Information security risk assessment based on two stages decision model with grey synthetic measure

To solve the fuzziness and uncertainty from many aspects on information security risk assessment, this paper proposes the information security risk assessment approach based on two stages decision model with grey synthetic measure. Firstly, the assessment criteria weights are determined by means of the combination of Delphi method and the adjacent criterion comparison method, and the grades of assessment results are determined; secondly, unity grey clustering coefficients or decision coefficients with synthetic measure are computed by grey clustering theory; at last, the grey classes of objects are determined and objects are squenced by risk values. Through case study, this method solves the uncertainty in parameter values and other factors, reduces the subjectivity of assessment process, and provides a new thought to information security risk assessment.