Developing information security metrics and measures for risk assessment of an organization

Abstract

Abstract The absence of public safety normalization bodies can antagonistically affect the reception of worldwide security guidelines and best practices. This research is done for the benefit of people, process and technology for any organization. This paper presents a novel pragmatic network protection evaluation structure that is custom-made to the ISO 2700x standard necessities for the improvement of Information Security Management System (ISMS). This model can be utilized for both self-appraisal and examining/scoring instruments by public network protection specialists. Utilizing this model, associations can consider their current data security the broad frameworks in contrast to nearby and global guidelines by using worked in pre-review instruments. All things considered, the model will assist associations with assessing and improving their status for developing dangers and dangers. In this system, an original numerical model was likewise planned and carried out for the scoring/rating instrument, specifically, the public digital protection list (aeNCI). The aeNCI utilizes various boundaries to decide the development of existing network safety programs at public associations and produce a classification and correlation reports. The outcomes empowered the partner to confirm the security configuration of their frameworks and recognize possible attacks/hazard vectors.