One of the main features of Information security management system (ISMS) which should be performed according to the organization requirements is the information security risk management. Risk evaluation and risk ranking are important parameters for procedure in this management activity. This research introduces a new method for ranking risks of information security by using combination of two decision making models, TOPSIS model and AHP in fuzzy environment. Comparison test results of the new FAHP-TOPSIS model with the FAHP model show that the average weights of new model has increased dramatically with smaller error ratio and provides more precise results. More accurate ratings results are achieved with increased risk weight in the proposed model. It is a powerful and technical decision method for rating based on closeness to the ideal solution.
Risk management; Information security; Multi Criteria Decision Making models; AHP; TOPSIS