International Association of Engineering and Management Education (IAEME)
Faced with multiple information security risks, organization need to prioritize which risks to address among all risks that affect or have the potential to affect the organization. Organizations struggle in this process since the current approaches for comparing risks are rudimentary and rely on expert judgment. The research papers the approach to risk prioritization in leading risk management methodologies. This paper describes the decision making process which results in the generation of a new index \"Relative risk benchmark\" which guides an organization to take informed decisions about the allocation of resources towards mitigation of identified risks.