A Grey Model for Evaluation of Information Systems Security

Quantitative security risk evaluation of information systems is increasingly drawing more and more attention. The purpose of this paper is to propose a novel method integrated grey relational analysis and grey-AHP evaluation to classification for information systems (IS) security. There are, of course, multiplicities of factors that will affect the security evaluation of information systems. Using grey relational analysis, we provided a tool to aid clients and their consultants in estimating or benchmarking the information systems security. It then provides a grey evaluation model of estimating the indicator system of information systems on the basis of the related reference, in which an evaluation methodology based on combination of grey evaluation method and Group-decision AHP method(Grey-AHP) for classifying grey clusters, calculating weights, creating an evaluation matrix and using comprehensive coefficient are presented. An example of practical application is given to show the effectiveness of this method. The result is believed to provide new means and ideas for the evaluation of IS security.