In today’s business environment, almost all information is captured and stored in electronic form. This digital storage of data in a networked environment provides far greater access to information than ever before. But unfortunately, this also exposes the organization to a variety of new threats that can have impact on the confidentiality, integrity, and availability of information. Organizations need a way to understand their information risks and to create new strategies for addressing those risks. A systematic approach to assessing information security risks and developing an appropriate protection strategy is a major component of an effective information security and risk management program. This paper outlines an Analytic Hierarchy Process based approach for analyzing risk factors and sub factors and ascertaining the major areas of security elements where an organization should focus on
