Date Added: Oct 2010
In this paper, the authors introduce a framework to guide decision makers evaluating information security policy performance. It is motivated by lack of adequate decision making mechanism with broader scopes and easy to use for the decision makers. The framework, which adopts Analytic Hierarchy Process (AHP) methodology, is developed into a four level hierarchy (goal, criteria, sub-criteria, and alternatives) representing different aspects of information security policy. A survey based on AHP methodology was conducted to obtain decision maker preferences. Instead of relying on dedicated AHP software, they prefer to clearly demonstrate the process of AHP calculations by using Open Office Calc in data analysis.