A Fuzzy-AHP Decision-Making Framework for Optimizing Software Maintenance and Deployment in Information Security Systems

IF 1.7 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Journal of Software-Evolution and Process Pub Date : 2025-01-16 DOI:10.1002/smr.2758

Rafiq Ahmad Khan, Ismail Keshta, Hussein A. Al Hashimi, Alaa Omran Almagrabi, Hathal S. Alwageed, Musaad Alzahrani

{"title":"A Fuzzy-AHP Decision-Making Framework for Optimizing Software Maintenance and Deployment in Information Security Systems","authors":"Rafiq Ahmad Khan, Ismail Keshta, Hussein A. Al Hashimi, Alaa Omran Almagrabi, Hathal S. Alwageed, Musaad Alzahrani","doi":"10.1002/smr.2758","DOIUrl":null,"url":null,"abstract":"<div>\n \n \n <section>\n \n <p>Information System Security (ISS) is the primary economic lever for the global economy. It is the cornerstone for value generation, and its absence undeniably affects technology, people, and finances. The emergence of the worldwide information society has introduced fresh economic and legal challenges attributed to the surge in Internet utilization and advancements in the digital economy. Ensuring the security of advancements within information systems has emerged as a primary concern in propelling the evolution of information processes within the software development industry. This study aims to develop and propose a Fuzzy Analytic Hierarchy Process (Fuzzy-AHP) framework to enhance decision-making for software maintenance and deployment in ISS. This framework aims to provide a systematic, flexible method for evaluating and prioritizing multiple conflicting criteria under conditions of uncertainty. The study initially adopts an empirical survey to identify software security maintenance and deployment risks and their practices for ISS organizations. Then adopts the Fuzzy-AHP method to handle the imprecision of expert judgments and organizes decision-making into a hierarchical structure. The framework is applied to evaluate key criteria related to software maintenance and deployment, including security risks, system performance, operational costs, and compliance requirements. Data from 50 ISS experts were collected and used to validate the framework. The paper identifies 52 security risks in maintenance and deployment (SRMD) processes in ISS and also identified 139 best practices for ensuring security, including regular updates, patch management, and adherence to industry-standard security protocols. The Fuzzy-AHP framework effectively structured the decision-making process by prioritizing criteria and sub-criteria. The results demonstrated that the framework helps mitigate the subjective biases in expert judgment and provides a more balanced assessment of maintenance and deployment strategies. Prioritizing security risks and compliance emerged as key factors in the decision-making process. The proposed Fuzzy-AHP framework provides an innovative and adaptable solution for optimizing ISS organizations' software maintenance and deployment decisions. It addresses the complexity and uncertainty involved in such decisions, offering a transparent and structured approach that improves the accuracy and reliability of outcomes. Future research should focus on empirical validation of the framework in real-world case studies and expand its application to other industries with similar decision-making needs.</p>\n </section>\n </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 1","pages":""},"PeriodicalIF":1.7000,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Software-Evolution and Process","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/smr.2758","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

Information System Security (ISS) is the primary economic lever for the global economy. It is the cornerstone for value generation, and its absence undeniably affects technology, people, and finances. The emergence of the worldwide information society has introduced fresh economic and legal challenges attributed to the surge in Internet utilization and advancements in the digital economy. Ensuring the security of advancements within information systems has emerged as a primary concern in propelling the evolution of information processes within the software development industry. This study aims to develop and propose a Fuzzy Analytic Hierarchy Process (Fuzzy-AHP) framework to enhance decision-making for software maintenance and deployment in ISS. This framework aims to provide a systematic, flexible method for evaluating and prioritizing multiple conflicting criteria under conditions of uncertainty. The study initially adopts an empirical survey to identify software security maintenance and deployment risks and their practices for ISS organizations. Then adopts the Fuzzy-AHP method to handle the imprecision of expert judgments and organizes decision-making into a hierarchical structure. The framework is applied to evaluate key criteria related to software maintenance and deployment, including security risks, system performance, operational costs, and compliance requirements. Data from 50 ISS experts were collected and used to validate the framework. The paper identifies 52 security risks in maintenance and deployment (SRMD) processes in ISS and also identified 139 best practices for ensuring security, including regular updates, patch management, and adherence to industry-standard security protocols. The Fuzzy-AHP framework effectively structured the decision-making process by prioritizing criteria and sub-criteria. The results demonstrated that the framework helps mitigate the subjective biases in expert judgment and provides a more balanced assessment of maintenance and deployment strategies. Prioritizing security risks and compliance emerged as key factors in the decision-making process. The proposed Fuzzy-AHP framework provides an innovative and adaptable solution for optimizing ISS organizations' software maintenance and deployment decisions. It addresses the complexity and uncertainty involved in such decisions, offering a transparent and structured approach that improves the accuracy and reliability of outcomes. Future research should focus on empirical validation of the framework in real-world case studies and expand its application to other industries with similar decision-making needs.

Abstract Image

查看原文本刊更多论文

信息安全系统中优化软件维护与部署的模糊层次分析法决策框架

信息系统安全（ISS）是全球经济的主要经济杠杆。它是创造价值的基石，它的缺失无疑会影响技术、人员和财务。全球信息社会的出现带来了新的经济和法律挑战，这些挑战归因于互联网使用的激增和数字经济的进步。在软件开发行业中，确保信息系统的安全性已经成为推动信息过程演进的主要关注点。本研究旨在发展并提出一种模糊层次分析法（Fuzzy- ahp）架构，以提升ISS软体维护与部署的决策能力。该框架旨在为不确定条件下多个相互冲突的标准的评估和优先排序提供一个系统的、灵活的方法。该研究最初采用了一项实证调查，以确定ISS组织的软件安全维护和部署风险及其实践。然后采用模糊层次分析法处理专家判断的不精确性，将决策组织成层次结构。该框架用于评估与软件维护和部署相关的关键标准，包括安全风险、系统性能、操作成本和遵从性需求。来自50名国际空间站专家的数据被收集并用于验证该框架。本文确定了国际空间站维护和部署（SRMD）过程中的52个安全风险，并确定了139个确保安全的最佳实践，包括定期更新、补丁管理和遵守行业标准安全协议。模糊层次分析法框架通过对准则和子准则进行优先级排序，有效地构建了决策过程。结果表明，该框架有助于减轻专家判断中的主观偏差，并为维护和部署策略提供更平衡的评估。优先考虑安全风险和遵从性成为决策过程中的关键因素。提出的模糊层次分析法框架为优化ISS组织的软件维护和部署决策提供了一种创新的、适应性强的解决方案。它解决了此类决策所涉及的复杂性和不确定性，提供了一种透明和结构化的方法，提高了结果的准确性和可靠性。未来的研究应侧重于在现实案例中对该框架进行实证验证，并将其扩展到具有类似决策需求的其他行业。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Software-Evolution and Process COMPUTER SCIENCE, SOFTWARE ENGINEERING-

自引率

10.00%

发文量

109