Security Evaluation Model based on the Score of Security Mechanisms
نویسنده
چکیده
Information security plays a key role in protection of organization’s assets. There exist a number of standards and guidelines providing huge lists of security controls that, if properly used, might be useful against cyber threats. However, these standards leave the process of controls selection to the organizations. Security manager has to carry out a decision on implementation of security controls. Deciding which controls should be encompassed and which bypassed could be tough and indeterminate, since different sources usually prefer another solutions. This work presents motivation for using metrics as an instrument for a risk analysis. The main goal of this work is to define proper security evaluation model for an organization, based on the score of security mechanisms. We present a mathematical model of evaluation, which minimizes subjectivity in this process and it should lead to more automatized risk analysis and make the results of the analysis more comparable. Our work is based on the ISO/IEC 27002 standard on which is built our evaluation model.
منابع مشابه
Quantitative evaluation of software security: an approach based on UML/SecAM and evidence theory
Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient kn...
متن کاملFormal approach on modeling and predicting of software system security: Stochastic petri net
To evaluate and predict component-based software security, a two-dimensional model of software security is proposed by Stochastic Petri Net in this paper. In this approach, the software security is modeled by graphical presentation ability of Petri nets, and the quantitative prediction is provided by the evaluation capability of Stochastic Petri Net and the computing power of Markov chain. Each...
متن کاملA combination of semantic and attribute-based access control model for virtual organizations
A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing security mechanisms, and especially a suitable access control mechanism, which enforces the defined security policy is a necessary requirement in VOs. Since VO is a complex ...
متن کاملEvaluation of the Criteria in the First Generation of CPTED Approach on Security of Public Space at Dehkade Farahzad of Tehran Based on ANP Model
متن کامل
Modeling of Electronic Health Management for Islamic Republic of Iran Social Security Organization
Background: Social Security Organization with more than 40 million insured people, supplies therapeutic services to nearly fifty percent of the country’s population. This volume of service needs a good update and on line planning, organizing, coordination, staffing, and budgeting. Electronic health is improving day to day and is a good tool in helping the Social Security Organization in conduct...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2014