30 Information Security Risk Assessment Method Based on Multi-Objective Optimization
-
Published:2013
Download citation file:
In the field of Information security, it is a significant issue to implement risk assessment upon information systems. The ultimate goal of such action is to guide the decision makers to find a balance between “investment cost” and “security level”, so as to establish protection strategies and mitigation plans for classified asset risks. As with the development of information security risk assessment methods, security assessment experts have gradually started concentrate on the suitable risk issue, which includes highest, lowest and preferred risk. A big issue demanding prompt solution is that how to find the suitable risk from massive risk evaluating data quickly and efficiently, so as to bring it into effect upon enterprise management and decision making. In this paper, on the basis of in-depth comparison among existing multi-objective optimization techniques, Skyline and Top-k query methods are implemented in the information security assessment system to deal with the suitable risk issue in the assessment data. According to the experiment results based on evaluation data sets with different distributions, Skyline and Top-k methods are able to efficiently conduct multi-objective decision making in risk assessment, and can also be implemented in the risk assessment systems to deal with the suitable risk assessment issue.