Method of Information Security Risk Assessment Based on Improved Fuzzy Theory of Evidence

A method based on improved fuzzy theory of evidence was presented to solve the problem that there exist all kinds of uncertainty in the process of information security risk assessment. The hierarchy model for the information systems risk assessment was established firstly, and then fuzzy sets were introduced into theory of evidence. The basic probability assignments were constructed using the membership function of fuzzy sets, and the basic probability assignments were determined. Moreover, weight coefficients were calculated using entropy weight and empirical factor, which combined the objective weights with the subjective ones, and improved the validity and reliability. An illustration example indicates that the method is feasible and effective, and provides reasonable data for constituting the risk control strategy of the information systems security