Research On The Quantitative Methods Of Information Security Risk Assessment Based On AHP

With the continuous development of information technology and social deepening dependence on information systems, the security issues of information systems are getting more attention. However, it is not enough to solve these problems solely from the technical aspect. We should, of course, standing the engineering point of view, analysis and solve these problems systematically. But, the foundation to solve the problem of information security is the information security risk assessment. Through the information security risk assessment, we know that what the system’s security situation is, then we take the appropriate measures to reduce the risk of the system to an acceptable level.This paper focuses on information security risk assessment. It first introduces the research background and significance of information security risk assessment, and describes the development of domestic and international information security risk assessment, and provides an overview of information security risk assessment methods. Then it describes the theoretical achievements of domestic and international information security risk assessment, and proposes the general information security risk assessment process according to China GB.Based on the above, the information security risk assessment methods were studied:(1) Based on the phenomenon that apply the traditional Analytic Hierarchy Process to establish the judgment matrices are over-reliance on subjective personal preference assignment, so the information security risk assessment method based on Analytic Hierarchy Process and information entropy is proposed to reduce the subjectivity of personal preferences.(2) When we determine the risk of the entire system, by definition, degree of risk is the likelihood estimator of risk probability and risk impact. Because there is a certain fuzzy in the assessment of risk probability and risk impact, we apply fuzzy theory and Analytic Hierarchy Process in risk assessment of information security.(3) Focused on the complexity and uncertainty of the information security risk assessment, the Artificial Neural Networks is applied in risk assessment of the entire system, and the Analytic Hierarchy Process is used to process the neural network’s input. Therefore, the information security risk assessment method based on the analytic hierarchy process and Artificial Neural Networks is proposed. The simulation examples of each method applied in the information security risk assessment are described. And to illustrate the effectiveness of the methods, the comparison between the results of the methods and other methods are carried out.