Abstract:
© 2016 IEEE. The risk assessment of any Network or Security systems has a high level of uncertainties because usually probability and statistics were used to evaluate the security of different cyber security systems. In this paper we will use Shannon entropy to represent the uncertainty of information used to calculate systems risk and entropy weight method since the weight of the object index is normally used and point to the significant components of the index. We evaluate the risk of security systems in terms of different security layers and protections. The information system is analysed by perimeter, network, host, application and data layers' protections. The capability of protections is measured by introducing the concept of protection effectiveness. We write the security evaluations algorithm to normalized the protection matrix and calculate the entropy and the entropy weight, then we will use the weight and paths to evaluate and calculate the total risk in the system and give the systems administrator a clear guidance on the vulnerable security entities. We try to develop a novel approach to evaluate the cyber security suitable for the majority of cyber systems by introducing the term of security entities.