Faculty of Management, University of Tehran Journal of Information Technology Management 2008-5893 7 1 2015 03 21 Identifying Organizational Information Security Risks Using Fuzzy Delphi شناسایی ریسک‌های امنیت اطلاعات سازمانی با استفاده از روش دلفی فازی در صنعت بانکداری 163 184 53555 10.22059/jitm.2015.53555 EN Parisa Mousavi MSc. Student, Information Technology Management, Faculty of Accounting and Management, Kharazmi University of Tehran Reza Yousefizenouz Assistant Prof., Faculty of Accounting and Management, Kharazmi University, Tehran, Iran Akbar Hasanpoor Assistant Prof., Faculty of Accounting and Management, Kharazmi University, Tehran, Iran Journal Article 2014 09 13 Most organizations need to information systems to survive and thrive. Therefore, they should seriously protect their information assets. Creating structured and justifiable exchanges between cost, security and mission control systems security risks is essential. This is important in the planning and development of such systems. Initial appropriate decisions can reduce costs and increase ease of control risk. The first step in the risk management process is the identification of risk. The purpose of this study is identifying the most important enterprise information security risks. This study is application and view research method is descriptive. In this study, a model is presented to identify information security risks, according to ISO 27002 and cobit 4 and study the documents and using by fuzzy Delphi method and opinions of experts, which include 10 of the IT professionals of the Bank, have been presented. In this template 6 factors and 20 subfactors of information security risk factors have been identified for the Bank. https://jitm.ut.ac.ir/article_53555_e7d253571231a0e9a2c9ef8db5456a67.pdf