Quantitative risk analysis method of information security-Combining fuzzy comprehensive analysis with information entropy

被引:11
|
作者
Cheng Y.-D. [1 ]
He J.-D. [2 ]
Hu F.-G. [3 ]
机构
[1] Anhui University of Science and Technology, Huainan, 232001, Anhui
[2] Anhui Vocational & Technical College of Industry & Trade, Huainan, 232007, Anhui
[3] SuZhou Unversity, SuZhou, 234000, Anhui
来源
Cheng, Yuan-Dong (andoncheng@foxmail.com) | 1600年 / Taru Publications卷 / 20期
关键词
Fuzzy comprehensive Analysis; Information entropy; Information security; Quantitative method; Risk assessment;
D O I
10.1080/09720529.2016.1178913
中图分类号
学科分类号
摘要
Quantitative risk assessment method based on information entropy: Because there was short effective assessment way for the risk level of the whole information system. I brought the information entropy into risk assessment of information security. The definition of risk degree was given first, which was the Likelihood estimate of probability and impact of risk, to scale risk degree of the whole information system. Since the evaluation on the probability and impact of risk were fuzzy, the risk factors were evaluated by means of fuzzy comprehensive evaluation method. For this method, the weight of each risk would be gained by entropy-weight coefficient; the subjective of expert assignment will be overcome. The risk degree will be gained by combining fuzzy comprehensive evaluation with information entropy, to measure off the risk degree of information system. In the paper I gave examples to show the application of this method. © 2016 Taru Publications.
引用
收藏
页码:149 / 165
页数:16
相关论文
共 50 条
  • [1] Information security risk analysis model using information entropy
    Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China
    不详
    Beijing Youdian Daxue Xuebao, 2008, 2 (50-53):
  • [2] Comprehensive analysis of the security risk of information system
    Song, Rushun
    Jisuanji Gongcheng/Computer Engineering, 2000, 26 (12): : 33 - 34
  • [3] Information security risk analysis model based on entropy
    Tang, Y. L.
    Xu, G. A.
    Niu, Y. X.
    Yang, Y. X.
    2008 PROCEEDINGS OF INFORMATION TECHNOLOGY AND ENVIRONMENTAL SYSTEM SCIENCES: ITESS 2008, VOL 4, 2008, : 1146 - 1150
  • [4] Fuzzy tool for conducting information security risk analysis
    Bartos, Jiri
    Walek, Bogdan
    Klimes, Cyril
    Farana, Radim
    2014 15TH INTERNATIONAL CARPATHIAN CONTROL CONFERENCE (ICCC), 2014, : 28 - 33
  • [5] ISRAM: information security risk analysis method
    Karabacak, B
    Sogukpinar, I
    COMPUTERS & SECURITY, 2005, 24 (02) : 147 - 159
  • [6] Risk Assessment of Reservoir by Fuzzy Comprehensive Evaluation Method Based on Information Entropy
    Song, Yongjia
    Jin, Congcong
    Zhang, Xiancai
    Li, Jing
    CIVIL ENGINEERING, ARCHITECTURE AND SUSTAINABLE INFRASTRUCTURE II, PTS 1 AND 2, 2013, 438-439 : 1612 - 1618
  • [7] A Business Aware Information Security Risk Analysis Method
    Sadok, M.
    Spagnoletti, P.
    INFORMATION TECHNOLOGY AND INNOVATION TRENDS IN ORGANIZATIONS, 2011, : 453 - 460
  • [8] The Information Security Risk Assessment Based on Fuzzy Comprehensive Evaluation
    Li Guohong
    Cai Yongkai
    PROCEEDINGS OF THE 15TH INTERNATIONAL CONFERENCE ON INDUSTRIAL ENGINEERING AND ENGINEERING MANAGEMENT, VOLS A-C, 2008, : 2027 - 2031
  • [9] Fuzzy Application With Expert System for Conducting Information Security Risk Analysis
    Bartos, Jiri
    Walek, Bogdan
    Klimes, Cyril
    Farana, Radim
    PROCEEDINGS OF THE 13TH EUROPEAN CONFERENCE ON CYBER WARFARE AND SECURITY (ECCWS-2014), 2014, : 33 - 41
  • [10] Information security risk analysis model using fuzzy decision theory
    Henriques de Gusmao, Ana Paula
    Camara e Silva, Lucio
    Silva, Maisa Mendonca
    Poleto, Thiago
    Cabral Seixas Costa, Ana Paula
    INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT, 2016, 36 (01) : 25 - 34
12345