Model of fuzzy risk assessment of the information system

Tongxin Xuebao/Journal on Communications

Volumn 28, Issue 4, 2007, Pages

  Zhao, Dong Mei ^a   Ma, Jian Feng ^a   Wang, Yue Sheng ^b  

^a XIDIAN UNIVERSITY   (China)

^b HEBEI NORMAL UNIVERSITY   (China)

Author keywords

Analytic hierarchy process; Entropy; Fuzzy logical method; Information security; Model; Risk assessment

Indexed keywords

FUZZY LOGICAL METHOD; INFORMATION SECURITY; RISK VALUE;

ANALYTIC HIERARCHY PROCESS; FUZZY LOGIC; PROBABILITY; RISK ASSESSMENT;

INFORMATION SYSTEMS;

EID: 34249989321     PISSN: 1000436X     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (16)

1. Trusted Computer System Evaluation Criteria [S]. US National Computer Security Center, NCSC 5200. 28-STD, 1985.
2. Information Technology Security Evaluation Criteria [S]. Provisional Harmonized Criteria of France, Germany, Netherlands, and United Kingdom, Commission of the European Communities, 1991.
3. The International Organization for Standardization. Information Technology-Code of Practice for Information Security Management, ISO/IEC 17799: 2000 (E) [S]. 1999.
4. The International Organization for Standardization. Common Criteria for Information Technology Security Evaluation - Part 1: Tntroduction and General Model, ISO/IEC 15408-1: 1999 (E) [S]. 1999.
5. The International Organization for Standardization. Common Criteria for Information Technology Security Evaluation - Part 2: Security Function Requirements, ISO/IEC 15408-2: 1999 (E) [S]. 1999.
6. The International Organization for Standardization. Common Criteria for Information Technology Security Evaluation - Part 3: Security Assurance Requirements, ISO/IEC 15408-3: 1999 (E) [S]. 1999.
7. ZHANG Y R, XIAN M, WANG G Y. A quantitative evaluation technique of attack effect of computer network based on network entropy [J]. Journal on Communications, 2004, 25 (11): 158-165.
8. Centers for Medicare and Medicaid Services (CMS). CMS Information Security Risk Assessment Methodology [S].
9. CHENG X Y, WANG Y M, LIU Z L. A quantitative risk assessment model for information security [J]. Journal of Air Force Engineering University (Natural Science Edition), 2005, 6 (6): 56-59.
10. XU F Y, SHEN J, LI J Y. Study on comprehensive assessment method for network security based on AHP and ANN [J]. Computer Engineering and Applications, 2005, 29: 127-129.
11. ZHAO D M, ZHANG Y Q, MA J F. Fuzzy risk assessment of entropy-weight coefficient method applied in network security [J]. Computer Engineering, 2004, 30 (18): 21-23.
12. ZHAO D M, WANG J H, WU J, et al. Using fuzzy logic and entropy theory to risk assessment of the information security [A]. Proceedings of the 4th International Conference on Machine Learning and Cybernetics [C]. 2005. 2448-2453.
13. MUSTAFA M A, FALBAHAR J. Project risk assessment using the analytic hierarchy process [J]. IEEE Transactions on Engineering Management, 1991, 38 (1): 46-52.
14. FENG D G, ZHANG Y, ZHANG Y Q. Survey of information security risk assessment [J]. Journal on Communications, 2004, 25 (7): 10-18.
15. JHM T, CARR V. A proposal for construction project risk assessment using fuzzy logic [J]. Construction Management and Economics, 2000, 18: 491-500.
16. SUN T, ZHANG Y Q, MENG X W. Design of risk-assess tools based on BS7799 [J]. Computer Engineering, 2004, 30 (22): 63-66.