Information Security Risk Assessment Based on AHP/DST

Author

Ye Qing ; Zhang Changhong ; Wu Xiaoping ; Zhai Dingjun

Author_Institution

Dept. of Inf. Security, Naval Univ. of Eng., Wuhan, China

fYear

2009

fDate

20-22 Sept. 2009

Firstpage

1

Lastpage

4

Abstract

To enhance the security management on information systems, it is urgent to apply some effective approaches for assessing their security. In this paper, a novel approach, in which analytic hierarchy process (AHP) and Dempster-Shafer theory of evidence (DST) can be combined organically, is presented. In this approach, AHP is applied to acquire all propositions´ basic probability assignments (BPA) based on a large amount of experts´ opinion when assessing the security. Thus, the DST´s ability of dealing with uncertain information and AHP´s performance of quantitative and qualitative analysis may be utilized fully. Furthermore, a hierarchical risk assessment model for the information security is established. Finally, an illustrative example is given to explain the application of the proposed approach and its feasibility.

Keywords

information systems; risk management; security of data; AHP; DST; Dempster-Shafer theory of evidence; analytic hierarchy process; basic probability assignments; information security risk assessment; information systems; security management; Engineering management; Information analysis; Information management; Information security; Information systems; Management information systems; Performance analysis; Physics computing; Risk analysis; Risk management;

fLanguage

English

Publisher

ieee

Conference_Titel

Management and Service Science, 2009. MASS '09. International Conference on

Conference_Location

Wuhan

Print_ISBN

978-1-4244-4638-4

Electronic_ISBN

978-1-4244-4639-1

Type

conf

DOI

10.1109/ICMSS.2009.5301106

Filename

5301106