Quantitative risk analysis method of information security-combining fuzzy comprehensive analysis with information entropyAuthor(s): Cheng Yuandong
Quantitative risk assessment method based on information entropy: Because there was short effective assessment way for the risk level of the whole information system. I brought the information entropy into risk assessment of information security. The definition of risk degree was given first, which was the Likelihood estimate of probability and impact of risk, to scale risk degree of the whole information system. Since the evaluation on the probability and impact of risk were fuzzy, the risk factors were evaluated by means of fuzzy comprehensive evaluation method. For this method, the weight of each risk would be gained by entropy-weight coefficient; the subjective of expert assignment will be overcome. The risk degree will be gained by combining fuzzy comprehensive evaluation with information entropy, to measure off the risk degree of information system. In the paper I gave examples to show the application of this method.