Using Fuzzy Methodology To Mapping ITIL Security KPIs To ISMS

2012 Journal of Computing Press, NY, USA, ISSN 2151-9617
http://sites.google.com/site/journalofcomputing/
Using Fuzzy Methodology to Mapping ITIL
Security KPIs to ISMS
Nasibeh Mohammadi, Nasser Modiri, Pantea Arya, Afshin Rezakhani

Abstract Security management in Information Technology Infrastructure Library (ITIL) is a number of Key process Indicators (KPIs) that are
unclear. In this paper, we propose to create a new framework for mapping ITIL security KPIs to related KPIs in Information Security Management
System (ISMS). For this mapping is utilized from fuzzy algorithm as named fuzzy Analytic Hierarchy Process (fuzzy AHP). This algorithm obtains
the priority of ISMS KPIs that is related to ITIL security management KPIs. With this algorithm the Prioritization in the ISMS KPIs will be possible.
The most advantage of this method is creating the collaborative platform between ITIL and ISMS KPIs. Other benefit of this methodology is
improving the security in the enterprises that implement ITIL. With this approach, enterprises managers will be able to decide accurately in apply
ISMS KPIs in ITIL implementation.
Index Terms Fuzzy AHP, ISMS, ITIL, KPIs.
1. INTRODUCTION
ue to enhanced focus on the customer in the planning,
development and delivery of information services, IT
service management has become increasingly
important. These days IT management is focusing
particularly on the de facto standard ITIL (IT Infrastructure
Library) for implementing IT service management [1].
Unfortunately, the most of enterprises managers think that
they must get ISO 27000 standard (ISMS) into their
organization to implement security indicators directly; but
they dont know that can utilize ISMS KPIs beside ITIL
framework, because ITIL in security management scope have
several KPIs. But these KPIs are not clear and they are
described ambiguously. This article suggest a new
methodology for persuade the managers to apply ISMS KPIs
in the ITIL implementation. Because the enterprises
managers have some limitations in understanding the
meaning of each security KPI in ITIL, our method help
managers to decide for mapping each ITIL security KPI to
one or more KPIs in ISMS accurately and correctly.
A few researches have been done in creating collaborative
platform between ITIL and ISMS. For example, Jim Clinch in
his research considered ITIL KPIs and ISMS KPIs and
mapping all ITIL KPIs to ISMS generally [2]. James Doss also
considered approaches to integrating other Frameworks and
Methodologies Complementary to ITIL [3]. All of these
researches did their ideas in mapping ITIL KPIs to ISMS
ambiguously and without any clarity in implementation.
We propose a new method that is based on a fuzzy
algorithm (in decision) that enables the managers to have
accurate decision to mapping each security KPI in ITIL into
one or more KPIs in ISMS.
2. ITIL FRAMEWORK
ITIL (IT Infrastructure Library) provides a framework of Best
Practice guidance for IT Service Management and since its creation,
ITIL has grown to become the most widely accepted approach to IT
Service Management in the world.
Figure 1. ITIL Life Cycle[5]

Guide describes the key principles of IT Service Management
and provides a high-level overview of each of the core
publications within ITIL [4]:
Service Strategy
Service Design
Service Transition

Department of Computer Engineering, Islamic Azad University, Arak
Branch, Arak, Iran.
Department of Computer Engineering, Islamic Azad University, Zanjan
Branch, Zanjan, Iran.
Department of Computer Engineering, Islamic Azad University, Tehran
Center, Tehran, Iran.
Department of Computer Engineering, Ayatollah Boroujerdi University,
Boroujerd, Iran.

D
JOURNAL OF COMPUTING, VOLUME 4, ISSUE 3, MARCH 2012, ISSN 2151-9617
https://sites.google.com/site/journalofcomputing
WWW.JOURNALOFCOMPUTING.ORG 1

Service Operation
Continual Service Improvement
2.1 Service Strategy
The Service strategy volume provides guidance on how to
design, develop, and implement service management not
only as an organizational capability but also as a strategic
asset [6].
2.2 Service Design
The Service Design publication provides guidance for the
design and development of services and Service
Management processes [7].
2.3 Service Transition
The Service Transition publication provides guidance for the
development and improvement of capabilities for
transitioning new and changed services into operations [8].
2.4 Service Operation
This volume embodies practices in the management of
Service Operations. It includes guidance on achieving
effectiveness and efficiency in the delivery and support of
services so as to ensure value for the customer and the
service provider [9].
2.5 Continual Service Improvement
This volume provides instrumental guidance in creating and
maintaining value for customers through better design,
introduction and operation of services [10].
2.6. Information Security Management KPIs in ITIL
In this section we consider the security KPIs in ITIL. These KPIs
show in below [7]:

The production, maintenance, distribution and enforcement of an
Information Security Policy and supporting security policies
Understanding the agreed current and future security
requirements of the business and the existing Business Security
Policy and plans
Implementation of a set of security controls that support the
Information Security Policy and manage risks associated with
access to services, information and systems
Documentation of all security controls, together with the
operation and maintenance of the controls and their associated
risks
Management of suppliers and contracts regarding access to
systems and services, in conjunction with Supplier Management
Management of all security breaches and incidents associated
with all systems and services
The proactive improvement of security controls, and security risk
management and the reduction of security risks
Integration of security aspects within all other IT SM processes.

3. ISMS
ISO/IEC 27000:2009 provides an overview of information
security management systems, which form the subject of the
information security management system (ISMS) family of
standards, and defines related terms. As a result of
implementing ISO/IEC 27000:2009, all types of organization
(e.g. commercial enterprises, government agencies and non-
profit organizations) are expected to obtain [11]:

An overview of the ISMS family of standards;
An introduction to information security management
systems (ISMS);
A brief description of the Plan-Do-Check-Act (PDCA)
process; and
An understanding of terms and definitions in use
throughout the ISMS family of standards. And
The ISMS is divided from eleven general scopes as below:

Table 1. ISMS Scope
Security Policy
Organization of Information Security
Asset Management
Human Resource Security
Physical & Environmental Security
Communications & Operations Management
Access Controls
Information System Acquisition, Development and
Maintenance
Information Security Incident Management
Business Continuity Management
Compliance

4. FUZZY AHP
Fuzzy set, in decision making problem, is the most important
in the usage of comparison with classic set theory [12]. In
fact, the theory of fuzzy decision making efforts to model the
ambiguity that is exists in decision making problem. AHP
was proposed by Saaty in 1980 [13]. It is a multi criteria
decision making method for unstructured problems. It is an
approach that uses a hierarchical model having levels of goal,
criteria, possible sub-criteria, and alternatives. The AHP
divides the decision problem into the following main steps
[14]:
1. Problem structuring;
2. Assessment of local priorities;
3. Calculation of global priorities;
Generally, the fuzzy AHP is divided to four steps. These
steps are showing in Figure2.

WWW.JOURNALOFCOMPUTING.ORG 2


Figure 2. Fuzzy AHP Requirements and Results

As you can see in above figure, the fuzzy AHP is divided in
four steps. In step1 is created hierarchical structure for
problems. In step2we obtain pair wise comparison matrixes.
In step3 the Relative Weights of the elements is estimated. To
calculating step3 must use of Changs fuzzy extent analysis
[15]. Finally in last step the relative Weights for priority of
alternatives is aggregated. In below sub section, above steps
will be considered accurately.

4.1TheExplanationofStep1
Inthisstep,forbetterunderstandinganAHPproblem,inthe
first,isrequiredtodeterminethedifferentlevelsofproblem
andtherelationbetweenthecomponentsineachlevelwith
upperlevelgraphically.Belowfigureshowstheschemaof
hierarchicalstructureofprobleminfirststepinfuzzyAHP.
Figure2.HierarchicalstructureofProblems
As it can be seen in above figure, hierarchical structure is
divided in three levels. This diagram shows the graphical
schemaofproblem.
4.2TheexplanationofStep2
Inthisstepisdeterminedthepairwisecomparisonmatrixin
basedontheideaofdecisionmaker.Thisworkisdonefor
eachlevelofcomponenttowardtheupperlevelinseparate
matrixesthatcanbeseenbelow:
Creating pair wise comparison matrix for each
alternativetowardeachcriteria.
Creating pair wise comparison matrix for each
criteriatowardgoal.
Each of elements in pairwise comparison matrix is shown
with the name ofo
,]
thatdetermine the relative importance
of element i toward element j. The values of o
,]
is
calculated from below table that these values are Triangular
fuzzynumbers.
Table2.Similarfuzzynumberswithpreferenceinthepaired
comparisons[16]
Statement Triangularfuzzy
number
AbsolutelyStronger
(
5
2
, 3 ,
7
2
)
VeryStronger
(2 ,
5
2
, 3 )
Stronger
(
3
2
, 2 ,
5
2
)
Low
(1 ,
3
2
, 2 )
ApproximatelyEqual
(
1
2
, 1 ,
3
2
)
ExactlyEqual (1 , 1 , 1 )
All of the elements on original diameter in pair wise

comparisonmatrixare(1,1,1)then
Mji=( Nij )
-1
=( Lij, Nij, 0ij )
-1
=(
1
UIj
,
1
MIj
,
1
LIj
)
Twoexamplesofpairwisecomparisonmatrixarebelow:
Figure3.Anexampleofpairwisecomparisonmatrix
WWW.JOURNALOFCOMPUTING.ORG

(AlternativetowardCriteria)
Figure4.Anexampleofpairwisecomparisonmatrix
(Criteriatowardgoal)
For applying the process, according to the method of
Changs extent analysis [15], each criterion is taken and
extent analysis for each criterion, g
; is performed
respectively. Therefore, m extent analysis values for each
criterioncanbeobtainedbyusingfollowingnotation.
H
g
i
1
, H
g
i
2
, H
g
i
3
, , H
g
i
m
isthegoalset(i=1,2,3,4,5,,n)andalltheH
g
i
]
(] =
1, 2, S, 4, S, . . . . . . . . , m)areTriangularFuzzyNumbers(TFNs).
The steps of Changs analysis can be given as in the
following:
Substep1: The fuzzy synthetic extent value with respect
totheithcriterionisdefined.
Si = N
g
j
m
j=1
|N
g
j
m
j=1
n
I=1
]
-1
ANDIF N
G
I
]
=(LIJ,MIJ,UIJ)THEN
N
G
I
] M
]=1
=(LI1,MI1,UI1) (LI2,MI2,UI2) (LIM,MIM,
UIM)=( li], mi]
m
]=1
m
]=1
, ui]
m
]=1
)=(lt
, mt , ut )
_N
g
j
m
j=1
n
I=1
_
-1
= _
1
ut
n
I=1
,
1
mt
n
I=1
,
1
lt
n
I=1
_
THEREFORE: SI =( lt
, mt , ut ) (
1
ui
N
I=1
,
1
mi
N
I=1
,
1
Ii
N
I=1
) =(LI, MI,
UI)
Substep2: The degree of conceivability of S
on S
k

If S
= (li, mi, ui) and S

k
= (lk, mk, uk) then Degree priority
S
on S
k
is calculated as follows:
V (S
S
k
) =SUP (min|p
S
i
(x), p
S
k
(y)]) that for Triangular fuzzy
numbers as follows:
V(S
S
k
)=p
S
i
(u) = _
1
1
Ik-u
(m,-u)-(mk-Ik)

if ( mi mk)
if ( lk ui)
otheiwise

Figure5.IntersectionPointBetween
S
k
and
S
|
[17]
AscanbeseeninFigure5,disthelargestintersectionpoint
betweenp
S
k
andp
S
i
.
Substep3: The degree of conceivability for a convex

fuzzy number to be greater than k convex fuzzy
numbersS
= i = 1, , kisdefinedasfollows:
V(S S
1,
S
2,
, S
k,
)=V((S S
1,
),(S S
2
),,(S S
k
))=minV(S
S
k,
)i = 1, , k
ifJ
(A
)= minV(S
S
k
) for (k=1,2,,n k= i) Then the
weightvectorisgiven:
w =(J
(A
1
), J
(A
2
), , J
(A
n
))
Substep4: Via normalizationw vector, the normalized

weightvectorsaregiven[17]:
W=(J(A
1
), J(A
2
), , J(A
n
))
Inlaststepwemustcalculatethefinalweightsofalternatives
that are determined by the combination of weights. These
weightswereobtainedofthepreviousstep.
5. PROPOSED APPROACH
As we explained the ITIL framework and ISMS in above
sections, ITIL is a standard framework to manage IT services
inenterprises.Intheotherhand,ISMShaveviewpointsinthe
security problems in enterprises. Unfortunately, some of
managers think that the implementation of ISMS in their
enterprises is sufficient without the ITIL implementation.
While ISMS only have viewpoints, we can use from ISMS
KPIs in the implementation of ITIL security KPIs. These two
standardstogethercanbesufficientandhelptomanagement
ofimplementallITservicesinenterprise.

We propose to determine the number of ISMS KPIs that are
equivalent to each ITIL security KPI and we place them to
different categories in based on each ITIL security KPI. Each
category is entered in fuzzy AHP technique as alternatives.
Then, the preferred amount of alternatives and effective
factors (criteria) is determined by managers viewpoints and
fuzzy table. Finally, the KPIs that exist in each category are
ranking. These priorities must be calculated for each
category.We explain suggested methodology in under
sections.Insection5.1theelectionofISMSKPIsisconsidered.
In section 5.2.1 the creating of hierarchical structure is
obtained. In section 5.2.2 pair wise comparison matrix is
calculated. In section 5.2.3 the relative weight of criteria and
alternatives is calculated and finally in the last section the
priorityofISMSKPIsineachITILsecurityKPIisestimated.
5.1.TheElectionofISMSKPIs
Inthissection,weconsidertheISMSKPIsthatareequivalent
with each ITIL security KPI. However, the obtain all of
related KPIs is a lot. So, we find a number of these
dependencies in one the ITIL security KPI. Table3 show an
exampleofthismapping.
Table3.AnExampleofMappingITILKPItoISMSKPIs
ITILKPI ISMSKPIs[18]
Theproduction,
maintenance,
distributionand
enforcementof
anInformation
SecurityPolicy
andsupporting
securitypolicies
1. Establishacomprehensive
informationsecuritypolicy.
2. Makesurethatyourinformation
securitypolicyprovidescleardirection
foryourinformationsecurityprogram.
3. Makesurethatyourinformation
securitypolicyshowsthatyour
managementiscommittedto
informationsecurity.
4. Makesurethatyourmanagement
supportsyourorganizationsinformation
securitypolicy.
5.2.UseofFuzzyAHP
FuzzyAHPprocessisexplainedinbelowsubsections:
5.2.1 .CreatingHierarchicalStructure
AfterfindingtheISMSKPIsinlastsection,wemustcreatea
hierarchical structure of each category.The goal level is the
priorityofISMSKPIsineachcategory.Also,Criterialevelis
filled by effective factors on ISMS KPIs in each category.
Finally alternatives are completed by ISMS KPIs that is
obtained from above section. Further explanation is that
effectivefactorsareobtainedbyinterviewwithmanagers.
Now, we consider a real example. Because the ISMS KPIs in
eachcategoryarealot,weassumethatexistbelowmapping.
So,wecreatehierarchicalstructurefortheseKPIsonlyinone
category.
Table4.AsamplerealExampleofMappingITILKPItoISMS
inacategory
ITILSecurityKPI ISMSKPIs[18]
ITIL_KPI(The
production,maintenance,
distributionand
enforcementofan
InformationSecurity
Policyandsupporting
securitypolicies)
KPI_1(Establisha
comprehensive
informationsecurity
policy)
KPI_2(Makesurethat
yourinformationsecurity
policyprovidesclear
directionforyour
informationsecurity
program)
KPI_3(Makesurethat
yourinformationsecurity
policyshowsthatyour
managementiscommitted
toinformationsecurity)
Figure7showsthehierarchicalstructureforaboveKPIs.For
clearexplanation,weuseabbreviationformofaboveKPIs.
Figure6.CreatingHierarchicalStructure
5.2.2.CreatingPairwiseComparisonMatrix
For doing this step, we must create four matrixes that is
shown in below figures. Matrixes values are determined by
table2andinterviewwithmanagers.



Matrix1: The KPIs Pair wise
Comparison Matrix according to
Cost

Stability

Risk Management
Matrix4: The Criterias Pair wise
goal
Figure7.TheMatrixofPairwiseComparison(Alternatives
andCriteria)
5.2.3. Calculating the Relative Weight of Criteria and

Alternatives
we must obtain relative weight by Chang method. Because
the calculating are more, we obtain the relative weights
between KPI_1, KPI_2, KPI_3 and cost criteria exactly and
thenotherweightsalsowillbecalculated.
RelativeWeightsofMatrix1:
N
g
1
j
3
]=1
=(1,1,1)(1/5,2,2/5)(2,5/2,3)=(3.2,5.5,4.4)
N
g
2
j
3
]=1
=(5/2,1/2,5)(1,1,1) (1/2,1,3/2)=(4,2.5,7.5)
N
g
3
j
3
]=1
=(1/3,2/5,1/2)(2/3,1,2)(1,1,1)=(1.9,2.4,3.5)

3
=1
N
g
1
j
3
]=1
= (3.2,5.5,4.4) (4,2.5,7.5) (1.9,2.4,3.5) =
(9.1,10.4,15.4)
(
3
=1
N
g
1
j
3
]=1
)
-1
=(
1
15.4
,
1
10.4
,
1
9.1
)=(0.065,0.096,0.110)
The relative weight of KPI_1 according to cost (S1) = (0.208,
0.528,0.484)
The relative weight of KPI_2 according to cost (S2) =
(0.26,0.24,0.825)
The relative weight of KPI_3 according to cost (S3) =(0.123,
0.230,0.385)
The relative weight of KPI_1 according to stability(S1)

=(0.172,0.327,0.596)
The relative weight of KPI_2 according to
stability(S2)=(0.223,0.381,0.745)
The relative weight of KPI_3 according to
stability(S3)=(0.180,0.283,0.372)
The relative weight of KPI_1 according to risk
management(S1)=(0.342,0.528,0.572)
management(S2)=(0.144,0.24,0.272)
management(S3)=(0.144,0.230,0.308)
The relative weight for criteria of cost toward goal (S1) =
(0.342,0.528,0.078)
The relative weight of stabilitys criteria according to
goal(S2)=(0.136,0.230,0.360)
The relative weight of risk managements criteria according
togoal(S3)=(0.152,0.240,0.432)
5.2.4.Calculatingtheconceivabilitydegree
Accordingtoformulasthatwereexplainedinsection4.4,the
conceivabilitydegreesofMatrixesarelikethese:
TheconceivabilitydegreeofMatrix1:
V(S
1
S
2
)=1
V(S
2
S
1
)=
0.208-0.825
(0.240-0.825)-(0.528-0.208)
=0.352
V(S
1
S
3
)=1V(S
3
S
1
)=0.652
V(S
2
S
3
)=1V(S
3
S
2
)=0.925
V(S
1
S
2
)=0.873V(S
2
S
1
)=1V(S
1
S
3
)=1
V(S
3
S
1
)=0.819V(S
2
S
3
)=1V(S
3
S
2
)=0.603
V(S
1
S
2
)=1V(S
2
S
1
)=1V(S
1
S
3
)=1
V(S
3
S
1
)=1V(S
2
S
3
)=1V(S
3
S
2
)=0.942
V(S
1
S
2
)=1V(S
2
S
1
)=0.056V(S
1
S
3
)=1
V(S
3
S
1
)=0.238V(S
2
S
3
)=0.954V(S
3
S
2
)=1
5.2.5.Calculatingtheconceivabilitydegreeforaconvex
fuzzynumbers
Theconceivabilitydegreeforconvexfuzzynumbersin
Matrix1:
V(S
1
S
2,
S
3
)=min(V(S
1
S
2
),V(S
1
S
3
))=min(1,1)=1
V(S
2
S
1,
S
3
)=min(V(S
2
S
1
),V(S
2
S
3
))=min(0.352,1)=0.352
V(S
3
S
1,
S
2
)=min(V(S
3
S
1
),V(S
3
S
2
))=min(0.652
,0.925)=0.652
Then,w
iscalculatedfromthreeabovelines.
So,w=(1,0.352,0.652)

Matrix2:
V(S
1
S
2,
S
3
)=min(V(S
1
S
2
),V(S
1

S
3
))=min(0.873,1)=0.873
V(S
2
S
1,
S
3
)=min(V(S
2
S
1
),V(S
2
S
3
))=min(1,1)=1
V(S
3
S
1,
S
2
)=min(V(S
3
S
1
),V(S
3
S
2
))=min(0.819
,0.603)=0.603
So,w
=(0.873,1,0.603)
Matrix3:
V(S
1
S
2,
S
3
)=min(V(S
1
S
2
),V(S
1
S
3
))=min(1,1)=1
V(S
2
S
1,
S
3
)=min(V(S
2
S
1
),V(S
2
S
3
))=min(1,1)=1
V(S
3
S
1,
S
2
)=min(V(S
3
S
1
),V(S
3

S
2
))=min(1,0.942)=0.942
So,w
=(1,1,0.942)
Matrix4:
V(S
1
S
2,
S
3
)=min(V(S
1
S
2
),V(S
1
S
3
))=min(1,1)=1
V(S
2
S
1,
S
3
)=min(V(S
2
S
1
),V(S
2

S
3
))=min(0.056,0.954)=0.056
V(S
3
S
1,
S
2
)=min(V(S
3
S
1
),V(S
3

S
2
))=min(0.238,1)=0.238
So,w
=(1,0.056,0.238)
5.2.6.TheNormalizationw vector
Iftheweightvectorw
isdefinedasbelow:
w
=(J(A
1
)
, J(A
2
)
, J(A
3
)
, J(A
n
)
)thatJ(A
i
)
=minV(S
I

S
k
)k=1,,n,k=i
Then,theNormalizedvectorwiscalculatedofthebelow
formula[19]:
W=(J(A
1
), J(A
2
), , J(A
n
)) =
d(A
i
)
=mInV(S
>S
R
) k=1,,n ,k=I
d(A
i
)
k
i=1

Normalizationw vectorformatrix1:
w
=(1,0.352,0.652)J(A
1
)=
1
(1+0.352+0.652)
=0.499
J(A
2
)=
0.352
(1+0.352+0.652)
=0.175
J(A
3
)=
0.652
(1+0.352+0.652)
=0.325
Then,thenormalvectorofWisobtainedfromabovelines.
So,W=(0.499,0.175,0.325)
normalizationw vectorformatrix2:
W=(0.352,0.403,0.243)
W=(0.339,0.339,0.320)
W=(0.556,0.031,0.132)
5.2.7.CalculatethefinalweightofKPIs
Finally,thecalculatedweightsinabovesectionsareshown
inhierarchicalstructure.
Figure8.Showingtheweightsinhierarchicalstructure
The final KPIs weights are obtained of combination of the

weightsthatwereshowedinfigure9.So,thefinalweightsof
KPIsare:
ThefinalweightofKPI_1is:
(0.499*0.556)+(0.352*0.031)+(0.339*0.132)=0.331
(0.175*0.556)+(0.403*0.031)+(0.339*0.132)=0.153
(0.325*0.556)+(0.243*0.031)+(0.320*0.132)=0.229
Thus,thepriorityofISMSKPIsisasbelow:
KPI_1>KPI_3>KPI_2
As can be seen, our methodology able to prioritize the ISMS
KPIs that is need to implement ITIL security KPIs according
to the idea of managers. The determined priority in above
show the priority of KPI_1 in the enterprise is more than
KPI_3 in implementation. Also the priority of KPI_3 is more
than KPI_2 in implementation. So, the manager is able to
elect more important KPIs and implementing them.
5.3.TheadvantageofProposedApproach
We consider the advantages of suggested methodology. The
mostadvantagesofproposedapproachareasbelow:
CreatingcollaborativeplatformbetweenITILandISMS.
Establishing better information security by
implementationISMSinITIL.
Managers can decide better in implementing
informationsecurityscopeinenterprise.
CreatingclearviewsinITILsecurityKPIs.

The ability of giving rate as quantitative values, on
ISMSKPIs.and
6.Conclusion
In this paper, we proposed a new methodology to create a
new framework for mapping ITIL security KPIs that is
related to KPIs in Information Security Management System
(ISMS). We applied fuzzy algorithm to obtain the priority of
ISMSKPIsthatisrelatedtoITILsecurity managementKPIs.
Theadvantageofthismethodwascreatingthecollaborative
platform between ITIL and ISMS KPIs and improving the
security in the enterprises that implement ITIL. With this
approach, managers able to decide in apply ISMS KPIs in
ITILimplementation.
References
[1] Hochstein, A.; Zarnekow, R.; Brenner, W.: ITIL as common practice
reference model for IT service management: formal assessment and
implications for practice. In Proceedings of the e-Technology, e-
Commerce and e-Service, 2005. EEE '05. Proceedings. The 2005 IEEE
International Conference, Gallen, Switzerland, 704 - 710. (2005)
[2] Jim Clinch: ITIL V3 and Information Security. Best Management Practice
website managed and published by TSO in conjunction with the Cabinet
Office (part of HM Government) and APMG , White Paper. (2009)
[3] James Doss, Integrating other Frameworks and Methodologies
Complementary to ITIL, TSO information & publishing solutions, White
Paper. (2010)
[4] An Introductory Overview of ITIL V3, itSMF, The IT Service
Management Forum, published in the UK by the IT Service Management
Forum Limited, ISBN 0-9551245-8-1.
[5] http://www. pmtrainingonline.com, last visited on 2012.
[6] ITIL Version 3 Service Strategy, Crown copyright 2007 Produced under
license from OGC. (2007)
[7] ITIL Version 3 Service Design, Crown copyright 2007 Produced under
[8] ITIL Version 3 Service Transition, Crown copyright 2007 Produced under
[9] ITIL Version 3 Service Operation, Crown copyright 2007 Produced under
[10] ITIL Version 3 Service Operation, Crown copyright 2007 Produced under
[11] http://www.iso.org
[12] Zadeh, L.A.. "Fuzzy sets", Information and Control 8 (3): 338353. (1965)
[13] Saaty, T.L. The Analytic Hierarchy Process, New York: McGraw Hill.
International, Translated to Russian, Portuguese, and Chinese, Revised
editions, Paperback (1996, 2000), Pittsburgh: RWS Publications. (1980)
[14] T.L. Saaty, Multicriteria decision making: The analytic hierarchy process,
RWS Publications, Pittsburgh PA. (1988)
[15] Chang, D. Y., Extent Analysis and Synthetic Decision, Optimization
Techniques and Applications, World Scientific, Singapore, 1, 352. (1992)
[16] Nfer Yasin Ate, Sezi evik, Cengiz Kahraman, Murat Glbay and S.
Aya Erdoan, "Multi Attribute Performance Evaluation Using a
Hierarchical Fuzzy TOPSIS Method ", Istanbol Technical University,
Department of Industrial Engineering 34367 Macja Istanbul, Turkey.
(2006)
[17] Akn ZDAOLU, Gzin ZDAOLU, "COMPARISON OF AHP
AND FUZZY AHP FOR THE MULTICRITERIA DECISION MAKING
PROCESSES WITH LINGUISTIC EVALUATIONS", stanbul Ticaret
niversitesi Fen Bilimleri Dergisi Yl: 6 Say:11Bahar 2007/1 s. 65-85.
(2007)
[18] PRAXIOM RESEARCH GROUP LIMITED, 9619 - 100A Street,
Edmonton, Alberta, T5K 0V7, Canada, http://www.praxiom.com.
[19] M.H. Vahidniaa, A. Alesheikhb, A. Alimohammadic, A. Bassirid, FUZZY
ANALYTICAL HIERARCHY PROCESS IN GIS APPLICATION, The
International Archives of the Photogrammetry, Remote Sensing and
Spatial Information Sciences. Vol. XXXVII. (2008)


Using Fuzzy Methodology To Mapping ITIL Security KPIs To ISMS

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Using Fuzzy Methodology To Mapping ITIL Security KPIs To ISMS

Hochgeladen von

Copyright:

Verfügbare Formate

2012 Journal of Computing Press, NY, USA, ISSN 2151-9617

Figure 1. ITIL Life Cycle[5]

All of the elements on original diameter in pair wise

= (li, mi, ui) and S

Substep3: The degree of conceivability for a convex

Substep4: Via normalizationw vector, the normalized

5.2.3. Calculating the Relative Weight of Criteria and

The relative weight of KPI_1 according to stability(S1)

The final KPIs weights are obtained of combination of the

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 3, MARCH 2012, ISSN 2151-9617

Das könnte Ihnen auch gefallen