Journal of Beijing University of Posts and Telecommunications

  • EI核心期刊

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2009, Vol. 32 ›› Issue (5): 128-131.doi: 10.13190/jbupt.200905.128.371

• Reports • Previous Articles     Next Articles

Algorithm of Information Security Risk Evaluation Based on OCTAVE and Grey System

WANG Xiao-zhen1,2,LU Zhi-gang1,2,LIU Bao-xu1   

  1. (1. Computing Center of Institute of High Energy Physics, Chinese Acad
    emy of Sciences, Beijing 100049, China;
    2. Graduate of University, Chinese Academy of Science, Beijing 100049, China)
  • Received:2008-12-15 Revised:2009-06-01 Online:2009-10-28 Published:2009-10-28
  • Contact: WANG Xiao-zhen

Abstract:

To make sure the assessment accuracy, an efficient algorithm with qualitative analysis and quantify calculate is described. To collect the data, the algorithm chooses the operationally critical threat, asset and vulnerability evaluation (O
CTAVE) method, defining the assets which need to be assessed, evaluating the administrant and technical vulnerabilities. To calculate the risk, grey theory is chosen, and triangular whiten weight function is used to compute the membership degrees, the risk level is then determined. This valuable method can be used in practical operations of information security risk assessment.

Key words: risk evaluation, grey system, normalization method