A Proposal for information security risk evaluation framework
Publish place: 5th Symposium on Advances in Science and Technology
Publish Year: 1390
نوع سند: مقاله کنفرانسی
زبان: English
View: 1,658
This Paper With 11 Page And PDF Format Ready To Download
- Certificate
- من نویسنده این مقاله هستم
استخراج به نرم افزارهای پژوهشی:
شناسه ملی سند علمی:
SASTECH05_150
تاریخ نمایه سازی: 22 مرداد 1391
Abstract:
Organizations are always facing different threats related to their informational possessions; however, they are extremely dependent to these possessions. Most informational systems are not basically safe and technical solutions are only a small part of the community solutions of comprehensive informational security, so Informational gathering is a necessary task and all organizations should recognize and know the threatening areas which potentially threaten them to do so.These threatening areas are determined via systematic analysis and security risks evaluation. And by recognizing the risks areas, suitable controls will be chosen in order to reduce the identified risks effects.So far, different methods and standards have been introduced to assess security, but none of them presents a systematic framework and method for assessing security and security risk optimum reduction.In this article a framework is presented to evaluate shortcomings, holes and security risks along with an algorithm for optimum choice of risks reduction controls.In the proposed framework standards and methods such as ISO/IEC 15408 Common Criteria for Information Technology Security Evaluation, ISO/IEC 17799, ISO/IEC 27002 security standards, Microsoft threatening model process and Use Case Function Point are used
Keywords:
ISO/IEC 15408 standard , ISO/IEC 17799 standard , ISO/IEC 27002 standard , Microsoft threatening model , Use Case Function Point
Authors
Esmat Ali Mohammad Malayeri
Islamic Azad- NorthTehran Branch, Tehran Iran
مراجع و منابع این Paper:
لیست زیر مراجع و منابع استفاده شده در این Paper را نمایش می دهد. این مراجع به صورت کاملا ماشینی و بر اساس هوش مصنوعی استخراج شده اند و لذا ممکن است دارای اشکالاتی باشند که به مرور زمان دقت استخراج این محتوا افزایش می یابد. مراجعی که مقالات مربوط به آنها در سیویلیکا نمایه شده و پیدا شده اند، به خود Paper لینک شده اند :