ABSTRACT
The emergence of the COVID-19 pandemic led several organizations around the world and in the most varied areas of activity, to move from the intention to implement a digital transformation in the medium/long-term, to an instant obligation to apply the digital transformation. The organizations’ ability to adapt immediately meant their survival and even in some cases a positive evolution of their business. The digital transformation applied in an abrupt way has uncovered some critical factors for its success. One of the most relevant factors will be information security. Many of the digital systems put into operation more intensively during the pandemic, have shown to be highly fragile on issues related to information security. One relevant problem of the organizations is the low effectiveness and efficiency of financial, human, and material resources, allocated to the reduction or mitigation of the risks identified in their information systems. This study aims to offer a new method for prioritizing security risks. The new proposed method directs the organizations resources to more effectively and efficiently actions to reduce or mitigate the identified vulnerabilities of the information system. © 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.