{"id":"https://openalex.org/W3110854249","doi":"https://doi.org/10.1109/tnsm.2020.3044865","title":"A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions","display_name":"A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions","publication_year":2020,"publication_date":"2020-12-15","ids":{"openalex":"https://openalex.org/W3110854249","doi":"https://doi.org/10.1109/tnsm.2020.3044865","mag":"3110854249"},"language":"en","primary_location":{"id":"doi:10.1109/tnsm.2020.3044865","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tnsm.2020.3044865","pdf_url":null,"source":{"id":"https://openalex.org/S173527311","display_name":"IEEE Transactions on Network and Service Management","issn_l":"1932-4537","issn":["1932-4537","2373-7379"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Network and Service Management","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5023096354","display_name":"Ferda \u00d6zdemir S\u00f6nmez","orcid":"https://orcid.org/0000-0002-0908-2554"},"institutions":[{"id":"https://openalex.org/I201799495","display_name":"Middle East Technical University","ror":"https://ror.org/014weej12","country_code":"TR","type":"education","lineage":["https://openalex.org/I201799495"]},{"id":"https://openalex.org/I47508984","display_name":"Imperial College London","ror":"https://ror.org/041kmwe10","country_code":"GB","type":"education","lineage":["https://openalex.org/I47508984"]}],"countries":["GB","TR"],"is_corresponding":true,"raw_author_name":"Ferda Ozdemir Sonmez","raw_affiliation_strings":["Department of Information Systems, Graduate School of Informatics, Middle East Technical University, Ankara, Turkey","Institute for Security Science and Technology, Imperial College, London, U.K"],"affiliations":[{"raw_affiliation_string":"Department of Information Systems, Graduate School of Informatics, Middle East Technical University, Ankara, Turkey","institution_ids":["https://openalex.org/I201799495"]},{"raw_affiliation_string":"Institute for Security Science and Technology, Imperial College, London, U.K","institution_ids":["https://openalex.org/I47508984"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5067611632","display_name":"Banu G\u00fcnel","orcid":"https://orcid.org/0000-0003-4917-192X"},"institutions":[{"id":"https://openalex.org/I201799495","display_name":"Middle East Technical University","ror":"https://ror.org/014weej12","country_code":"TR","type":"education","lineage":["https://openalex.org/I201799495"]}],"countries":["TR"],"is_corresponding":false,"raw_author_name":"Banu Gunel Kilic","raw_affiliation_strings":["Department of Information Systems, Graduate School of Informatics, Middle East Technical University, Ankara, Turkey"],"affiliations":[{"raw_affiliation_string":"Department of Information Systems, Graduate School of Informatics, Middle East Technical University, Ankara, Turkey","institution_ids":["https://openalex.org/I201799495"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5023096354"],"corresponding_institution_ids":["https://openalex.org/I201799495","https://openalex.org/I47508984"],"apc_list":null,"apc_paid":null,"fwci":1.9464,"has_fulltext":false,"cited_by_count":17,"citation_normalized_percentile":{"value":0.90017603,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"18","issue":"3","first_page":"3260","last_page":"3279"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9937000274658203,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7631243467330933},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.6068136096000671},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.5231608152389526},{"id":"https://openalex.org/keywords/budget-constraint","display_name":"Budget constraint","score":0.48165571689605713},{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.4802827537059784},{"id":"https://openalex.org/keywords/decision-support-system","display_name":"Decision support system","score":0.46600136160850525},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.37941229343414307},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.34169018268585205},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.29834622144699097},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.16071009635925293},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.1460127830505371},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.129177063703537}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7631243467330933},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.6068136096000671},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.5231608152389526},{"id":"https://openalex.org/C8505890","wikidata":"https://www.wikidata.org/wiki/Q605095","display_name":"Budget constraint","level":2,"score":0.48165571689605713},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.4802827537059784},{"id":"https://openalex.org/C107327155","wikidata":"https://www.wikidata.org/wiki/Q330268","display_name":"Decision support system","level":2,"score":0.46600136160850525},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.37941229343414307},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.34169018268585205},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.29834622144699097},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.16071009635925293},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.1460127830505371},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.129177063703537},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C133425853","wikidata":"https://www.wikidata.org/wiki/Q60571","display_name":"Neoclassical economics","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tnsm.2020.3044865","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tnsm.2020.3044865","pdf_url":null,"source":{"id":"https://openalex.org/S173527311","display_name":"IEEE Transactions on Network and Service Management","issn_l":"1932-4537","issn":["1932-4537","2373-7379"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Network and Service Management","raw_type":"journal-article"},{"id":"pmh:oai:https://open.metu.edu.tr:11511/94753","is_oa":false,"landing_page_url":"https://hdl.handle.net/11511/94753","pdf_url":null,"source":{"id":"https://openalex.org/S4306402495","display_name":"OpenMETU (Middle East Technical University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I201799495","host_organization_name":"Middle East Technical University","host_organization_lineage":["https://openalex.org/I201799495"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Journal Article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6700000166893005,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":66,"referenced_works":["https://openalex.org/W43328283","https://openalex.org/W70321236","https://openalex.org/W102117803","https://openalex.org/W118865363","https://openalex.org/W134828221","https://openalex.org/W138540058","https://openalex.org/W158950929","https://openalex.org/W572872720","https://openalex.org/W625926841","https://openalex.org/W1523452487","https://openalex.org/W1570317428","https://openalex.org/W1925725102","https://openalex.org/W1976878590","https://openalex.org/W1987450917","https://openalex.org/W1996342777","https://openalex.org/W2003676537","https://openalex.org/W2004996513","https://openalex.org/W2009683816","https://openalex.org/W2014024726","https://openalex.org/W2023794048","https://openalex.org/W2026029161","https://openalex.org/W2034960640","https://openalex.org/W2043285400","https://openalex.org/W2053667650","https://openalex.org/W2055446961","https://openalex.org/W2056075452","https://openalex.org/W2073794724","https://openalex.org/W2076121152","https://openalex.org/W2088949480","https://openalex.org/W2089403267","https://openalex.org/W2095519402","https://openalex.org/W2096320650","https://openalex.org/W2098700972","https://openalex.org/W2102144719","https://openalex.org/W2117278106","https://openalex.org/W2121343887","https://openalex.org/W2127399150","https://openalex.org/W2133200278","https://openalex.org/W2152601364","https://openalex.org/W2162269527","https://openalex.org/W2168936936","https://openalex.org/W2171947434","https://openalex.org/W2208596391","https://openalex.org/W2271655342","https://openalex.org/W2295177298","https://openalex.org/W2322986547","https://openalex.org/W2334600287","https://openalex.org/W2433280216","https://openalex.org/W2596381156","https://openalex.org/W2601656441","https://openalex.org/W2605141568","https://openalex.org/W2731118119","https://openalex.org/W2740027807","https://openalex.org/W2923916621","https://openalex.org/W2963790933","https://openalex.org/W2993383518","https://openalex.org/W3106082668","https://openalex.org/W3177237017","https://openalex.org/W4205557670","https://openalex.org/W6601722824","https://openalex.org/W6604805690","https://openalex.org/W6631174867","https://openalex.org/W6678075402","https://openalex.org/W6683905481","https://openalex.org/W6700718514","https://openalex.org/W6735207984"],"related_works":["https://openalex.org/W2508914475","https://openalex.org/W2120971814","https://openalex.org/W2777401565","https://openalex.org/W3154625549","https://openalex.org/W3159280571","https://openalex.org/W2248314326","https://openalex.org/W4247822198","https://openalex.org/W10189584","https://openalex.org/W4310892428","https://openalex.org/W1974991139"],"abstract_inverted_index":{"Types":[0],"and":[1,11,47,65,72,88,166],"complexity":[2],"of":[3,19,29,39,54,62,96,109,116,123,144,149,171],"information":[4,98,137,184,196],"security":[5,63,99,138,197],"related":[6,198],"vulnerabilities":[7],"are":[8],"growing":[9],"rapidly":[10],"present":[12],"numerous":[13],"challenges":[14,22],"to":[15,24,160,194],"the":[16,20,26,35,49,52,55,69,107,120,134,150,167,179,191],"enterprises.":[17],"One":[18],"key":[21],"is":[23,152,187],"identify":[25,161],"optimal":[27,94,121,169],"set":[28,122],"precautions":[30],"with":[31],"limited":[32],"budget.":[33],"Despite":[34],"fact":[36],"that":[37,153],"majority":[38,53],"enterprises":[40],"have":[41],"a":[42,78,113,141,156,162],"budget":[43,73,117,139,180],"constraint":[44],"for":[45,93,112,140,174],"installing":[46],"maintaining":[48],"protection":[50],"systems,":[51],"previous":[56],"work":[57],"only":[58],"focus":[59],"on":[60,84],"prioritization":[61],"targets":[64],"do":[66],"not":[67],"consider":[68],"preventative":[70,100,172],"actions":[71,173],"constraints.":[74,181],"This":[75],"article":[76],"presents":[77],"decision":[79],"support":[80],"system":[81],"(DSS)":[82],"based":[83],"analytical":[85],"hierarchical":[86],"process":[87],"mixed":[89],"integer":[90],"programming":[91],"techniques":[92],"selection":[95],"enterprise":[97,130,136,176],"actions.":[101],"The":[102,125,146,182],"proposed":[103,192],"approach":[104],"enables":[105],"maximizing":[106],"amount":[108,115],"risk":[110,157],"prevented":[111],"fixed":[114],"by":[118],"identifying":[119],"precautions.":[124],"new":[126],"DSS":[127],"also":[128,188],"assists":[129],"decision-makers":[131],"in":[132],"determining":[133],"minimum":[135],"given":[142],"level":[143],"risk.":[145],"main":[147],"contribution":[148],"paper":[151],"it":[154],"provides":[155],"management":[158,199],"method":[159,193],"multi-level":[163],"threat":[164],"model":[165],"corresponding":[168],"combination":[170],"an":[175],"while":[177],"considering":[178],"treemap":[183],"visualization":[185],"technique":[186],"integrated":[189],"into":[190],"improve":[195],"decisions.":[200]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}