The Use of AHP in Security Policy Decision Making: An Open Office Calc Application

In this paper, we introduce a framework to guide decision makers evaluating information security policy performance. It is motivated by lack of adequate decision making mechanism with broader scopes and easy to use for the decision makers. The framework, which adopts Analytic hierarchy Process (AHP) methodology, is developed into a four level hierarchy (goal, criteria, sub-criteria, and alternatives) representing different aspects of information security policy. A survey based on AHP methodology was conducted to obtain decision maker preferences. Instead of relying on dedicated AHP software, we prefer to clearly demonstrate the process of AHP calculations by using Open Office Calc in data analysis. The aims are to show the applicability of open source software in handling AHP decision making problem and to help decision makers in understanding AHP data analysis procedures without relying on proprietary software. Results show that decision makers prefer availability of information security as highest priority, followed by confidentiality and integrity. The findings reflect future strategy in order to improve the effectiveness of information security policy in the organization.