Development of methods for identifying an appropriate benchmarking peer to establish information security policy
Abstract
Benchmarking methodology provides organizations with appropriate information security policy. However, selecting an appropriate organization as a benchmarking peer can be a challenge due to firms’ heterogeneous implementation and usage of information systems. Our goal is to develop and propose methods to appropriately identify a benchmarking peer organization by incorporating machine learning methods and mathematics set theory. We incorporate vague soft set, entropy, dynamic time warping, and Gaussian process. We use log data from information security management systems in multiple companies to validate our methods. Our experimental results indicate that the combined use of Gaussian process, vague soft set, and dynamic time warping can be more effective in identifying an appropriate benchmarking peer than conventional machine learning methods.
Publication Title
Expert Systems with Applications
Recommended Citation
Kang, M., Hovav, A., Lee, E., Um, S., & Kim, H. (2022). Development of methods for identifying an appropriate benchmarking peer to establish information security policy. Expert Systems with Applications, 201 https://doi.org/10.1016/j.eswa.2022.117028
