Information security management is a part of information management, whose main task is to determine information goals and remove obstacles on the way of achieving such goals with providing necessary strategies. Information management is responsible to implement and control the performance of the organization`s security system while tries to keep it up to date. The purpose of information security management in an organization is maintaining different sorts of resources as software, hardware, information, communication and human resources.
The organization needs an integrated program against threats such as unauthorized access to information, environmental risks and dangers caused by users. In the present paper, the IT risk in an organization was assessed through an intelligent system benefiting from fuzzy analysis and certainty factors. As most of ambiguity samples have a level of belie, so doubt and the degree of membership were calculated as a part of output in the system and a better result achieved compared to previous methods.