Information System security evaluation research usually focuses on the evaluation of how well information systems are secured in relation to a security policy statement or security plan. Most studies concentrate on standards of security measurement such as the “orange book”, or the European standard (ITSEC). Little research however, concentrates on the manner in which security plans (or policie...

In this paper, a generic architecture for intrusion alert management, analysis and security decision support is described. The architecture is composed of four components: (1)Alert Aggregator, (2)Alert Evaluation and Security Decision Support Component, (3)Alert Correlator and (4)Synthetic Alert Report Generator. The core of this architecture is the Alert Evaluation and Security Decision Suppor...

We propose a new evaluation method for ‘generalized confidential modulation (GCM)’ for quantum communication. Confidential modulation realizes a secret communication by using secret information for modulation and noise in a channel. Y-00 is one of the famous methods of GCM for quantum communication. The existing evaluation methods for GCM are based on stream ciphers. They can estimate its analy...

CRC cards are unconventional method for identifying and describing classes, behavior and its responsibilities and collaborators of class. Representation of three categories of class, responsibilities and collaborators can give proper image of scenario. These cards are effective method for analyzing scenarios. With all positive features of CRC cards, of weaknesses of these cards are failure to s...

Information security plays a key role in protection of organization’s assets. There exist a number of standards and guidelines providing huge lists of security controls that, if properly used, might be useful against cyber threats. However, these standards leave the process of controls selection to the organizations. Security manager has to carry out a decision on implementation of security con...