In today's digital age, the banking sector faces increasing challenges in ensuring operational resilience, protecting customer assets, and maintaining a competitive edge. Prioritizing information security risk management (ISRM) practices is crucial to effectively address these challenges. This paper aims to demonstrate the effectiveness of the multi-criteria decision-making (MCDM) method in evaluating and improving ISRM practices in Yemeni banks. The study employs an integrated CILOS-TOPSIS model, considering two criteria and five sub-criteria, with criteria weights determined using the CILOS method. The results highlight the significance of specific criteria in ISRM, with the existence of a comprehensive business continuity and disaster recovery plan (C2.1) standing out as a top priority (weight: 0.266). Additionally, the frequency of data backups and the presence of an active backup policy (C2.2) and the adequacy of physical security measures (C1.1) are identified as crucial factors (weights: 0.228 and 0.203, respectively). Furthermore, the TOPSIS method is employed to rank 13 banks based on these criteria, revealing the top-performing banks as B10, B4, B13, B1, and B12. Conversely, the 7th, 5th, and 6th ranked banks require attention for improvement. The paper provides comprehensive details on criteria weighting, bank ranking, and recommendations for enhancements. The findings presented in this paper offer valuable insights to decision-makers in the banking sector, enabling them to effectively guide their efforts and allocate resources to areas, controls, and banks that require greater attention.