Skip to Main Content
Aim to treat uncertainty of information system security risk assessment, the writers proposed a risk assessment model combining grey relational analysis and Dempster-Shafer theory. In this model, the writers established an assessment index system and calculated the grey relational grades between the index values with different methods and the risk ratings of system. Subsequently, the grey relational grades for each risk rating were used to determine the basic probability assignment functions in Dempster-Shafer theory. The Dempster-Shafer evidence fusion strategy was applied to fuse the assessment ratings in different methods for assessment conclusion. The practical calculation result shows that the model is effective and feasible.