Identification and Prioritization of Critical Cyber Security Challenges and Practices for Software Vendor Organizations in Software Development: An AHP-Based Systematic Approach

Abstract Small to medium enterprise (SME) organizations are enormous in number and don't have the controls set up to prevent effective attacks of cybersecurity. The majority of the attacks are conducted when the legitimate information check is not valid and because of the absence of arrangement in applying present-day classifications, for example, 'virus', 'worm', and 'trojan'. The need for cybersecurity showed up in the early years of the digital era when the initial mainframe computer systems were designed. Many software application systems are at risk of attacks if there is a rigorous adherence to leading-edge concepts of encryption and decryption. To deal with all issues, a detailed systematic literature review (SLR) study is conducted to identify the cybersecurity challenges faced by vendor organizations during software development. Through SLR, 13 challenges have been identified, which have a frequency of >=25%. The recognized cybersecurity challenges are “Security issues/Access of Cyberattacks”, “Lack of Right Knowledge”, “Framework”, “Lack of Technical Support”, “Disaster Issues”, “Cost Security issues”, “Lack of Confidentiality and Trust”, “Lack of Management”, “Unauthorized Access issues”, “Lack of Resources”, “Lack of Metrics”, “Administrative Mistakes during Development” and “Lack of Quality, Liability, and Reliability”. All these cybersecurity challenges are classified into awareness, management, security and eminence. An Analytic Hierarchy Process (AHP) approach prioritize and recognize the significance of each identified critical cybersecurity challenge. We also apply this method to practices recognized for these critical cybersecurity challenges.