One of the most important capabilities of information security management systems, which must be implemented in all organizations according to their requirements, is information security risk management. The application of information security risk management is so important that it can be named as the heart of information security management systems. Information security risk rating is considered as the key part of the risk assessment phase in the process of this management. This article presents an applied method by combining two MADM methods of AHP and TOPSIS in a fuzzy environment in order to improve information security risk rating. The results of comparison between the implementation of the combined FAHP-TOPSIS and the FAHP indicated that the weights presented by the proposed FAHP-TOPSIS model have lower variation coefficients and higher mean compared to the FAHP model. As a result, it provides more accurate results with less percentage error.

Keywords: Risk management, Information security, multi criteria decision making models, Analytical Hierarchical process model, TOPSIS model.

Full-Text [PDF 2591 kb]   (2377 Downloads)