Assessing Information Security Risk Using Markov Chain

[1] Information leakage occurs several times in universities in recent years. In this article, we propose a risk assessment method based on Markov chain for universities to evaluate risks using menace index. After identifying the assets and threats in universities, we use a survey data of university risks to find out the probability of the occurrence of each threat. Markov chain is used to indicate the probability of future. The result of a predicted severity sequence of risks can be useful to universities which risks they should pay more attention to. Two methods are used in the Markov part: One is the traditional way to set the initial probability matrix; the other is a statistical probability to present each menace in the initial probability matrix. After comparison, we found that the second method is more precise for risk assessment.