Abstract

The intelligent network information systems, such as smart grid systems, face many security problems in the aspects of sensing, communication and computing. Information security risk assessment is an important way to assess the threats faced by information systems before risk events occur and ensure the security of assets. However, a comprehensive risk assessment of the system is a very resource-consuming process. Many existing risk assessment methods rely on a large number of experts and computing resources. Their assessment results are vulnerable to the differences in experts’ subjective judgments. Therefore, we propose FRAMB, a novel man-machine collaborative risk assessment method based on fitting upper and lower bounds. Firstly, we present a risk assessment criterion including four categories and sixteen risk factors following the ISO/IEC 27005:2018 standard. On this basis, we present the DFAHP and CM-NN assessment models to obtain the upper and lower bounds of the risk assessment value, which provides a reference for expert assessment. FRAMB integrates the experts’ assessment value and the values of upper and lower bounds, and adjusts the weights of these values to give the final risk assessment value. We introduce the risk assessment process of FRAMB in detail through a case study of the smart grid system risk assessment. We evaluate the effectiveness and accuracy of FRAMB through experiments. The experimental results show that FRAMB can effectively and accurately assess the security risks of the intelligent network information systems.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.