Information Security Risk Assessment Based on Analytic Hierarchy Process

2016 ◽  
Vol 1 (3) ◽  
pp. 656 ◽  
Author(s):  
Ming Xiang He ◽  
Xin An
Keyword(s):  
Risk Assessment ◽  
Information Security ◽  
Analytic Hierarchy Process ◽  
Quantitative Assessment ◽  
Assessment Method ◽  
Security Risk ◽  
Analytic Hierarchy ◽  
Information Security Risk ◽  
Security Risk Assessment ◽  
Hierarchy Process

<p>Information security risk assessment was an important component of information systems security engineering and the selection of assessment method had a direct impact on the final results of the assessment. But there were too many elements in the process of information security risk assessment. How to find the optimal elements from many elements to simplify the calculation of risk value and provide a strong basis for taking relevant measures, which was a problem needed to be solved. In addition, the reliability of the risk assessment results could not be guaranteed only through a single qualitative or quantitative assessment method. By Analytic Hierarchy Process (AHP), the relative weight of elements related to information security risk could be calculated. Then the optimal indicators, which provided a strong basis for taking relevant measures, could be selected by sorting the weights of elements to reduce the number of indicators. Moreover, Analytic Hierarchy Process, a method of the combination of qualitative and quantitative assessment methods, could overcome the shortcomings of single qualitative or quantitative assessment method.</p>

Evaluation and Analysis of the Quantitative Computing Model of the Information Security Risk Assessment

2014 ◽  
Vol 543-547 ◽  
pp. 3565-3568
Author(s):  
Xiao Qiang Peng ◽  
Ting Ting Lu
Keyword(s):  
Risk Assessment ◽  
Information Security ◽  
Analytic Hierarchy Process ◽  
Objective Assessment ◽  
Security Risk ◽  
Analytic Hierarchy ◽  
Qualitative Risk Assessment ◽  
Information Security Risk ◽  
Security Risk Assessment ◽  
Hierarchy Process

To solve the difficult quantify analysis problem in the process of information security risk assessment, on the basis of the original qualitative risk assessment method, the fuzzy analytic hierarchy process is put forward, in order to realize the organic combination of subjective and objective assessment of risk factors. Based on the improvement of the analytic hierarchy process and fuzzy evaluation method, the two methods are organically combined. On the basis of the analysis and assessment of risk probability and impact of the incident, the risk rank of each risk factor is determined, and the information system risk control suggestions are given

Genre-Based Approach to Assessing Information and Knowledge Security Risks

2014 ◽  
Vol 10 (2) ◽  
pp. 13-27 ◽  
Author(s):  
Ali Mohammad Padyab ◽  
Tero Päivärinta ◽  
Dan Harnesk
Keyword(s):  
Risk Assessment ◽  
Information Security ◽  
Assessment Method ◽  
Organizational Dynamics ◽  
Future Research ◽  
Security Risk ◽  
Security Risks ◽  
Risk Assessment Method ◽  
Information Security Risk ◽  
Security Risk Assessment

Contemporary methods for assessing information security risks have adopted mainly technical views on information and technology assets. Organizational dynamics of information management and knowledge sharing have gained less attention. This article outlines a new, genre-based, approach to information security risk assessment in order to orientate toward organization- and knowledge-centric identification and analysis of security risks. In order to operationalize the genre-based approach, we suggest the use of a genre-based analytical method for identifying organizational communication patterns through which organizational knowledge is shared. The genre-based method is then complemented with tasks and techniques from a textbook risk assessment method (OCTAVE Allegro). We discuss the initial experiences of three experienced information security professionals who tested the method. The article concludes with implications of the genre-based approach to analyzing information and knowledge security risks for future research and practice.

An Information Security Risk Assessment Framework for Cloud Computing

2013 ◽  
Vol 756-759 ◽  
pp. 1469-1473
Author(s):  
Hong Chen
Keyword(s):  
Risk Assessment ◽  
Cloud Computing ◽  
Information Security ◽  
Assessment Method ◽  
Operating Efficiency ◽  
Assessment Framework ◽  
Security Risk ◽  
Information Security Risk ◽  
Significant Cost Reduction ◽  
Security Risk Assessment

Cloud computing has recently gained tremendous momentum because of the potential for significant cost reduction and the increased operating efficiency in computing. However along with these benefits come added security challenges. In this paper, we recommend enterprises assess the security risk of the cloud computing, discuss the standard information security risk assessment method and process and propose an information security risk assessment framework for cloud computing environments.

The Research of Information Security Risk Assessment Method Based on AHP

2011 ◽  
Vol 187 ◽  
pp. 575-580 ◽  
Author(s):  
Ning Xu ◽  
Dong Mei Zhao
Keyword(s):  
Risk Assessment ◽  
Network Security ◽  
Information Security ◽  
Hierarchical Model ◽  
Assessment Method ◽  
Security Risk ◽  
Ahp Method ◽  
Related Factors ◽  
Information Security Risk ◽  
Security Risk Assessment

Information security risk assessment is one important part of the security engineering in information system. It has been the focus of the research in the world wide information security fields. This paper designs and realizes a new model of information security risk assessment based on AHP method. In this case, In order to estimate the network security risk by AHP method, firstly should identify the most related factors and establish the threaten identification Hierarchical Model and Vulnerability Identification Hierarchical Model for information security risks. Then, compare every two elements to determine the relative importance of each element. Finally, judge the comprehensive weight for each element. The study of the case shows that the method can be easily used to the risk assessment of the network security. The results are in accord with the reality.

Sign in / Sign up

Export Citation Format

Share Document