of a wireless sensor network from a gas compressor station in: IEEE (2014) pp. 45\u201350.","DOI":"10.1109\/ECAI.2014.7090209"},{"key":"e_1_3_1_5_2","doi-asserted-by":"publisher","DOI":"10.14257\/ijfgcn.2018.11.4.01"},{"key":"e_1_3_1_6_2","unstructured":"TariqM.I. TayyabaS. AshrafM.W. RasheedH. and KhanF. Analysis of NIST SP 800-53 Rev. 3 Controls Effectiveness for Cloud Computing in: 1st National Conference on Emerging Trends and Innovations in Computing & Technology Bahria University Karachi Karachi (2016) pp. 88\u201392."},{"key":"e_1_3_1_7_2","first-page":"209","article-title":"Towards information security metrics framework for cloud computing","volume":"1","author":"Tariq M.I.","year":"2012","unstructured":"TariqM.I., Towards information security metrics framework for cloud computing, International Journal of Cloud Computing and Services Science1 (2012), 209.","journal-title":"International Journal of Cloud Computing and Services Science"},{"key":"e_1_3_1_8_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10257-016-0306-y"},{"key":"e_1_3_1_9_2","article-title":"Risk Based NIST Effectiveness Analysis for Cloud Security","volume":"10","author":"Tariq M.I.","year":"2017","unstructured":"TariqM.I., TayyabaS., AshrafM.W. and RasheedH., Risk Based NIST Effectiveness Analysis for Cloud Security, Bahria University Journal of Information & Communication Technologies (BUJICT)10 (2017).","journal-title":"Bahria University Journal of Information & Communication Technologies (BUJICT)"},{"key":"e_1_3_1_10_2","doi-asserted-by":"crossref","unstructured":"TariqM.I. TayyabaS. RasheedH. and AshrafM.W. Factors influencing the Cloud Computing adoption in Higher Education Institutions of Punjab Pakistan in: IEEE (2017) pp. 179\u2013184.","DOI":"10.1109\/C-CODE.2017.7918925"},{"key":"e_1_3_1_11_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.accinf.2016.01.004"},{"key":"e_1_3_1_12_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2929169"},{"key":"e_1_3_1_13_2","article-title":"Agent Based Information Security Framework for Hybrid Cloud Computing","volume":"13","author":"Tariq M.I.","year":"2019","unstructured":"TariqM.I., Agent Based Information Security Framework for Hybrid Cloud Computing, KSII Transactions on Internet & Information Systems13 (2019).","journal-title":"KSII Transactions on Internet & Information Systems"},{"key":"e_1_3_1_14_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.inffus.2018.12.002"},{"key":"e_1_3_1_15_2","doi-asserted-by":"crossref","unstructured":"TrivediA. JhaS. ChoudharyS. and ShandleyR. Fuzzy TOPSIS Multi-criteria Decision Making for Selection of Electric Molding Machine in: Innovations in Computer Science and Engineering Springer (2019) pp. 325\u2013332.","DOI":"10.1007\/978-981-10-8201-6_37"},{"key":"e_1_3_1_16_2","doi-asserted-by":"crossref","unstructured":"JavaidB. ArshadM.A. AhmadS. and KazmiS.A.A. Comparison of Different Multi Criteria Decision Analysis Techniques for Performance Evaluation of Loop Configured Micro Grid in: IEEE (2019) pp. 1\u20137.","DOI":"10.1109\/ICOMET.2019.8673536"},{"key":"e_1_3_1_17_2","doi-asserted-by":"crossref","unstructured":"SaatyT.L. What is the analytic hierarchy process? in: Mathematical Models for Decision Support Springer (1988) pp. 109\u2013121.","DOI":"10.1007\/978-3-642-83555-1_5"},{"key":"e_1_3_1_18_2","doi-asserted-by":"publisher","DOI":"10.1016\/0022-2496(77)90033-5"},{"key":"e_1_3_1_19_2","unstructured":"SaatyT.L. The analytical hierarchy process planning priority Resource Allocation. RWS Publications USA. (1980)."},{"key":"e_1_3_1_20_2","doi-asserted-by":"publisher","DOI":"10.1504\/IJSSCI.2008.017590"},{"key":"e_1_3_1_21_2","doi-asserted-by":"publisher","DOI":"10.3233\/IFS-120653"},{"key":"e_1_3_1_22_2","unstructured":"PandeyP. and LitoriyaR. Fuzzy AHP based identification model for efficient application development Journal of Intelligent & Fuzzy Systems (n.d.) 1\u201312."},{"key":"e_1_3_1_23_2","doi-asserted-by":"publisher","DOI":"10.1007\/s00170-004-2436-5"},{"key":"e_1_3_1_24_2","doi-asserted-by":"publisher","DOI":"10.3233\/JIFS-161973"},{"key":"e_1_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2008.05.005"},{"key":"e_1_3_1_26_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2014.03.014"},{"key":"e_1_3_1_27_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2015.02.035"},{"key":"e_1_3_1_28_2","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(00)87829-3"},{"key":"e_1_3_1_29_2","doi-asserted-by":"crossref","unstructured":"OteroA.R. TejayG. OteroL.D. and Ruiz-TorresA.J. A fuzzy logic-based information security control assessment for organizations in: IEEE (2012) pp. 1\u20136.","DOI":"10.1109\/ICOS.2012.6417640"},{"key":"e_1_3_1_30_2","unstructured":"EjniouiA. OteroA.R. TejayG. OteroC. and QureshiA. A Multi-attribute Evaluation of Information Security Controls in Organizations Using Grey Systems Theory in: The Steering Committee of The World Congress in Computer Science Computer . . . (2012) pp. 1."},{"key":"e_1_3_1_31_2","doi-asserted-by":"publisher","unstructured":"BreierJ. and HudecL. On Selecting Critical Security Controls in: 2013 International Conference on Availability Reliability and Security IEEE Regensburg Germany (2013) pp. 582\u2013588. doi:10.1109\/ARES.2013.77","DOI":"10.1109\/ARES.2013.77"},{"key":"e_1_3_1_32_2","doi-asserted-by":"publisher","unstructured":"LvJ.J. ZhouY.S. and WangY.Z. A Multi-criteria Evaluation Method of Information Security Controls in: 2011 Fourth International Joint Conference on Computational Sciences and Optimization (2011) pp. 190\u2013194. doi:10.1109\/CSO.2011.43","DOI":"10.1109\/CSO.2011.43"},{"key":"e_1_3_1_33_2","doi-asserted-by":"publisher","DOI":"10.5121\/ijnsa.2010.2401"},{"key":"e_1_3_1_34_2","doi-asserted-by":"publisher","DOI":"10.5120\/15482-4222"},{"key":"e_1_3_1_35_2","unstructured":"OteroA.R. An Information Security Control Assessment Methodology for Organizations (2014) 176."},{"key":"e_1_3_1_36_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.accinf.2015.06.001"},{"key":"e_1_3_1_37_2","doi-asserted-by":"publisher","DOI":"10.4018\/jdtis.2011070103"},{"key":"e_1_3_1_38_2","unstructured":"MuiyuroA.M. An Information technology controls evaluation prototype for financial institutions in Kenya (2017)."},{"key":"e_1_3_1_39_2","doi-asserted-by":"crossref","unstructured":"Llans\u00f3T. CIAM: A data-driven approach for selecting and prioritizing security controls in: IEEE (2012) pp. 1\u20138.","DOI":"10.1109\/SysCon.2012.6189500"},{"key":"e_1_3_1_40_2","doi-asserted-by":"publisher","DOI":"10.1080\/12460125.2018.1468177"},{"key":"e_1_3_1_41_2","unstructured":"WaxlerJ. Prioritizing Security Controls Using Multiple Criteria Decision Making for Home Users (2018)."},{"key":"e_1_3_1_42_2","unstructured":"ChooK.K. MubarakS. and ManiD. Selection of information security controls based on AHP and GRA in: Pacific Asia Conference on Information Systems 2014."},{"key":"e_1_3_1_43_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2016.09.261"},{"key":"e_1_3_1_44_2","article-title":"The analytic hierarchy process McGraw-Hill,","volume":"324","author":"Saaty T.L.","year":"1980","unstructured":"SaatyT.L., The analytic hierarchy process McGraw-Hill,, New York324 (1980).","journal-title":"New York"}],"container-title":["Journal of Intelligent &amp; Fuzzy Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JIFS-179692","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JIFS-179692","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JIFS-179692","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T09:41:18Z","timestamp":1777455678000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JIFS-179692"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,3,6]]},"references-count":43,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2020,5,29]]}},"alternative-id":["10.3233\/JIFS-179692"],"URL":"https:\/\/doi.org\/10.3233\/jifs-179692","relation":{},"ISSN":["1064-1246","1875-8967"],"issn-type":[{"value":"1064-1246","type":"print"},{"value":"1875-8967","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,3,6]]}}}