The model of information security risk assessment based on advanced evidence theory

With regard to nonlinearity and uncertainty in information security risk assessment, and on the foundation of hierarchical structure of information security risk assessment, the paper proposed a model of information security risk assessment based on advanced D–S evidence theory. In terms of the extent of danger of various risk factors in the system, and through the advanced Dempster combination rule, the paper obtained risk values of the system by combining the assignment of basic probability of various risk factors in the index system. The simulative results proved that the method herein was free from disadvantages of existing assessment methods that had great randomness and fuzzy conclusion, and was more convergent and self-adaptive. © 2016, The Society for Reliability Engineering, Quality and Operations Management (SREQOM), India and The Division of Operation and Maintenance, Lulea University of Technology, Sweden.