Risk Assessment of Enterprises Information Security Based on Fuzzy Set and Entropy Weight

With the accelerate development of information, enterprises are becoming increasingly dependent on information systems, therefore, ensuring information security becomes the core work of enterprises information management. The tradition risk factors are classified into three aspects of asset, vulnerability and threat. This paper adds the security prevention measures as the fourth aspect. After analyzing the four aspects based on the fuzzy set theory, then constructs the membership matrix of factors corresponding to the judge set. The weights of the risk factors are calculated with the entropy theory to reduce the subjectivity bias, integrating the comprehensive risk results to output the risk rating. An example application proves that the method is a feasible and effective method of assessment, the results will have a certain theoretical significance and practical value.

[1]  Xiao Zhang,et al.  Feature selection in mixed data: A method using a novel fuzzy rough set-based information entropy , 2016, Pattern Recognit..

[2]  Tiago Oliveira,et al.  Deciding between information security and usability: Developing value based objectives , 2016, Comput. Hum. Behav..

[3]  Chunghun Lee,et al.  Understanding information security stress: Focusing on the type of information security compliance activity , 2016, Comput. Secur..

[4]  Mathias Ekstedt,et al.  Shaping intention to resist social engineering through transformational leadership, information security culture and awareness , 2016, Comput. Secur..

[5]  Gurvirender P. Tejay,et al.  Information system security commitment: A study of external influences on senior management , 2016, Comput. Secur..

[6]  Matthew K. Pitlick,et al.  Incorporating an internet-based voicemail drug information assessment in an introductory pharmacy practice course. , 2016, Currents in pharmacy teaching & learning.

[7]  Mahmood Hussain Shah,et al.  Information security management needs more holistic approach: A literature review , 2016, Int. J. Inf. Manag..

[8]  Ana Paula Cabral Seixas Costa,et al.  Information security risk analysis model using fuzzy decision theory , 2016, Int. J. Inf. Manag..

[9]  Luigi Coppolino,et al.  A framework for mastering heterogeneity in multi-layer security information and event correlation , 2016, J. Syst. Archit..

[10]  Graeme G. Shanks,et al.  A case analysis of information systems and security incident responses , 2015, Int. J. Inf. Manag..

[11]  King Ngi Ngan,et al.  No reference image quality assessment metric via multi-domain structural information and piecewise regression , 2015, J. Vis. Commun. Image Represent..

[12]  Angel R. Otero,et al.  An information security control assessment methodology for organizations' financial information , 2015, Int. J. Account. Inf. Syst..

[13]  Mark Talabis,et al.  Information Security Risk Assessment: Risk Assessment , 2012 .

[14]  Ron van der Meyden,et al.  The complexity of synchronous notions of information flow security , 2010, Theor. Comput. Sci..