Abstract
Cybersecurity is the discipline of defending systems, networks, and programs against digital assaults intended to gain access to, alter, or delete sensitive data, or disrupt regular business activities. With the transformation of digitalization, information on the internet becomes vulnerable to cyber attacks, and healthcare organizations have a critical importance in this regard. Digital healthcare technology is widely used across the world, and the security of healthcare data and equipment is a growing problem since medical equipment has been exposed to new cybersecurity risks as its access to current computer networks has increased. However, the cybersecurity frameworks offered provide a generic framework for all organizations, and prioritizing the categories within the framework for the healthcare organization is critical in terms of developing an effective security policy. In this study, an internationally accepted cybersecurity framework is evaluated by health experts, and the framework is prioritized for the use by healthcare organizations. Since such a task is carried out on linguistic expressions and experts may be uncertain about some of the categories, there is a need for a model that both converts linguistic expressions into numerical measurable form while comprehensively addressing the vagueness. For this purpose, a novel interval-valued Pythagorean fuzzy CRiteria Importance Through Intercriteria Correlation (CRITIC) method has been developed for ranking the categories within each domain of the National Institute for Standards and Technology (NIST) cybersecurity framework for the use of healthcare organizations. A sensitivity analysis, theoretical and practical consequences, and future research recommendations are also provided within the study.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Al Obaidan F, Saeed S (2021) Digital transformation and cybersecurity challenges: a study of malware detection using machine learning techniques. In: Handbook of research on advancing cybersecurity for digital transformation. IGI Global, pp 203–226
Alenezi M, Agrawal A, Kumar R, Khan RA (2020) Evaluating performance of web application security through a fuzzy based hybrid multi-criteria decision-making approach: Design tactics perspective. IEEE Access 8:25543–25556
Alghassab M (2021) Analyzing the impact of cybersecurity on monitoring and control systems in the energy sector. Energies 15(1):218
Ali KA, Alyounis S (2021) Cybersecurity in healthcare industry. In: 2021 International conference on information technology (ICIT). IEEE, pp 695–701
Alsadhan T, Park JS (2016) Security automation for information security continuous monitoring: research framework. In: 2016 IEEE world congress on services (SERVICES). IEEE, pp 130–131
Bhol SG, Mohanty J, Pattnaik PK (2020) Cyber security metrics evaluation using multi-criteria decision-making approach. In: Smart intelligent computing and applications. Springer, Heidelberg, pp 665–675
Burke W, Oseni T, Jolfaei A, Gondal I (2019) Cybersecurity indexes for ehealth. In: Proceedings of the Australasian computer science week multiconference, pp 1–8
Dempsey KL, Johnson LA, Scholl MA, Stine KM, Jones AC, Orebaugh A, Chawla NS, Johnston R, et al (2011) Information security continuous monitoring (iscm) for federal information systems and organizations
Diakoulaki D, Mavrotas G, Papayannakis L (1995) Determining objective weights in multiple criteria problems: the critic method. Comput Oper Res 22(7):763–770
Erdoğan M, Karaşan A, Kaya İ, Budak A. Çolak M (2019) A fuzzy based mcdm methodology for risk evaluation of cyber security technologies. In: International conference on intelligent and fuzzy systems. Springer, Heidelberg, pp 1042–1049
Garg H (2017) A novel improved accuracy function for interval valued pythagorean fuzzy sets and its applications in the decision-making process. Int J Intell Syst 32(12):1247–1260
Garg H (2018) New exponential operational laws and their aggregation operators for interval-valued pythagorean fuzzy multicriteria decision-making. Int J Intell Syst 33(3):653–683
Gordon LA, Loeb MP, Zhou L (2020) Integrating cost-benefit analysis into the nist cybersecurity framework via the gordon-loeb model. J Cybersecur 6(1):tyaa005
Gourisetti NG, Mylrea M, Patangia H (2019) Application of rank-weight methods to blockchain cybersecurity vulnerability assessment framework. In: 2019 IEEE 9th annual computing and communication workshop and conference (CCWC). IEEE, pp 0206–0213
Govender D (2019) The use of the risk management model iso 31000 by private security companies in South Africa. Secur J 32(3):218–235
Gupta L, Salman T, Ghubaish A, Unal D, Al-Ali AK, Jain R (2022) Cybersecurity of multi-cloud healthcare systems: a hierarchical deep learning approach. Appl Soft Comput 118:108439
Hai TN, Van QN, Thi Tuyet M (2021) Digital transformation: opportunities and challenges for leaders in the emerging countries in response to covid-19 pandemic. Emerg Sci J 5:21–36
Haktanır E, Kahraman C (2019) A novel interval-valued pythagorean fuzzy qfd method and its application to solar photovoltaic technology development. Comput Ind Eng 132:361–372
Jabeen T, Ashraf H, Ullah A (2021) A survey on healthcare data security in wireless body area networks. J Ambient Intell Hum Comput 12(10):9841–9854
Karasan A, Ilbahar E, Kahraman C (2019) A novel pythagorean fuzzy ahp and its application to landfill site selection problem. Soft Comput 23(21):10953–10968
Kumar R, Pandey AK, Baz A, Alhakami H, Alhakami W, Agrawal A, Khan RA (2020) Fuzzy-based symmetrical multi-criteria decision-making procedure for evaluating the impact of harmful factors of healthcare information security. Symmetry 12(4):664
Loi M, Christen M, Kleine N, Weber K (2019) Cybersecurity in health–disentangling value tensions. J Inf Commun Ethics Soc
Moreira FR, Da Silva Filho DA, Nze GDA, de Sousa Júnior RT, Nunes RR (2021) Evaluating the performance of nist’s framework cybersecurity controls through a constructivist multicriteria methodology. IEEE Access 9:129605–129618
Ning L, Ali Y, Ke H, Nazir S, Huanli Z (2020) A hybrid MCDM approach of selecting lightweight cryptographic cipher based on iso and nist lightweight cryptography security requirements for internet of health things. IEEE Access 8:220165–220187
Nunes P, Antunes M, Silva C (2021) Evaluating cybersecurity attitudes and behaviors in Portuguese healthcare institutions. Procedia Comput Sci 181:173–181
O’Brien N, Grass E, Martin G, Durkin M, Darzi A, Ghafur S (2021) Developing a globally applicable cybersecurity framework for healthcare: a delphi consensus study. BMJ Innov 7(1)
Offner K, Sitnikova E, Joiner K, MacIntyre C (2020) Towards understanding cybersecurity capability in Australian healthcare organisations: a systematic review of recent trends, threats and mitigation. Intell Natl Secur 35(4):556–585
Pragholapati A (2020) Governance in mental health nursing
Rachh A (2021) A study of future opportunities and challenges in digital healthcare sector: cyber security vs. crimes in digital healthcare sector. Asia Pac J Health Manag 16(3):7–15
Roy PP (2020) A high-level comparison between the nist cyber security framework and the iso 27001 information security standard. In: 2020 National conference on emerging trends on sustainable technology and engineering applications (NCETSTEA). IEEE, pp 1–3
Stine KM, Quill K, Witte GA, et al (2014) Framework for improving critical infrastructure cybersecurity
Stirano F, Lubrano F, Vitali G, Bertone F, Varavallo G, Petrucci P (2020) Cross-domain security asset management for healthcare. In: International workshop on cyber-physical security for critical infrastructures protection. Springer, Heidelberg, pp 139–154
Torbacki W (2021) A hybrid mcdm model combining danp and promethee ii methods for the assessment of cybersecurity in industry 4.0. Sustainability 13(16):8833
Tusher HM, Munim ZH, Notteboom TE, Kim TE, Nazir S (2022) Cyber security risk assessment in autonomous shipping. In: Maritime economics & logistics, pp 1–20
Wang J, Abid H, Lee S, Shu L, Xia F (2011) A secured health care application architecture for cyber-physical systems. arXiv preprint arXiv:1201.0213
Webb J, Hume D (2018) Campus IoT collaboration and governance using the nist cybersecurity framework. In: Living in the internet of things: cybersecurity of the IoT-2018. IET, pp 1–7
Zaki M, Sivakumar V, Shrivastava S, Gaurav K (2021) Cybersecurity framework for healthcare industry using NGFW. In: 2021 third international conference on intelligent communication technologies and virtual mobile networks (ICICV). IEEE, pp 196–200
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Camgöz Akdağ, H., Menekşe, A. (2023). Cybersecurity Framework Prioritization for Healthcare Organizations Using a Novel Interval-Valued Pythagorean Fuzzy CRITIC. In: Kahraman, C., Haktanır, E. (eds) Intelligent Systems in Digital Transformation. Lecture Notes in Networks and Systems, vol 549. Springer, Cham. https://doi.org/10.1007/978-3-031-16598-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-16598-6_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-16597-9
Online ISBN: 978-3-031-16598-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)