The information security risk assessment based on AHP and fuzzy comprehensive evaluation

Abstract

Information security risk assessment is the most fundamental basis of the risk management about information security. Moreover, the objectivity and accuracy of information security risk assessment play an important role to safeguard the information system security. Through the study on the information security risk of the network system in a university, we firstly build an index system of information security risk assessment and analyze the functions of its essential elements in detail. Then, based on AHP and fuzzy comprehensive evaluation, an information security risk assessment method is proposed to effectively resolve the quantitative assessment problems of qualitative indicators in the risk assessment. An actual instance shows that the method is of strong rationality and effectiveness, and it can be better applied to information security risk assessment.