A number of risk analysis methods became obsolete because of the profound changes in information technologies. Revolutionary changes in information technologies have converted many risk analysis methods into inconsistent, long lasting and expensive instruments. Therefore, risk analysis methods should be adaptively modified or redesigned according to the changes in information technologies, so that they meet the information security requirements of the organizations. By taking these requirements into consideration, a survey based approach is proposed for analyzing the risks of information technologies. This new method is named as Risk Analysis Method for Information Security (RAMIS). A case study is conducted to show the steps of RAMIS in detail and to obtain the risk results. To verify the results of the case study, simulation is performed based on the real statistical data. The results of simulation showed that RAMIS yields consistent results in a reasonable time period by allowing the participation of the manager and staff of the organization
