Critical Performance and Security Factors in SI using TOPSIS: Determinants of Business Sustainability
English
DOI:
https://doi.org/10.20983/culcyt.2026.1.2e.11Keywords:
IS Performance and Security; TOPSIS; PRISMA and Sustainability.Abstract
This study aimed to identify and rank the critical factors that affect the performance and security of Information Systems (IS) to support strategic decision-making and strengthen business sustainability. The research was conducted using a cross-sectional design with a mixed approach, integrating a systematic literature review using the PRISMA methodology and a quantitative analysis to construct and validate an assessment tool. Sixty-eight critical factors were identified, and after content validation, 56 were retained. These were ranked using the TOPSIS (Technique for Order of Preference by Similarity to Ideal Solution) multicriteria method. The findings show that digital transformation and IS governance are key determinants of organizational resilience and sustainability, as they drive efficiency, transparency, and data-driven decision-making. The originality of the study lies in the integration of PRISMA and TOPSIS to prioritize strategic performance and security factors in IS. In conclusion, the results contribute to the design of a multi-criteria decision-making model that supports the evaluation of investments, security policies, and IS monitoring, reinforcing organizational sustainability.
Downloads
References
A. Paul, N. Shukla, S. K. Paul y A. Trianni, “Sustainable supply chain management and multi-criteria decision-making methods: A systematic review”, Sustainability, vol. 13, n.º 13, p. 7104, 2021, doi: 10.3390/su13137104.
A. J. Villa-Silva et al., “Una revisión de literatura de 1980 a 2018 de los métodos Multi-criterio”, Mundo Fesc, vol. 9, n.º 18, pp. 89-102, 2019.
D.-D. Ramírez-Ochoa, L. A. Pérez-Domínguez, E.-A. Martínez-Gómez y D. Luviano-Cruz, “PSO, a Swarm Intelligence-Based Evolutionary Algorithm as a Decision-Making Strategy: A Review”, Symmetry, vol. 14, n.º 3, p. 455, 2022, 10.3390/sym14030455.
I. Guandalini, “Sustainability through digital transformation: A systematic literature review for research guidance”, J. Bus. Res., vol. 148, pp. 456-471, 2022, doi: 10.1016/j.jbusres.2022.05.003.
K. Olmos-Sánchez y J. Rodas-Osollo, “KMoS-RE: Knowledge management on a strategy to requirements engineering”, Requirements Engineering, vol. 19, n.º 4, pp. 421-440, dic. 2014, doi: 10.1007/s00766-013-0178-3.
J. Su y Y. Sun, “An improved TOPSIS model based on cumulative prospect theory: Application to ESG performance evaluation of state-owned mining enterprises”, Sustainability, vol. 15, n.º 13, p. 10046, 2023, 10.3390/su151310046.
L. Viera, W. Leal y E. Á. Pedrozo, “Transformative organisational learning for sustainability in higher education: A literature review and an international multi-case study”, J. Clean. Prod., vol. 447, p. 141634, 2024, 10.1016/j.jclepro.2024.141634.
M. Madanchian y H. Taherdoost, “Applications of Multi-Criteria Decision Making in Information Systems for Strategic and Operational Decisions”, Computers, vol. 14, n.º 6, p. 208, 2025, doi: 10.3390/computers14060208.
K. M. Olmos-Sánchez, J. Rodas-Osollo, A. A. Maldonado-Macías y A. Jiménez-Galina, “Harmonization of knowledge representation: Integrating systems thinking ideas with appropriate domain representation strategies”, Computación y Sistemas, vol. 28, n.º 3, p. 1557-1575, 2024, doi: 10.13053/cys-28-3-5174.
International Organization for Standardization, ISO/IEC 27001:2013 Information technology—Security techniques—Information security management systems—Requirements, 2013.
G. Culot, G. Nassimbeni, M. Podrecca y M. Sartor, “The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda”, The TQM Journal, vol. 33, n.º 7, pp. 76-105, 2021, doi: 10.1108/TQM-09-2020-0202.
M. N. M. Bhutta et al., “Towards Secure IoT-Based Payments by Extension of Payment Card Industry Data Security Standard (PCI DSS)”, Wirel. Commun. Mob. Comput., vol. 2022, n.º 1, p. 9942270, 2022, doi: 10.1155/2022/9942270.
I. Tikkinen-Piri, A. Rohunen y J. Markkula, “EU General Data Protection Regulation: Changes and implications for personal data collecting companies”, Comput. Law Secur. Rev., vol. 37, 2021, doi: 10.1016/j.clsr.2017.05.015.
M. Mehrtak et al., “Security challenges and solutions using healthcare cloud computing”, J Med Life, vol. 14, n.º 4, pp. 448-461, 2021, doi: 10.25122/jml-2021-0100.
M. J. Page et al., “PRISMA 2020 explanation and elaboration: updated guidance and exemplars for reporting systematic reviews”, BMJ, vol. 372, n.º 160, pp. 160, 2021.
J. R. Landis y G. G. Koch, “The measurement of observer agreement for categorical data”, Biometrics, vol. 33, n.º 1, pp. 159-174, 1997.
J. L. Fleiss, B. Levin y M. C. Paik, Statistical methods for rates and proportions, 2.ª ed. Wiley, pp. 212-236, 1981.
J. C. S. d. P. Leite y A. P. M. Franco, “A strategy for conceptual model acquisition”, [1993] Proceedings of the IEEE International Symposium on Requirements Engineering, San Diego, CA, EUA, 1993, pp. 243-246, doi: 10.1109/ISRE.1993.324851.
X. Liu, “A comparative study on the roles of the World Bank, the OECD and UNESCO in global education policy making”, en Proc. 2022 Int. Conf. on Creative Industry and Knowledge Economy (CIKE), Atlantis Press, 2022.
M. A. Juárez-Merino, “Digital governance in Latin America: A comprehensive analysis and future perspectives”, Digit. Gov.: Res. Pract., vol. 4, n.º 4, 2025, doi: 10.1177/27723577251388360.
P. Checkland y J. Poulter, “Soft systems methodology”, en Systems approaches to making change: A practical guide, M. S. Reynolds y Holwell, eds. Londres: Springer, pp. 201-253, 2020, doi: 10.1007/978-1-4471-7472-1_5.
J. J. Pérez y R. S. Delgadillo, “Modelo de evaluación de éxito de los sistemas de información, con énfasis en los factores políticos, social y ético en instituciones públicas del Perú”, Industrial Data, vol. 22, n.º 1, pp. 181-200, 2019.
J. R. Altamirano, A. Yupanqui y S. Bayona, “Políticas de Seguridad de la Información: Revisión Sistemática de las Teorías que Explican su Cumplimiento”, RISTI, vol. 25, pp. 112-134, 2017, doi: 10.17013/risti.25.112--134.
M. R. Olmedo, “Riesgos relacionados al usuario final”, ScientiAmericana, vol. 3, n.º 1, pp. 1-10, 2017.
J. A. Ruíz-Tapia, C. E. Estrada-Gutiérrez y M. L. Sánchez-Paz, “Propuesta de un modelo de un sistema de gestión de calidad en seguridad de la información basado en la norma ISO 27001 para Instituciones Educativas”, RILCO, vol. 2, n.º 5, p. 10, 2020.
J. Mora, R. Díaz, E. Zhuma e I. E. Díaz, “The information security management system under NTE ISO/IEC 27001 in higher education institutions (Ecuador)”, ROCA, vol. 16, pp. 549-559, 2020
P. A. Briones, S. G. Molina y M. A. Avilés, “Modelo de evaluación de los sistemas de información aplicado a la calidad de la gestión administrativa universitaria”, Pro Sciences, vol. 4, n.º 35, pp. 69-89, 2020, doi: 10.29018/issn.2588-1000vol4iss35.2020pp69-89.
R. Moreno-Cevallos y B. L. Dueñas-Holguín, “Sistemas de información empresarial: la información como recurso estratégico”, DC, vol. 4, n.º 1, pp. 141-154, 2018, doi: 10.23857/dc.v4i1.728.
E. A. Rosales, R. J. Martelo y D. A. Franco, “Design of an information security management system for the administrative process of technological infrastructure in academic institutions based on Magerit”, Aglala, vol. 11, n.º 1, pp. 227-245, 2020.
E. M. D. Guevara, J. R. Delgado y A. C. Mendoza, “Importancia de la gestión de seguridad de la información en instituciones educativas con ITIL e ISO 27001”, Rev. Investig. Sist. Inform., vol. 15, n.º 1, pp. 113-123, 2022, doi: 10.15381/risi.v15i1.23362.
G. I. Cruz, L. E. Delgado, B. R. Ponce y M. J. Marcillo, “Riesgos de seguridad de los datos en la web”, JTI, vol. 1, n.º 2, pp. 43-49, 2022, doi: 10.47230/Journal.TechInnovation.v1.n2.2022.43-49.
K. Arbanas y N. Žajdela, “Key success factors of information systems security”, J. Inf. Organ. Sci., vol. 43, n.º 2, pp. 131-144, 2019, doi: 10.31341/jios.43.2.1.
J. L. Fleiss y J. Cohen, “The equivalence of weighted kappa and the intraclass correlation coefficient as measures of reliability”, Educ. Psychol. Meas., vol. 33, n.º 3, pp. 613-619, 1973.
A. Da Veiga y J. H. P. Eloff, “A framework and assessment instrument for information security culture”, Computers & Security, vol. 29, n.º 2, pp. 196-207, 2010, doi: 10.1016/j.cose.2009.09.002.
S. AlGhamdi, K. T. Win y E. Vlahu-Gjorgievska, “Information security governance challenges and critical success factors: Systematic review”, Computers & Security, vol. 99, p. 102030, dic. 2020, doi: 10.1016/j.cose.2020.102030.
W. H. DeLone y E. R. McLean, “The DeLone and McLean model of information systems success: A ten-year update”, J. Manag. Inf. Syst., vol. 19, n.º 4, pp. 9-30, 2003, doi: 10.1080/07421222.2003.11045748.
S. H. Almotiri, “Improving network resilience against DDoS attacks: A fuzzy TOPSIS-based quantitative assessment approach”, Heliyon, vol. 10, n.º 22, p. e40413, nov. 2024, doi: 10.1016/j.heliyon.2024.e40413.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Monserrat Reséndiz Leos; Patricia Parroquin-Amaya; Iván Juan Carlos Pérez-Olguín; Karla Miroslava Olmos-Sánchez
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Todos los contenidos de CULCYT se distribuyen bajo una licencia de uso y distribución “Creative Commons Reconocimiento-No Comercial 4.0 Internacional” (CC-BY-NC). Puede consultar desde aquí la versión informativa de la licencia.
Los autores/as que soliciten publicar en esta revista, aceptan los términos siguientes: a) los/las autores/as conservarán sus derechos de autor y garantizarán a la revista el derecho de primera publicación de su obra; y b) se permite y recomienda a los/las autores/as agregar enlaces de sus artículos en CULCYT en la página web de su institución o en la personal, debido a que ello puede generar intercambios interesantes y aumentar las citas de su obra publicada.
