Cybersecurity Risk Assessment Through Analytic Hierarchy Process: Integrating Multicriteria and Sensitivity Analysis

Fernando Moreira; Edna Canedo; Rafael Nunes; André Serrano; Cláudia Abbas; Marcelo Pereira Júnior; Fábio Lopes de Mendonça

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Cybersecurity Risk Assessment Through Analytic Hierarchy Process: Integrating Multicriteria and Sensitivity Analysis

Topics: Security

In Proceedings of the 27th International Conference on Enterprise Information Systems - Volume 2: ICEIS, 117-128, 2025 , Porto, Portugal

Authors: Fernando Rocha Moreira ¹ ; Edna Canedo ¹ ; Rafael Rabelo Nunes ² ; André Serrano ³ ; Cláudia Jacy Barenco Abbas ⁴ ; Marcelo Lopes Pereira Júnior ⁴ and Fábio Lopes de Mendonça ⁴

Affiliations: ¹ University of Brasília (UnB), Department of Computer Science, Brasília–DF, Brazil ; ² UniAtenas University Center, Paracatu-MG, Brazil ; ³ University of Brasília (UnB), Professional Postgraduate Program in Electrical Engineering - PPEE, Brasília–DF, Brazil ; ⁴ University of Brasília (UnB), Department of Electrical Engineering, Brasília–DF, Brazil

Keyword(s): Cybersecurity Risk Management, NIST Cybersecurity Framework, Analytic Hierarchy Process, Multicriteria Decision-Making, Public Sector Cybersecurity.

Abstract: Context: Cybersecurity is increasingly critical for public institutions, particularly as digital transformations expose them to a wide range of cybersecurity risks. Managing these risks effectively requires a structured approach that aligns with recognized standards and frameworks. Methods: This study presents the process of cybersecurity risk management within a Brazilian public agency, utilizing the cybersecurity incident detection controls proposed by the NIST Cybersecurity Framework (NIST-CSF). To assess and prioritize these controls, the Analytic Hierarchy Process (AHP) was applied as a multicriteria decision-making method. Expert judgments were collected and integrated into the AHP model to determine the relative importance of each control. Results: The application of the AHP method resulted in a prioritized list of cybersecurity controls. This list outlines the sequence in which controls should be implemented, enabling decision-makers to direct resources effectively and make i nformed choices in mitigating cybersecurity risks. Conclusion: The findings underscore the value of adopting multicriteria methods like AHP in cybersecurity risk management. This paper contributes to the literature by encouraging the use of such methods as best practices for improving cybersecurity risk assessment and management in public sector organizations. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.221.172.197

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Moreira, F. R., Canedo, E., Nunes, R. R., Serrano, A., Abbas, C. J. B., Pereira Júnior, M. L. and Lopes de Mendonça, F. (2025). Cybersecurity Risk Assessment Through Analytic Hierarchy Process: Integrating Multicriteria and Sensitivity Analysis. In Proceedings of the 27th International Conference on Enterprise Information Systems - Volume 2: ICEIS; ISBN 978-989-758-749-8; ISSN 2184-4992, SciTePress, pages 117-128. DOI: 10.5220/0013197300003929

@conference{iceis25,
author={Fernando Rocha Moreira and Edna Canedo and Rafael Rabelo Nunes and André Serrano and Cláudia Jacy Barenco Abbas and Marcelo Lopes {Pereira Júnior} and Fábio {Lopes de Mendon\c{c}a}},
title={Cybersecurity Risk Assessment Through Analytic Hierarchy Process: Integrating Multicriteria and Sensitivity Analysis},
booktitle={Proceedings of the 27th International Conference on Enterprise Information Systems - Volume 2: ICEIS},
year={2025},
pages={117-128},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013197300003929},
isbn={978-989-758-749-8},
issn={2184-4992},
}

TY - CONF

JO - Proceedings of the 27th International Conference on Enterprise Information Systems - Volume 2: ICEIS
TI - Cybersecurity Risk Assessment Through Analytic Hierarchy Process: Integrating Multicriteria and Sensitivity Analysis
SN - 978-989-758-749-8
IS - 2184-4992
AU - Moreira, F.
AU - Canedo, E.
AU - Nunes, R.
AU - Serrano, A.
AU - Abbas, C.
AU - Pereira Júnior, M.
AU - Lopes de Mendonça, F.
PY - 2025
SP - 117
EP - 128
DO - 10.5220/0013197300003929
PB - SciTePress