Abstract

Evaluating risks is essential for ensuring security preparedness from the perspective of technology and information security management. The proposed project aims to develop an IT security system grounded in risk analysis to create a cybersecurity decision support model. In this study, a public retail corporation with over 60 subsidiaries and an on-premises and cloud-based information technology ecosystem was examined. The proposed model focuses on reducing the security threats to the retail industry by acquiring the optimal security system. In this model, the risk was analyzed using the eight steps of the OCTAVE Allegro method. Based on the OCTAVE Allegro method, the proposed model yielded effective results in reducing security threats and demonstrated a correlation between risk and the importance of cybersecurity compliance evaluations in addressing these threats. Furthermore, this study contributed to strategic policymakers by providing recommendations for decision support in cyber security. The recommendations were designed to determine the most effective steps in the process of developing the security system of information technology. In addition, the risk analysis and evaluation of cybersecurity compliance in this research can assist businesses in formulating policies that will develop capable and efficient information technology security systems.