Method of Information Security Risk Assessment Based on Improved Fuzzy Theory of Evidence

Xuepeng Huang, Wei Xu

Abstract


A method based on improved fuzzy theory of evidence was presented to solve the problem that there exist all kinds of uncertainty in the process of information security risk assessment. The hierarchy model for the information systems risk assessment was established firstly, and then fuzzy sets were introduced into theory of evidence. The basic probability assignments were constructed using the membership function of fuzzy sets, and the basic probability assignments were determined. Moreover, weight coefficients were calculated using entropy weight and empirical factor, which combined the objective weights with the subjective ones, and improved the validity and reliability. An illustration example indicates that the method is feasible and effective, and provides reasonable data for constituting the risk control strategy of the information systems security.


Keywords


theory of evidence; fuzzy sets; entropy weight; information systems; risk assessment

Full Text:

PDF



International Journal of Online Engineering (iJOE).ISSN: 1861-2121
Creative Commons License
Indexing:
Web of Science ESCI logo Engineering Information logo INSPEC logo DBLP logo ELSEVIER Scopus logo EBSCO logo Ulrich's logoGoogle Scholar logo Microsoft® Academic Search