Abstract
The configuration of the information system security policy is directly related to the security risks faced by the information assets. The security policy configuration required by the computer level protection ensures the optimal minimum configuration under the corresponding security level. Based on the information entropy theory, this paper defines the corresponding evidence distance, and obtains relevant evidence through threat, security policy configuration, system vulnerability investigation, and calculates the evidence distance of vulnerability being threatened according to the definition, thus realizing the measurement of system risk. With example analysis, the results prove that this method conducts effective risk evaluation model for information system intuitively and reliably, avoids the threat caused by subjective measurement, and shows performance benefits compared with existing solutions. It is not only theoretically but also practically feasible to realize the scientific analysis of security risk for the information system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Liu, F., Li, H.: Social network-based quantum trust management. In: International Conference on Computer Science & Network Technology, pp. 487–490. IEEE Press, China (2016)
Shameli-Sendi, A., Aghababaei-Barzegar, R., Cheriet, M.: Taxonomy of information security risk assessment (ISRA). J. Comput. Secur. 57, 14–30 (2016)
Kondakci, S.: Network security risk assessment using Bayesian belief networks. In: IEEE Second International Conference on Social Computing, pp. 952–960. IEEE Press, Washington DC (2010)
Cholez, H., Girard, F.: Maturity assessment and process improvement for information security management in small and medium enterprises. J. Softw. Evolut. Process. 26, 496–503 (2014)
Al-Kuwaiti, M., Kyriakopoulos, N., Hussein, S.: A comparative analysis of network dependability, fault tolerance, reliability, security and survivability. IEEE Commun. Surv. Tutor. 11, 106–124 (2009)
Liu, G.C., Wang, J.H.: Evaluation research on and empirical analysis of risks in information system audit based on AHP and entropy weight. Audit. Res. 01, 53–59 (2016)
Gong, S.D., Wang, L.: Research on information security risk assessment of industrial control system based on AHP and information entropy. Ind. Control Comput. 04, 11–15 (2017)
Sonawane, Y.K., Vijay, K.V.: An improved private key cryptography based algorithm securing text data. Int. J. Comput. Technol. 03, 367–370 (2016)
Liu, J., Zhao, G., Zheng, Y.P.: The model of information security risk situation analysis based on AHP- Bayesian network. J. Beijing Inf. Sci. Technol. Univ. (Natural Science Edition) 03, 68–74 (2015)
Sayyada, F.S., Shubhangi, D.C.: Multimedia information privacy preservation with fusion of MapReduce, Fuzzy K-means clustering and security for cloud storage. Int. J. Comput. Technol. 06, 21–26 (2019)
Zhao, G., Liu, H.: Practical risk assessment based on multiple fuzzy comprehensive evaluations and entropy weighting. J. Tsinghua Univ. 52, 1382–1387 (2012)
Song, J.K., Zhang, L.B.: Research on information security risk assessment based on triangular fuzzy entropy. Inf. Stud. Theory Appl. 36, 9–104 (2013)
Vinay, C., Sanyam, J., Kirti, S.: Savvy Book— A Smart, Versatile and Cybernated Record Management System. Int. J. Comput. Technol. 06, 08–10 (2019)
Zheng, L.L.: The application of fault tree analysis in the risk assessment of information security. In: Symposium on Security Level Protection of Security System Under the Large Data Environment. 03, 47–52 (2018)
Cao, Z.Q.: Research on the Decision Method of Information System Security Level Evaluation Results Based on D-S Evidence Theory, Beijing University of Posts and Telecommunications (2010)
Zhou, Y.Q., Han, D.Q., Yang, Y.: The research on the impact of evidence distance selection on conflict evidence combination. J. Xi’an Jiaotong Univ. 06, 1–8 (2018)
Tandardization Administration of the People’s Republic of China.: Information Security Technology—Baseline for Classified Protection of Information System Security (GB/T22239-2008). Standards Press of China, Beijing (2008)
Foundation Item
Supported by the Education Reform Project in Guizhou Province (SJJG201404), and Anshun College Aviation Electronics, Electrical and Information Network Guizhou Provincial University Engineering Technology Research Center Open Project (NO: HKDZ201406).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
LingHu, J., Pan, P., Du, Y. (2020). Risk Analysis of Information System Security Based on the Evidence Distance. In: Wang, R., Chen, Z., Zhang, W., Zhu, Q. (eds) Proceedings of the 11th International Conference on Modelling, Identification and Control (ICMIC2019). Lecture Notes in Electrical Engineering, vol 582. Springer, Singapore. https://doi.org/10.1007/978-981-15-0474-7_33
Download citation
DOI: https://doi.org/10.1007/978-981-15-0474-7_33
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-0473-0
Online ISBN: 978-981-15-0474-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)