Presenting a Model for Ranking Organizations Based on the Level of the Information Security Maturity

Undoubtedly, in todayʹs new business information has donated the most competitive advantage for the organizations. Although just collecting, processing and retrieving of data were significant in the past, the subject of information security is turned into a serious challenge in micro and macro levels of organizational management. Indeed, observance of the information security principals is counted as a critical infrastructure in todayʹs knowledge based organizations. In order to realize this purpose, we need to make a strategic plan for IT security. However, we cannot expect to design a comprehensive plan, if we donʹt have accurate statistics about the level of the information security maturity in current organizations.The goal of this paper is ranking organizations about the level of the information security maturity by presenting a model based on the knowledge of multi criteria decision making. So, first of all, in the literature review, the models and different standards presented in the information security maturity were studied. After determining information security criteria in technical and managerial forms, considering the triple criteria of security, safety and stability, weight devoting was performed by using the expertʹs views in the IT departments of three chosen organizations A, B and C. Ultimately, ranking of these organizations based on the level of information security maturity was done by applying the algorithm of PROMETHEE II. In the final step there was a comparison between the result of this model and two other security maturity models. The same results show reliability and validity of proposed ranking mode