Dokuz Eylul University
Increasing complexity of risk management requires the use of more flexible approaches to measure information security risk. Adapting complex risk analysis tools in today's information systems is a very difficult task due to the shortage of reliable data. Analytic Hierarchy Process Group Decision Making (AHP-GDM) offers a technical support for risk analysis by taking the judgements of managers and systematically calculating the relative risk values. This paper presents how Bayesian Prioritization Procedure (BPP) provides a more effective way of risk assessment than proposed by the conventional approaches used in AHP-GDM.