TOPSIS-based framework for evaluating employee cybersecurity risk

Katarina Kostelić

doi:10.17535/crorr.2025.0003

Croatian Operational Research Review (Jan 2025)

TOPSIS-based framework for evaluating employee cybersecurity risk

Katarina Kostelić

Affiliations

Katarina Kostelić: Faculty of Informatics, Juraj Dobrila University of Pula,, Pula, Croatia

DOI: https://doi.org/10.17535/crorr.2025.0003
Journal volume & issue: Vol. 16, no. 1
pp. 31 – 44

Abstract

Read online

This paper presents the development and initial validation of a TOPSIS-based framework for evaluating employee cybersecurity risk (TFEECR). The framework offers a structured and objective approach to assessing multiple dimensions of employee behavior and attitudes toward cybersecurity. It integrates the Technique for Order of Preference by Similarity to the Ideal Solution (TOPSIS) with Saaty’s criteria weighting, enabling a comprehensive evaluation across five criteria: knowledge, compliance, risky behaviors, attitudes, and training. The framework is validated using simulated data, and it showed robustness in differentiating between high- and low-risk employees. Such results are useful for organizations that want to implement targeted interventions. A sensitivity analysis highlights the framework's adaptability to various settings. This conceptual framework lays the groundwork for future empirical validation and practical application in enhancing organizational cybersecurity.

Published in Croatian Operational Research Review

ISSN: 1848-0225 (Print); 1848-9931 (Online)
Publisher: Croatian Operational Research Society
Country of publisher: Croatia
LCC subjects: Technology: Technology (General): Industrial engineering. Management engineering: Applied mathematics. Quantitative methods
Website: http://hdoi.hr/crorr-journal/

About the journal

Abstract

Keywords