Keywords:
banking
CILOS
information security
risk management
MCDM
TOPSIS
Yemen

  • Abstract

    In today's digital age, the banking sector faces increasing challenges in ensuring operational resilience, protecting customer assets, and maintaining a competitive edge. Prioritizing information security risk management (ISRM) practices is crucial to effectively address these challenges. This paper aims to demonstrate the effectiveness of the multi-criteria decision-making (MCDM) method in evaluating and improving ISRM practices in Yemeni banks. The study employs an integrated CILOS-TOPSIS model, considering two criteria and five sub-criteria, with criteria weights determined using the CILOS method. The results highlight the significance of specific criteria in ISRM, with the existence of a comprehensive business continuity and disaster recovery plan (C2.1) standing out as a top priority (weight: 0.266). Additionally, the frequency of data backups and the presence of an active backup policy (C2.2) and the adequacy of physical security measures (C1.1) are identified as crucial factors (weights: 0.228 and 0.203, respectively). Furthermore, the TOPSIS method is employed to rank 13 banks based on these criteria, revealing the top-performing banks as B10, B4, B13, B1, and B12. Conversely, the 7th, 5th, and 6th ranked banks require attention for improvement. The paper provides comprehensive details on criteria weighting, bank ranking, and recommendations for enhancements. The findings presented in this paper offer valuable insights to decision-makers in the banking sector, enabling them to effectively guide their efforts and allocate resources to areas, controls, and banks that require greater attention.

  • References

    1. Acuña-Soto, C. M., Liern, V., & Pérez-Gladish, B. (2018). Multiple criteria performance evaluation of YouTube mathematical educational videos by IS-TOPSIS. Operational Research, 20(4), 2017–2039. https://doi.org/10.1007/s12351-018-0405-2
    2. Al-Fahim, N. H., Abdulgafor, R., & Qaid, E. H. (2021, July). Determinants of Banks’ Costumer’s Intention to adopt Internet Banking Services in Yemen: Using the Unified Theory of Acceptance and Use of Technology (UTAUT). In 2021 International Congress of Advanced Technology and Engineering (ICOTEN) , 1-8,. IEEE.‏
    3. Al-shameri A. A. N. (2017) Hierarchical multilevel information security gap analysis models based on ISO/IEC 27001: 2013. Int J Sci Res Multidiscip Studies, 3(11),14–23.
    4. Al-shaibany, N., Al-sofi, T. A. B., & Al Gaphari, G. H. (2023). A Model for Enhancing the Information Security Management Systems in Yemen Banks. Sana'a University Journal of Applied Sciences and Technology, 1(1), 1-12.
    5. Al-Khulaidi, A. A., Nasser, A. A., Alanesi, N. K., Hazaa, M. A., Aljober, M., & Akhulaidi, N. A. (2022). Information security gap analysis: an applied study on the Yemeni banking sector's technology and innovation practices. Seybold Report journal, 17(10), 2493-2519.‏
    6. Al-Khulaidi, A. A. G., Al-Ashwal, M. M. Y., Nasser, A. A., & Al-Anesi, N. K. (2023). Information Security Risk Management in Yemeni Banks: An Evaluation of Current Practices. International Journal of Engineering Trends and Technology, 71(4), 225–237. https://doi.org/10.14445/22315381/ijett-v71i4p220.
    7. Ayan, B., Abacıoğlu, S., & Basilio, M. P. (2023). A comprehensive review of the novel weighting methods for multi-criteria decision-making. Information, 14(5), 285. https://doi.org/10.3390/info14050285.
    8. Balaram, G., & Prabhu, S. (2023). 5G network management framework for improved customer experience using artificial intelligence and big data. In Proceedings of the 2023 4th International Conference for Emerging Technology (INCET), May 2023. https://doi.org/10.1109/incet57972.2023.10170728.
    9. Barnes, B., & Daim, T. (2024). Information Security Maturity Model for Healthcare Organizations in the United States. IEEE Transactions on Engineering Management, 71, 928–939. https://doi.org/10.1109/tem.2021.3139836.
    10. Barnes Page & Bridget Joan (2021). Information Security Maturity Model for Healthcare Organizations in the United States (Doctoral thesis). Portland State University. https://doi.org/10.15760/etd.7629.
    11. Corallo, A., Lazoi, M., & Lezzi, M. (2020). Cybersecurity in the context of industry 4.0: A structured classification of critical assets and business impacts. Computers in Industry, 114, 103165. https://doi.org/10.1016/j.compind.2019.103165.
    12. Ershadi, M. J. M. J., & Forouzandeh, M. (2019). Information security risk management of research information systems: a hybrid approach of Fuzzy FMEA, AHP, TOPSIS and Shannon Entropy. Journal of Digital Information Management, 17(6), 321-336. https://doi.org/10.6025/jdim/2019/17/6/321-336.
    13. Hezer, S., Gelmez, E., & Özceylan, E. (2021). Comparative analysis of TOPSIS, VIKOR and COPRAS methods for the COVID-19 regional safety assessment. Journal of Infection and Public Health, 14(6), 775–786. https://doi.org/10.1016/j.jiph.2021.03.003.
    14. Gardas, B. B., Heidari, A., Navimipour, N. J., & Unal, M. (2022). A Fuzzy-Based Method for Objects Selection in Blockchain-Enabled Edge-IoT Platforms Using a Hybrid Multi-Criteria Decision-Making Model. Applied Sciences, 12(17), 8906. https://doi.org/10.3390/app12178906.
    15. Hewa Wellalage, N., Hunjra, A. I., Manita, R., & Locke, S. M. (2021). Information communication technology and financial inclusion of innovative entrepreneurs. Technological Forecasting and Social Change, 163, 120416. https://doi.org/10.1016/j.techfore.2020.120416.
    16. ISO 27001: International Organization for Standardization. (2013). "Information technology - Security techniques - Information security management systems - Requirements." [Online]. Available: https://www.iso.org/obp/ui/#iso:std:iso-iec:27001:ed-2:v1:en
    17. ISO 27002: International Organization for Standardization. (2013). "Information technology - Security techniques - Code of practice for information security controls." [Online]. Available: https://www.iso.org/standard/54533.html
    18. Kauffman, R. J., & Riggins, F. J. (2012). Information and communication technology and the sustainability of microfinance. Electronic Commerce Research and Applications, 11(5), 450–468. https://doi.org/10.1016/j.elerap.2012.03.001.
    19. Krishnan, A. R., Kasim, M. M., Hamid, R., & Ghazali, M. F. (2021). A modified CRITIC method to estimate the objective weights of decision criteria. Symmetry, 13(6), 973. https://doi.org/10.3390/sym13060973
    20. Miškić, S., Stević, Ž., Tadić, S., Alkhayyat, A., & Krstić, M. (2023). Assessment of the LPI of the EU countries using MCDM model with an emphasis on the importance of criteria. World Review of Intermodal Transportation Research, 11(3), 258-279.‏ https://doi.org/10.1504/writr.2023.10056767.
    21. Nasser, A. (2017). Information security gap analysis based on ISO 27001: 2013 standard: A case study of the Yemeni Academy for Graduate Studies Sana’a Yemen. Int. J. Sci. Res. in Multidisciplinary Studies, 3(1),4-13.
    22. Nasser, A. A., Al-Khulaidi, A. A., & Aljober, M. N. (2018). Measuring the information security maturity of enterprises under uncertainty using fuzzy AHP. International Journal of Information Technology and Computer Science, 10(4), 10-25.‏ https://doi.org/10.5815/ijitcs.2018.04.02.
    23. Nasser, A. A., Al-Ashwal, M. M. Y., Al-Khulaidi, A. A. G., Al-Naqeep, A. N., & Al-jober, M. (2023). A hybrid business-technical model for evaluating iot platforms’ functionality, reliability, and usability. International Journal of Engineering Trends and Technology, 71(10), 39–59. https://doi.org/10.14445/22315381/ijett-v71i10p205.
    24. Nasser, A. A., AL-ansi, N. K. A., & Sharabi, N. A. (2020). On the standardization practices of the information security operations in banking sector: evidence from Yemen. International Journal of Scientific Research in Computer Science and Engineering, 8(6), 8-18.
    25. Nasser, A. A., Saeed, M. M., & Aljober, M. N. (2021). Application of selected mcdm methods for developing a multi-functional framework for eco-hotel planning in Yemen. International Journal of Computer Sciences and Engineering, 9(10), 7–18. https://doi.org/10.26438/ijcse/v9i10.718.
    26. Ngoc Thach, N., Thanh Hanh, H., Ngoc Huy, D. T., Gwozdziewicz, S., Viet Nga, L. T., & Thanh Huong, L. T. (2021). Technology quality management of the industry 4.0 and cybersecurity risk management on current banking activities in emerging markets - the case in Vietnam. International Journal for Quality Research, 15(3), 845–56. https://doi.org/10.24874/ijqr15.03-10.
    27. Nnatubemugo, I. N. (2013). Information Security Maturity Model (ISMM) (M.S. thesis). University of Manchester, 2013.
    28. Parate, S., Josyula, H. P., & Reddi, L. T. (2023). Digital identity verification: transforming kyc processes in banking through advanced technology and enhanced security measures. International Research Journal of Modernization in Engineering Technology and Science, 5(9), 128-137.‏
    29. Sawalha, I. H. (2021). Views on business continuity and disaster recovery. International Journal of Emergency Services, 10(3), 351–365. https://doi.org/10.1108/ijes-12-2020-0074.
    30. Siddiq, A., Al Gamal, E., & Osamah, A. M. (2022). Credit Risk Minimizing: Analysis study of Islamic and conventional banks in Yemen. Journal of Advanced Research in Economics and Administrative Sciences, 3(4), 1-8.‏ ‏
    31. Turskis, Z., Goranin, N., Nurusheva, A., & Boranbayev, S. (2019). Information security risk assessment in critical infrastructure: a hybrid mcdm approach. Informatica, 30(1), 187–211. https://doi.org/10.15388/informatica.2018.203.
    32. Urdenko, O. (2019). Systematic analysis of risk management information security measures. Modeling and Information Systems in Economics, 98, 182–197. https://doi.org/10.33111/mise.98.18.
    33. Ya-qing, L., Hao-ran, N., Xiang-yang, T., Mei-cheng, Z., Feng, J., Yu-tong, Q., & Jian-bo, C. (2023). Research on equity of medical resource allocation in Yangtze river economic belt under healthy China strategy. Frontiers in Public Health, 11:1175276. https://doi.org/10.3389/fpubh.2023.1175276.
    34. Zavadskas, E. K., & Podvezko, V. (2016). Integrated determination of objective criteria weights in MCDM. International Journal of Information Technology & Decision Making, 15(2), 267–283. https://doi.org/10.1142/s0219622016500036
    35. Zhang, J., Cai, J., He, Z., Pu, C., & Tang, G. (2020). Analysis on the differences of health resources allocation in undeveloped areas of chongqing, China: a cross-sectional study. Journal of Service Science and Management, 13(2), 244–260. https://doi.org/10.4236/jssm.2020.132016.
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Copyright (c) 2024 Malque Publishing

How to cite

Al-Khulaidi, A. A. G., Nasser, A. A., Al-ashwal, M. H. Y., Al-Ashwal, M. M. . Y., & Altayeb, A. M. (2024). Investigating information security risk management in Yemeni banks: An CILOS-TOPSIS approach. Multidisciplinary Science Journal, 6(9), 2024175. https://doi.org/10.31893/multiscience.2024175
Crossref
Scopus
Google Scholar
Europe PMC
  • Article viewed - 434
  • PDF downloaded - 326