Skip to Main Content
With the rapid development of information process, how to ensure the security and reduce the potential risks of the information systems has been the focus of scholars at home and abroad, and risk assessment is one of the effective ways to solve this problem. However, there are some difficulties in the process of risk assessment, such as evaluation indicators are difficult to be quantified, the risk values are difficult to be defined, and so on. Therefore, this article proposes Fuzzy Gray Relational Analysis based for Information Security Risk Assessment. It constructs the risk evaluation indicator first, then the relational degrees of the benchmark information systems and the evaluation information systems are analyzed and are assessed by Gray Relational Analysis, and the relative risks of each information systems are obtained finally by the relational degrees. The method can be simplified and standardized in the evaluation process.