A new information security risk analysis method based on membership degree

Purpose - In a risk analysis system, different underlying indices often play different roles in identifying the risk scale of the total target in a system, so a concept of discriminatory weight is introduced first. With the help of discriminatory weight and membership functions, a new method for information security risk analysis is proposed. The purpose of this paper is to discuss the above issues. Design/methodology/approach - First, a concept of discriminatory weight is introduced. Second, with the help of fuzzy sets, risk scales are captured in terms of fuzzy sets (namely their membership functions). Third, a new risk analysis method involving discriminatory weights is proposed to realize a transformation from the membership degrees of the underlying indices to the membership degrees of the total target. At last, an example of information security risk analysis shows the effectiveness and feasibleness of the new method. Findings - The new method generalizes the weighted-average method. The comparative analysis done with respect to other two methods show that the proposed method exhibits higher classification accuracy. Therefore, the proposed method can be applied to other risk analysis system with a hierarchial. Originality/value - This paper proposes a new method for information security risk analysis with the help of membership functions and the concept of discriminatory weight. The new method generalizes the weighted-average method. Comparative analysis done with respect to other two methods show that the proposed method exhibits higher classification accuracy in E-government information security system. What is more, the proposed method can be applied to other risk analysis system with a hierarchial.