Font Size: 

Identifying potentially risks occur at present in Malaysia can be quite a difficult task. This occurs as a result of modernization and new technologies drive new factors that influence new risk. The current risk analysis tools are not able to analyze it well. The impact of rapid technological development, information security risk analysis is an important action and components required for an organization operation, especially for organizations that involve business. There are traditional method used previously which is qualitative and quantitative;both of this methods have their respective advantages for analyzing the information. An organization must choose the appropriate tool to get the best results for them. . However, there are a variety of complicated risks arising as a result of the rapid economic and technological development. The hierarchy process has been widely used for safety assessment. As a result, future research direction may be development and application of soft computing such as rough sets, grey sets, fuzzy systems, generic algorithm, support vector machine, and Bayesian network and hybrid model .In addition, there are four key elements that need to be considered which is, security threats, business impact, security measures and their cost. There are many risk analysis tools that were developed every year. They have same target, which is to reduce the risk of causing a threat to the organization, but the tool attempt to hit the risk with different approach. Vulnerability of information security is extremely dangerous that could adversely affect the organization. The main purpose of this study was to compare the risk analysis tool which has been developed based on the performance of the tool.