Nowadays the security risk management play a crucial role, which is applied to the entire life cycle of information systems and communication technologies but still so many models for security risk management are non-practical, therefore, it should be measured and improved. In this paper, a novel approach, in which Analytic Hierarchy Process (AHP) and Quantum Particles Swarm Optimization (QPSO) can be combined with some changes, is presented. The method consists of; firstly, the analytic hierarchy structure of the risk management is constructed and the method of QPSO comprehensive judgment is improved according to the actual condition of the information security. Secondly, the risk degree put forward is QPSO estimation of the risk probability, the risk impact severity and risk uncontrollability. Finally, it gives examples to prove that this method Multi Objectives Programming Methodology (MOPM) can be well applied to security risk management and provides reasonable data for constituting the risk control strategy of the information systems security. Based on the risk management results, the targeted safety measures are taken, and the risk is transferred and reduced, which is controlled within an acceptable range.

1. Wang Yingmei, Wang Shengkai and Cheng Xiangyun, Security Risk Management of Information System, Publishing House of Electronic Industry, Beijing, 2007.
2. ISO/IEC15408, Common Criteria for IT Security Evaluation. Version 2. 1. The International Organization for Standardization, 1999.
3. Common Criteria for Information Technology Security Evaluation, v3. 0, June 2005.
4. M. Kendall, Rank correlation methods. 3rd ed. ; 1962. NY.
5. Y. Deng, W. K. Shi, F. Du, A new similarity measure of generalized fuzzy numbers and its application to pattern recognition, Pattern Recognition Letters, vol. 24, no. 8, pp. 875-883, 2004.
6. F. Du, W. K. Shi and Y. Deng, "New similarity measure of generalized fuzzy numbers," Journal of Shanghai Jiaotong University, vol. 39, no. 8, pp. 614-617, 2005.
7. Lu Simei, Zhang Jianlin, Security Risk Management Model Based on AHP/D-S Evidence Theory, International Forum on Information Technology and Applications, 2009.
8. Marc J. Schniederjans a, Tim Garvin, Using the Analytic Hierarchy Process and multi-objective programming for the selection of cost drivers in activity-based costing.
9. Dong-Mei Zhao, Jing-Hong Wang, Using Fuzzy Logic And Entropy Theory To Risk Management Of The Information Security, Proceedings of the Fourth International Conference on Machine Learning and Cybernetics, Guangzhou, 2005.
10. Omkarprasad S Vaidya, Sushil Kumar, Analytic hierarchy process: An overview of applications, European Journal of Operational Research 169 (2006)

Risk Management Information Security Qpso Analytic Hierarchy Process Multi-objectives Model.