2016 Volume 23 Issue 2 Pages 17-24
With the increasing information technology, companies are dependent on information systems becomes higher. Thus, when the information system is compromised, due to the loss caused by information security incidents will increase. The company implemented information security management aims to protect all the information assets that should be protected. Currently, information systems are widely used and the information security has become a very significant business management issues. Information security risk management in financial institutions, production enterprises, e-commerce and many more industries to be applied to ensure the protection of personal information and information technology. In this study, we propose a method for determining the information security risk probability in a causal chain by using the Bayesian network.