Comprehensive Evaluation Based on Gray Relation Analysis for Information Security Management Measurement

• Published in: 2010 International Conference of Information Science and Management Engineering Vol. 1; pp. 143 - 146
• Main Authors: Xi-quan Guo, Wei-qi Luo, Guo-xiang Yao
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.08.2010
• Subjects: Arrays; Biological system modeling; comprehensive evaluation; gray relation analysis; Information security; Information security management measurement; ISO standards; Organizations; Standards organizations
• ISBN: 9781424476695; 1424476690
• DOI: 10.1109/ISME.2010.8

The purpose of this paper is to study the comprehensive evaluation method for Information Security Management Measurement (ISMM). An organization's information security management performance would be assessed from three dimensions: implementation, effectiveness and input. Each dimensional evaluation value and final result can be calculated by gray relation analysis. A cube model for ISMM is then presented and it is capable of providing valuable results for managers since it is based on managing, technical and economic considerations. Under the circumstance that ISMM is mainly concerned about indicators of microcosmic level and frameworks of macro level, the advance of comprehensive evaluation based on gray relation analysis benefits building a more integrated ISMM system.