TOPSIS-based framework for evaluating employee cybersecurity risk
Abstract
This paper presents the development and initial validation of a TOPSIS-based framework for evaluating employee cybersecurity risk (TFEECR). The framework offers a structured and objective approach to assessing multiple dimensions of employee behavior and attitudes toward cybersecurity. It integrates the Technique for Order of Preference by Similarity to the Ideal Solution (TOPSIS) with Saaty’s criteria weighting, enabling a comprehensive evaluation across five criteria: knowledge, compliance, risky behaviors, attitudes, and training. The framework is validated using simulated data, and it showed robustness in differentiating between high- and low-risk employees. Such results are useful for organizations that want to implement targeted interventions. A sensitivity analysis highlights the framework's adaptability to various settings. This conceptual framework lays the groundwork for future empirical validation and practical application in enhancing organizational cybersecurity.
Downloads
Published
Issue
Section
License
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
