عنوان مقاله [English]
Purpose of this study was to identify and prioritize the effective risks of information security management systems in Aghajari oil and gas exploitation company. Statistical population of this study was 20 senior managers, middle managers and senior IT experts in the company, who were highly skilled in the field of information security of this organization. This expert team was questioned both in the identification stage and in the prioritization of risks. To select these people, we tried to use the "judiciary" method and all well-known and knowledgeable individuals in the Aghajari oil and gas exploitation company participate in the research process in the field of research. Main tools for collecting data in this research were three questionnaires designedthe first questionnaire was designed. The aim of identifying risks and being semi-structured, Second questionnaire was designed with the aim of screening the identified risks in closed form and based on the five-choice Likert scale, Finally, the third questionnaire was designed with the aim of determining the principal risk weights (paired comparisons) as well as determining the priority of sub-risk (five-choice spectrum). After distributing and collecting data, the necessary analyzes were performed through SPSS, ExpertChoice and Excel software. In this process, analyzes were performed such as t-test, Kolmogorov-Smirnov test, hierarchical analysis process, and topsis test. Finally, the research results identified 27 risks in four general categories. It should be noted that this research is in terms of its purpose in terms of the survey approach and the type of development studies.