A Proposed Preventive Information Security System

2007 International Conference on Electrical Engineering Pub Date : 2007-04-11 DOI:10.1109/ICEE.2007.4287288

M. Anwar, M. Zafar, Zafar Ahmed

{"title":"A Proposed Preventive Information Security System","authors":"M. Anwar, M. Zafar, Zafar Ahmed","doi":"10.1109/ICEE.2007.4287288","DOIUrl":null,"url":null,"abstract":"Managing computer and network security programs has become an increasingly difficult and challenging job. Dramatic advances in computing and communications technology during the past few years have redirected the focus of data processing from the computing center to the terminals in individual offices and homes. The result is that managers must now monitor security on a more widely dispersed level. These changes are continuing to accelerate, making the security manager's job increasingly difficult. In this paper a better solution for Information Security management has been proposed by designing PrISM (Preventive Information Security Management). PrISM aims to develop and deploy an indigenous Information Security Management System (ISMS) with intrusion prevention capabilities. The objective is to develop an ISMS with appropriate security assurance controls and risk handling processes. This will provide best protection of critical assets against information warfare attacks. The task has been planned by performing reverse engineering of Open Source Security Information Management (OSSIM) system. A detailed discussion on OSSIM and commercially available software Event Horizon has also been presented.","PeriodicalId":291800,"journal":{"name":"2007 International Conference on Electrical Engineering","volume":"48 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 International Conference on Electrical Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICEE.2007.4287288","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 23

Abstract

Managing computer and network security programs has become an increasingly difficult and challenging job. Dramatic advances in computing and communications technology during the past few years have redirected the focus of data processing from the computing center to the terminals in individual offices and homes. The result is that managers must now monitor security on a more widely dispersed level. These changes are continuing to accelerate, making the security manager's job increasingly difficult. In this paper a better solution for Information Security management has been proposed by designing PrISM (Preventive Information Security Management). PrISM aims to develop and deploy an indigenous Information Security Management System (ISMS) with intrusion prevention capabilities. The objective is to develop an ISMS with appropriate security assurance controls and risk handling processes. This will provide best protection of critical assets against information warfare attacks. The task has been planned by performing reverse engineering of Open Source Security Information Management (OSSIM) system. A detailed discussion on OSSIM and commercially available software Event Horizon has also been presented.

查看原文本刊更多论文

建议的预防性信息安全系统

管理计算机和网络安全程序已经成为一项越来越困难和具有挑战性的工作。在过去几年中，计算和通信技术的巨大进步已经将数据处理的重点从计算中心转移到个人办公室和家庭的终端。其结果是，管理人员现在必须在更广泛分散的层面上监控安全。这些变化还在继续加速，使得安全经理的工作越来越困难。本文通过设计PrISM (Preventive Information Security management)，提出了一种更好的信息安全管理方案。PrISM旨在开发和部署具有入侵防御能力的本土信息安全管理系统(ISMS)。目标是开发具有适当的安全保证控制和风险处理流程的ISMS。这将为关键资产提供抵御信息战攻击的最佳保护。该任务是通过对OSSIM (Open Source Security Information Management)系统进行逆向工程来规划的。还详细讨论了OSSIM和商用软件Event Horizon。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2007 International Conference on Electrical Engineering

自引率

0.00%

发文量