پریسا موسوی - MSc. Student, Information Technology Management, Faculty of Accounting and Management, Kharazmi University of Tehran
رضا یوسفی زنوز - Assistant Prof., Faculty of Accounting and Management, Kharazmi University, Tehran, Iran
اکبر حسن پور - Assistant Prof., Faculty of Accounting and Management, Kharazmi University, Tehran, Iran

Most organizations need to information systems to survive and thrive. Therefore, they should seriously protect their information assets. Creating structured and justifiable exchanges between cost, security and mission control systems security risks is essential. This is important in the planning and development of such systems. Initial appropriate decisions can reduce costs and increase ease of control risk. The first step in the risk management process is the identification of risk. The purpose of this study is identifying the most important enterprise information security risks. This study is application and view research method is descriptive. In this study, a model is presented to identify information security risks, according to ISO ۲۷۰۰۲ and cobit ۴ and study the documents and using by fuzzy Delphi method and opinions of experts, which include ۱۰ of the IT professionals of the Bank, have been presented. In this template ۶ factors and ۲۰ subfactors of information security risk factors have been identified for the Bank.

Fuzzy Delphi, information security, risk identifying, Risk Management