| With the advent of the information society,the application of informationsystems become more and more widely used,Security of information systems hasbeen becoming the focus of attention. the requirement that Solving the problem ofinformation system security has become more and more strongly,and effective riskassessment is one of the most important way to solve the problem.It is known to all that Risk assessment has two different ways, and one of them isqualitative, and the other is quantitative. qualitative risk assessment methods areoften unable to give an intuitive result, while the results of the evaluation are overlydependent on the experience of experts, and accidental error has cropped either.Meanwhile, the wider application of quantitative risk assessment algorithms includingthose based on AHP, and on fuzzy comprehensive, and on wavelet analysis, and on BPneural network, are exist different limitations, after reading and learning thesealgorithms, we know that decomposition of hierarchy step by step,It can be refinedto the smallest element, we can solve the target layer by the weight of all factors,Infact,With the increased of levels,the number of factors increased gradually,It isdifficult to through the "consistency" test, and the calculation is very complicated andthe requirements of assessors Increased either. Therefore the task is difficult tocontinue, In this paper, I introducing a comprehensive theory of fuzzy mathematics,and propose an improved risk assessment methods to suit the situation demands.The "Information Security Risk Assessment Guide" has proposed the basicmodel of risk assessment, which is very simple and clear, and it bear all basicelements, however, the calculation for basic elements is still fuzzy and unclear, theoperator is difficult to give precise assess in the model. As a result,assessment can notkeep going or assessment is not accurate. We proposed a more detailed, and moreoperational risk assessment model to solve the above problems.Overall, the main work and innovation of this paper include the followingcontent:1、the paper proposed based on AHP and fuzzy risk assessment method,In orderto overcome the drawbacks of AHP itself, we introduce the concept of fuzzymathematics, making the evaluation process can be carried out smoothly,so wepropose a hierarchical analysis based on fuzzy comprehensive risk evaluationmethod,put the probability of threat occurring, vulnerability of assets, and existingsecurity measures combine to make a comprehensive analysis,we use analytichierarchy fuzzy comprehensive risk assessment to calculate the possibility of riskevents.2、the paper proposed A risk assessment based on group decision Entropy andhierarchical analysis, entropy can be used to obtain the weight of each risk factor,which can reduce the error caused by subjective preferences and influence3、Based on risk assessment model to quantify proposed by "InformationSecurity Risk Assessment Guide". as the model is too simple and still not detailedenough, we propose a quantitative model to improve risk assessment, some of the factors will be refined, making the entire framework more detailed, complete, andmore operational... |
PDF Full Text Request