Identifying Organizational Information Security Risks Using Fuzzy Delphi
Most organizations need to information systems to survive and thrive. Therefore, they should seriously protect their information assets. Creating structured and justifiable exchanges between cost, security and mission control systems security risks is essential. This is important in the planning and...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
University of Tehran
2015-03-01
|
| Series: | Journal of Information Technology Management |
| Subjects: | |
| Online Access: | https://jitm.ut.ac.ir/article_53555_e7d253571231a0e9a2c9ef8db5456a67.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Most organizations need to information systems to survive and thrive. Therefore, they should seriously protect their information assets. Creating structured and justifiable exchanges between cost, security and mission control systems security risks is essential. This is important in the planning and development of such systems. Initial appropriate decisions can reduce costs and increase ease of control risk. The first step in the risk management process is the identification of risk. The purpose of this study is identifying the most important enterprise information security risks. This study is application and view research method is descriptive. In this study, a model is presented to identify information security risks, according to ISO 27002 and cobit 4 and study the documents and using by fuzzy Delphi method and opinions of experts, which include 10 of the IT professionals of the Bank, have been presented. In this template 6 factors and 20 subfactors of information security risk factors have been identified for the Bank. |
|---|---|
| ISSN: | 2008-5893 2423-5059 |