'Institute of Electrical and Electronics Engineers (IEEE)'
Doi
Abstract
Organizations use different types of information system to reach their goals. Decision makers are required to allocate a security budget and treatment strategy based on the risk priority of information systems. Each of the information systems has different components or assets. However, there is difficulty in aggregating the risk of each component. In this research a model is created to aggregate the risk of information system components to support decisions. Since there is uncertainty in the information security risk analysis area, we used fuzzy set theory in our model
