The Information Security Risk Assessment Model Based on Improved Electre Method

Abstract

Information security is a global problem and has attracted worldwide attention. Information security risk assessment is of great significance to understand the information security situation clearly and put forward pertinent measures. Information security risk assessment is system engineering, involving standards, technology, management and other factors. Owing to the complexity and uncertainty of information system, information system security assessment inevitably involves a certain degree of fuzziness. This paper brings forward the information system security assessment model based on improved Electre method with linguistic variables. First, a two-level index system for information system security is constructed based on the feasibility and maneuverability condition. Second, linguistic variables are adopted to represent evaluation values of second-level indicators and WAA operator is adopted to calculate the evaluation values for first level indicators. Then the improved Electre method is adopted to evaluate and rank the alternatives. The Results show that the improved Electre method is more effective and more practical for security risk assessment of information system.