Muṭāli̒āt-i Mudīriyyat-i Ṣan̒atī (Jun 2015)
A model to Prioritizing Organizational Information security risks using by Fuzzy AHP and Bayesian Networks in the banking industry
Abstract
Risk is inherent and inseparable part of life and business. Always uncertainty condition arising from incomplete information and data or ungovernable variables, associated with opportunities and threats.Nowadays many organizations and companies have relied heavily on information systems and information security management has transformed to an important organizational topics. And due to the fact that the use of information systems security may be created some risks, an effective risk management process, will result in a successful security program. Risk management includes risk identification process, risk assessment and risk-reduction efforts to acceptable levels. The objective of this research is to prioritize information security risks, in order to provide a mechanism to enhance the security of enterprise information. To this end, a model has been presented for organizational information security risk assessment using the fuzzy AHP and Bayesian networks. In the assessment process, risks impact by fuzzy AHP and risks probability by Bayesian networks have calculated and finally The risks Prioritized. The findings suggest In the case study, the risk of lack of knowledge and lack of proper training in the field of information security, have the highest priority and attention is needed most
