Digital information plays an essential role in supporting organizational business. However, incidents of sensitive information leakage often happen in organization environment. Therefore, risk analysis needs to be performed to recognize the impact of information security threat in organization. In order to carry out those risk analyses, risk model is needed to map risk of information security threat. The selection of proper risk model provides proper result related to risk analysis. The proper risk model must have objectivity and appropriate context. However, most of the existing risk models focus on the technical approach and use expert judgment as a weighting method. Meanwhile, organizations use business perspectives to determine decisions. Therefore, this study has the objective to fill the needs of organizations by developing a new risk model. The proposed risk model focuses on business aspects involvement and reducing subjective methods. The proposed risk model also uses three processes to result output, i.e., adaptable classification data, data measurement and cross-label analysis. Test mining and categorical clustering are involved to handle those three processes. Testing of the proposed model is carried out to define ability and limitation of model by involving 30 targets. The result states that the proposed model has advantages in objectivity, context approach and detailed output, while the limited scope of work becomes weakness of these models.

数字信息在支持组织业务中起着至关重要的作用。但是，敏感信息泄漏事件经常发生在组织环境中。因此，需要执行风险分析以识别信息安全威胁对组织的影响。为了进行那些风险分析，需要风险模型来绘制信息安全威胁的风险。选择适当的风险模型可提供与风险分析相关的适当结果。适当的风险模型必须具有客观性和适当的环境。但是，大多数现有的风险模型都集中在技术方法上，并使用专家判断作为加权方法。同时，组织使用业务视角来确定决策。因此，本研究的目的是通过开发新的风险模型来满足组织的需求。建议的风险模型侧重于业务方面的参与和减少主观方法。拟议的风险模型还使用三个过程来输出结果，即适应性分类数据，数据测量和交叉标签分析。测试挖掘和分类聚类涉及处理这三个过程。对所提出的模型进行测试以通过涉及30个目标来定义模型的能力和局限性。结果表明，所提出的模型在客观性，上下文方法和详细输出方面具有优势，而工作范围有限成为这些模型的弱点。数据测量和跨标签分析。测试挖掘和分类聚类涉及处理这三个过程。对所提出的模型进行测试以通过涉及30个目标来定义模型的能力和局限性。结果表明，所提出的模型在客观性，上下文方法和详细输出方面均具有优势，而工作范围有限成为这些模型的弱点。数据测量和跨标签分析。测试挖掘和分类聚类涉及处理这三个过程。对所提出的模型进行测试以通过涉及30个目标来定义模型的能力和局限性。结果表明，所提出的模型在客观性，上下文方法和详细输出方面具有优势，而工作范围有限成为这些模型的弱点。