Information security risk analysis

Information security risk analysis becomes an increasingly essential component of organization’s
operations. Traditional Information security risk analysis is quantitative and qualitative analysis methods.
Quantitative and qualitative analysis methods have some advantages for information risk analysis.
However, hierarchy process has been widely used in security assessment. A future research direction may
be development and application of soft computing such as rough sets, grey sets, fuzzy systems, generic
algorithm, support vector machine, and Bayesian network and hybrid model. Hybrid model are developed
by integrating two or more existing model. A Practical advice for evaluation information security risk is
discussed. This approach is combination with AHP and Fuzzy comprehensive method.