Title :
The research and application of the risk evaluation and management of information security based on AHP method and PDCA method
Author_Institution :
Inst. of Sci. & Tech. Inf., Danzhou, China
Abstract :
In order to realize the transformation of information security risk evaluation from qualitative analysis to quantitative analysis to achieve an information security risk management of dynamic cycle. In this paper, Professor Saaty´s (T.L. Saaty) AHP (Analytic Hierarchy Process, AHP) method was used for information security risk evaluation to realize the transformation from qualitative analysis to quantitative analysis getting the weight of risk factors. After sorting in accordance with weight of risk factors, Dr. Deming´s (W. Edwards. Deming) PDCA (Plan-Do-Check-Action, PDCA) cycle method was used for risk management of these risk factors, which was applied to the S company for an empirical research. The results show that the method can be effectively applied to information security risk evaluation and management, which also can afford experience and references for information security risk evaluation and management of domestic and foreign small and medium enterprises.
Keywords :
analytic hierarchy process; information systems; risk management; security of data; small-to-medium enterprises; AHP; AHP method; PDCA cycle method; PDCA method; analytic hierarchy process; dynamic cycle; information security risk evaluation; plan-do-check-action; qualitative analysis; quantitative analysis; risk factors; risk management; small and medium enterprises; Analytic hierarchy process; Companies; Equations; Information security; Mathematical model; Risk management; AHP; Information Security; PDCA; Risk Evaluation; Risk Management;
Conference_Titel :
Information Management, Innovation Management and Industrial Engineering (ICIII), 2013 6th International Conference on
Conference_Location :
Xi´an
Print_ISBN :
978-1-4799-3985-5
DOI :
10.1109/ICIII.2013.6703597
