Abstract

Information security risk management plays an increasingly important role in enterprises with the constant improvement of computer and communications technology. In this paper, an information security risk management method is proposed to ranking available risk controls quantitatively with the help of PROMETHEE methodology considering the criteria concerned. The weights of criteria are obtained by AHP method. Given the preference function, the criteria values and criteria weights of decision-makers, "leaving flow" "entering flow" and "net flow" of each preparation program is calculated to compare advantages and disadvantages of control measurements, then the complete sequence is obtained. Finally, an example is given to illustrate the application of the proposed method. The major contribution of this work is to make available a control ranking model, considering multiple criteria analysis and the interests of different decision makers, for a security control plan to be carried out.