A New Security and Privacy Risk Assessment Model for Information System Considering Influence Relation of Risk Elements

Considering the influence relations among risk assessment elements and the uncertainty generated in the security and privacy risk assessment process, this paper proposes a new security and privacy risk assessment model for information system which is based on DEMATEL-ANP combined with grey system theory. On the basis of risk assessment standard process, this model utilizes the DEMATEL method to identify risk assessment elements and evaluate comprehensive influence relations. Further, the model combines with ANP to solve the weight distribution ratio of the subordinate element of each evaluation elements. Finally the paper uses grey system theory to obtain grey evaluation matrix, and computes final security and privacy risk level. Examples simulation demonstrates that it is an effective method for information system on security and privacy risk assessment, which the model not only weighs up the association influence among the various evaluation factors in practical evaluation system, reduces the subjective evaluation, but also can effectively mitigate the uncertainty of expert evaluation.