Information Security Risk Assessment Based on Analytic Hierarchy Process

Information security risk assessment was an important component of information systems security engineering and the selection of assessment method had a direct impact on the final results of the assessment. But there were too many elements in the process of information security risk assessment. How to find the optimal elements from many elements to simplify the calculation of risk value and provide a strong basis for taking relevant measures, which was a problem needed to be solved. In addition, the reliability of the risk assessment results could not be guaranteed only through a single qualitative or quantitative assessment method. By Analytic Hierarchy Process (AHP), the relative weight of elements related to information security risk could be calculated. Then the optimal indicators, which provided a strong basis for taking relevant measures, could be selected by sorting the weights of elements to reduce the number of indicators. Moreover, Analytic Hierarchy Process, a method of the combination of qualitative and quantitative assessment methods, could overcome the shortcomings of single qualitative or quantitative assessment method.

[1]  Zi-Qiu Wei,et al.  Information security risk assessment model base on FSA and AHP , 2010, 2010 International Conference on Machine Learning and Cybernetics.

[2]  Rok Bojanc,et al.  A Quantitative Model for Information-Security Risk Management , 2012 .

[3]  Hongsheng Luo,et al.  Information security risk assessment based on two stages decision model with grey synthetic measure , 2015, 2015 6th IEEE International Conference on Software Engineering and Service Science (ICSESS).

[4]  Igor V. Anikin,et al.  Information security risk assessment and management method in computer networks , 2015, 2015 International Siberian Conference on Control and Communications (SIBCON).

[5]  Wang Bin,et al.  Research the information security risk assessment technique based on Bayesian network , 2010, 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE).

[6]  Zhihu Wang,et al.  Study on the risk assessment quantitative method of information security , 2010, 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE).

[7]  Qiong Sun,et al.  The Small and Medium-sized Enterprises Performance Evaluation Model Based on DEA and AHP Method , 2013 .

[8]  Haifeng Lin,et al.  Comprehensive Evaluation of CNC Machine Tools Accuracy Based on AHP , 2014 .