ECONOMICS, BUSINESS
and MANAGEMENT

With the accelerate development of information, enterprises are becoming increasingly dependent on information systems, therefore, ensuring information security becomes the core work of enterprises information management. The tradition risk factors are classified into three aspects of asset, vulnerability and threat. This paper adds the security prevention measures as the fourth aspect. After analyzing the four aspects based on the fuzzy set theory, then constructs the membership matrix of factors corresponding to the judge set. The weights of the risk factors are calculated with the entropy theory to reduce the subjectivity bias, integrating the comprehensive risk results to output the risk rating. An example application proves that the method is a feasible and effective method of assessment, the results will have a certain theoretical significance and practical value.

Information Security, Risk Assessment, Entropy-Weight, Fuzzy Set