Cybersecurity Risk Assessment Through Analytic Hierarchy Process: Integrating Multicriteria and Sensitivity Analysis

Fernando  Rocha Moreira; Edna Canedo; Rafael  Rabelo Nunes; André Serrano; Cláudia Jacy Barenco Abbas; Marcelo  Lopes Pereira Júnior; Fábio Lopes de Mendonça

doi:10.5220/0013197300003929

Cybersecurity Risk Assessment Through Analytic Hierarchy Process: Integrating Multicriteria and Sensitivity Analysis

Fernando Rocha Moreira, Edna Canedo, Rafael Rabelo Nunes, André Serrano, Cláudia Jacy Barenco Abbas, Marcelo Lopes Pereira Júnior, Fábio Lopes de Mendonça

2025

Abstract

Context: Cybersecurity is increasingly critical for public institutions, particularly as digital transformations expose them to a wide range of cybersecurity risks. Managing these risks effectively requires a structured approach that aligns with recognized standards and frameworks. Methods: This study presents the process of cybersecurity risk management within a Brazilian public agency, utilizing the cybersecurity incident detection controls proposed by the NIST Cybersecurity Framework (NIST-CSF). To assess and prioritize these controls, the Analytic Hierarchy Process (AHP) was applied as a multicriteria decision-making method. Expert judgments were collected and integrated into the AHP model to determine the relative importance of each control. Results: The application of the AHP method resulted in a prioritized list of cybersecurity controls. This list outlines the sequence in which controls should be implemented, enabling decision-makers to direct resources effectively and make informed choices in mitigating cybersecurity risks. Conclusion: The findings underscore the value of adopting multicriteria methods like AHP in cybersecurity risk management. This paper contributes to the literature by encouraging the use of such methods as best practices for improving cybersecurity risk assessment and management in public sector organizations.

Download

Paper Citation

in Harvard Style

Moreira F., Canedo E., Nunes R., Serrano A., Abbas C., Pereira Júnior M. and Lopes de Mendonça F. (2025). Cybersecurity Risk Assessment Through Analytic Hierarchy Process: Integrating Multicriteria and Sensitivity Analysis. In Proceedings of the 27th International Conference on Enterprise Information Systems - Volume 2: ICEIS; ISBN 978-989-758-749-8, SciTePress, pages 117-128. DOI: 10.5220/0013197300003929

in Bibtex Style

@conference{iceis25,
author={Fernando Moreira and Edna Canedo and Rafael Nunes and André Serrano and Cláudia Abbas and Marcelo Pereira Júnior and Fábio Lopes de Mendonça},
title={Cybersecurity Risk Assessment Through Analytic Hierarchy Process: Integrating Multicriteria and Sensitivity Analysis},
booktitle={Proceedings of the 27th International Conference on Enterprise Information Systems - Volume 2: ICEIS},
year={2025},
pages={117-128},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013197300003929},
isbn={978-989-758-749-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 27th International Conference on Enterprise Information Systems - Volume 2: ICEIS
TI - Cybersecurity Risk Assessment Through Analytic Hierarchy Process: Integrating Multicriteria and Sensitivity Analysis
SN - 978-989-758-749-8
AU - Moreira F.
AU - Canedo E.
AU - Nunes R.
AU - Serrano A.
AU - Abbas C.
AU - Pereira Júnior M.
AU - Lopes de Mendonça F.
PY - 2025
SP - 117
EP - 128
DO - 10.5220/0013197300003929
PB - SciTePress