Cybersecurity decision support model to designing information technology security system based on risk analysis and cybersecurity framework

The proposed work was a recommendation model for designing cyber security decision support, in building an information technology security system based on risk analysis and the ISO/IEC 27001 cybersecurity framework. The proposed model aimed to obtain the best security system in mitigating security threats. This paper contributed to strategic policymakers in designing cyber security decision support recommendations to determine the best steps in designing information technology security systems. The model built can map the priority value of threat mitigation based on the relative threat score against the relative evaluation score of the implementation of ISO/IEC 27001 compliance. The mitigation priority value is the key in determining priority recommendations for building an information technology security system based on the ISO/IEC 27001 framework. Furthermore, the results implementation of information technology security system recommendations is tested by carrying out security attacks directly on the system being built. The work ends by conducting a statistical evaluation of the system built based on the recommendations of the information technology security system. The results achieved indicate an increase in the average value of the evaluation of ISO/IEC 27001 compliance from 36.27 to 82.37 with the p-value of Paired T-Test being 0.002138