An Information Security Threat Assessment Model based on Bayesian Network and OWA Operator

Information security threat assessment involves two aspects, namely, technology and management. A great amount of uncertainties exist in the assessment, which cannot be strictly quantized. Thus, the completely objective information security risk assessment is hard to realize. To this end, this research proposed an information security threat assessment model based on Bayesian Network (BN) and OWA operator. Firstly, with the integration of expert knowledge, the conditional probability matrix of reasoning rules in BN was clarified, as a basis of the establishment of information security threat assessment model. Then, with the group-decision method of OWA operator, the subjective judging information of experts on the threat level of target information system was integrated, which was taken as the prior information of the threat level of target information system. Meanwhile, with the observation nodes of objective assessment information, subjective and objective security threat level was integrated, which realized the continuity and accumulation of the security assessment. Finally, the rationality and effectiveness of this model were verified through the simulation example.