Abstract

Nowadays the security risk assessment play a crucial role, which is applied to the entire life cycle of information systems and communication technologies but still so many models for security risk assessment are non practical, therefore, it should be measured and improved. In this paper, a novel approach, in which Analytic Hierarchy Process (AHP) and Particles Swarm Optimization (PSO) can be combined with some changes, is presented. The method consists of; firstly, the analytic hierarchy structure of the risk assessment is constructed and the method of PSO comprehensive judgment is improved according to the actual condition of the information security. Secondly, the risk degree put forward is PSO estimation of the risk probability, the risk impact severity and risk uncontrollability. Finally, it gives examples to prove that this method Multi Objectives Programming Methodology (MOPM) can be well applied to security risk assessment and provides reasonable data for constituting the risk control strategy of the information systems security. Based on the risk assessment results, the targeted safety measures are taken, and the risk is transferred and reduced, which is controlled within an acceptable range.

This work is licensed under a Creative Commons Attribution 4.0 License.