1. Information Security Risk Assessment Methodology Research: Group Decision Making and Analytic Hierarchy Process
- Author
-
Wei Guangfu, Zhang Xin, Zhang Xinlan, and Huang Zhifang
- Subjects
IT risk management ,Risk management plan ,Risk analysis (engineering) ,business.industry ,Risk analysis (business) ,Computer science ,Analytic hierarchy process ,Security management ,Factor analysis of information risk ,business ,Risk assessment ,Risk management - Abstract
Information security risk can be measured by probability of the potential risk incident and its impact. Various quantitative methodologies are given to compute information security risks, but among the existed research, seldom of them considered the difficulties of obtaining data of risk probability and risk impact. Considering the efficiency and operability of collecting data, as well as the effectiveness of output for risk management support, this paper presents a risk assessment methodology for information systems security with the application of group decision making and analytic hierarchy process methods. Procedure of this methodology is provided, and a test case is given to illustrate the effectiveness of this methodology.
- Published
- 2010