identifying organizational information security risks using fuzzy delphi

نویسندگان

پریسا موسوی

کارشناس‎ارشد مدیریت فناوری اطلاعات، دانشکدۀ مدیریت و حسابداری، دانشگاه خوارزمی، تهران، ایران رضا یوسفی زنوز

استادیار گروه مدیریت، دانشکدۀ مدیریت و حسابداری، دانشگاه خوارزمی، تهران، ایران اکبر حسن پور

استادیار گروه مدیریت، دانشکدۀ مدیریت و حسابداری، دانشگاه خوارزمی، تهران، ایران

چکیده

most organizations need to information systems to survive and thrive. therefore, they should seriously protect their information assets. creating structured and justifiable exchanges between cost, security and mission control systems security risks is essential. this is important in the planning and development of such systems. initial appropriate decisions can reduce costs and increase ease of control risk. the first step in the risk management process is the identification of risk. the purpose of this study is identifying the most important enterprise information security risks. this study is application and view research method is descriptive. in this study, a model is presented to identify information security risks, according to iso 27002 and cobit 4 and study the documents and using by fuzzy delphi method and opinions of experts, which include 10 of the it professionals of the bank, have been presented. in this template 6 factors and 20 subfactors of information security risk factors have been identified for the bank.

برای دانلود باید عضویت طلایی داشته باشید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Identifying factors of "organizational information security management"

Purpose – Despite many technically sophisticated solutions, managing information security has remained a persistent challenge for organizations. Emerging IT/ICT media have posed new security challenges to business information and information assets. It is felt that technical solutions alone are not sufficient to address the information security challenge. It has been argued that organizations a...

متن کامل

Identifying and Ranking Technology-Telecommunications Context of Information Security anagement System in E-Government Using Fuzzy AHP Approach

In recent years, many security threats have entered into the organizations’ information and changed the organizational performance resulting in their exorbitant costs. This question is of particular importanceabout government agencies that use information and Internet systems. This issue enabled the top managers of organizations to implement a security system and minimize these costs. Using In...

متن کامل

Identifying Factors affecting the Phenomenon of Organizational loafing; Using Structural Equation Modeling & Delphi Techniques

Organizational loafing is the phenomenon of a person exerting less effort to achieve a goal when they work in an organizational group than when they work alone.This phenomenon is a serious problem in today's organizations.The research seeks to explain factors affecting the phenomenon of organizational loafing. First, the elites’ opinion through Delphi technique about the indicators influencing ...

متن کامل

Identifying Software Project Risks: An International Delphi Study

Advocates of software risk management claim that by identifying and analyzing threats to success (i.e., risks) action can be taken to reduce the cbance of failure ofa project. The first step in theriskmanagement process is to identify tbe risk itself, so tbat appropriate countermeasures can be taken. One problem in this task, however, is that no validated lists are available to help the project...

متن کامل

Identifying Information Security Risk Components in Military Hospitals in Iran

Background and Aim: Information systems are always at risk of information theft, information change, and interruptions in service delivery. Therefore, the present study was conducted to develop a model for identifying information security risk in military hospitals in Iran. Methods: This study was a qualitative content analysis conducted in military hospitals in Iran in 2019. The sample consist...

متن کامل

identifying and ranking technology-telecommunications context of information security anagement system in e-government using fuzzy ahp approach

in recent years, many security threats have entered into the organizations’ information and changed the organizational performance resulting in their exorbitant costs. this question is of particular importanceabout government agencies that use information and internet systems. this issue enabled the top managers of organizations to implement a security system and minimize these costs. using in...

متن کامل

منابع من

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

عنوان ژورنال:

مدیریت فناوری اطلاعات

جلد ۷، شماره ۱، صفحات ۱۶۳-۱۸۴

کلمات کلیدی

most organizations need to information systems to survive and thrive. therefore they should seriously protect their information assets. creating structured and justifiable exchanges between cost security and mission control systems security risks is essential. this is important in the planning and development of such systems. initial appropriate decisions can reduce costs and increase ease of control risk. the first step in the risk management process is the identification of risk. the purpose of this study is identifying the most important enterprise information security risks. this study is application and view research method is descriptive. in this study a model is presented to identify information security risks according to iso 27002 and cobit 4 and study the documents and using by fuzzy delphi method and opinions of experts which include 10 of the it professionals of the bank have been presented. in this template 6 factors and 20 subfactors of information security risk factors have been identified for the bank.

میزبانی شده توسط پلتفرم ابری doprax.com