@inproceedings{scholars11140, title = {Criteria Prioritization in Adaptive Security Activities Selection, ASAS Model using Analytic Network Process, ANP}, journal = {2019 IEEE Conference on Application, Information and Network Security, AINS 2019}, publisher = {Institute of Electrical and Electronics Engineers Inc.}, pages = {6--11}, note = {cited By 1; Conference of 2019 IEEE Conference on Application, Information and Network Security, AINS 2019 ; Conference Date: 19 November 2019 Through 21 November 2019; Conference Code:157200}, doi = {10.1109/AINS47559.2019.8968709}, year = {2019}, author = {Jakeri, M. M. and Hassan, M. F.}, isbn = {9781728133065}, keywords = {Budget control; Computer software; Decision making; Decision theory; Life cycle; Software design, Adaptive security; Analytic network process; Multi-criteria decision making; Security activities; Selection model; Software development life cycle; Web-based applications; Weight calculation, Network security}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85079284571&doi=10.1109\%2fAINS47559.2019.8968709&partnerID=40&md5=97abc152ad8f89094fee5c1fb75ca83e}, abstract = {Organizations have proposed the best practices of security activities in software development life cycle as guidance for development team. However, the implementation of the security activities are influenced by criteria which are interdependent to each other and dynamic. Those criteria are experience, skill and knowledge; teams workload; development team size; development timeline; and cost/budget. Therefore, the selection of security activities must be based on the priority of the criteria and adaptive. This paper addresses the adaptive security activities selection model as a multi-criteria decision making (MCDM) issue. Analytic Network Process (ANP) is proposed for weight calculation and criteria prioritization. Hypothetical examples were presented based on hard constraints faced by in-house web-based application development team in two different scenarios. The Decision Maker made the judgement by using the online ASAS model. The results show that experience, skill and knowledge get the highest priority in the first scenario while budget/cost get the highest priority in the second scenario. These prioritization will be used as a major requirement in security activities selection. {\^A}{\copyright} 2019 IEEE.} }