基于ISO 27002的信息系统安全风险评估专家系统

2016 IEEE International Conference on Knowledge Engineering and Applications (ICKEA) Pub Date : 2016-09-01 DOI:10.1109/ICKEA.2016.7802992

S. W. Sihwi, Ferry Andriyanto, Rini Anggrainingsih

{"title":"基于ISO 27002的信息系统安全风险评估专家系统","authors":"S. W. Sihwi, Ferry Andriyanto, Rini Anggrainingsih","doi":"10.1109/ICKEA.2016.7802992","DOIUrl":null,"url":null,"abstract":"Information system security in a company is an important element that every company should pay more attention due to the attacks against the security of the data that may not be inevitable. Probably every company knows how to protect their data even though this paper proposes something new which is more efficient. One of the ways that can be used to determine the security status of the company is by doing a risk assessment. This study proposes an expert system to determine the position or the level of the security system of a company by doing a risk assessment. The standard of risk assessment is based on the ISO 27002. Forward chaining method is used for the determination of rules and scoring in this expert system. The conclusion of this study is that the integration between the risk assessment and expert system helps in determining the position of a company-level security and also determining whether the company needs to do an audit of their information systems security or not.","PeriodicalId":241850,"journal":{"name":"2016 IEEE International Conference on Knowledge Engineering and Applications (ICKEA)","volume":"97 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"An expert system for risk assessment of information system security based on ISO 27002\",\"authors\":\"S. W. Sihwi, Ferry Andriyanto, Rini Anggrainingsih\",\"doi\":\"10.1109/ICKEA.2016.7802992\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Information system security in a company is an important element that every company should pay more attention due to the attacks against the security of the data that may not be inevitable. Probably every company knows how to protect their data even though this paper proposes something new which is more efficient. One of the ways that can be used to determine the security status of the company is by doing a risk assessment. This study proposes an expert system to determine the position or the level of the security system of a company by doing a risk assessment. The standard of risk assessment is based on the ISO 27002. Forward chaining method is used for the determination of rules and scoring in this expert system. The conclusion of this study is that the integration between the risk assessment and expert system helps in determining the position of a company-level security and also determining whether the company needs to do an audit of their information systems security or not.\",\"PeriodicalId\":241850,\"journal\":{\"name\":\"2016 IEEE International Conference on Knowledge Engineering and Applications (ICKEA)\",\"volume\":\"97 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE International Conference on Knowledge Engineering and Applications (ICKEA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICKEA.2016.7802992\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE International Conference on Knowledge Engineering and Applications (ICKEA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICKEA.2016.7802992","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

摘要

信息系统安全是每个公司都应该重视的重要内容，因为对数据安全的攻击可能并非不可避免。也许每个公司都知道如何保护他们的数据，即使这篇论文提出了一些更有效的新方法。确定公司安全状况的方法之一是进行风险评估。本研究提出了一个专家系统，通过风险评估来确定公司安全系统的位置或水平。风险评估的标准是基于ISO 27002。该专家系统采用前向链法确定规则和评分。本研究的结论是，风险评估与专家系统之间的整合有助于确定公司级别安全的位置，也有助于确定公司是否需要对其信息系统安全进行审计。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An expert system for risk assessment of information system security based on ISO 27002

Information system security in a company is an important element that every company should pay more attention due to the attacks against the security of the data that may not be inevitable. Probably every company knows how to protect their data even though this paper proposes something new which is more efficient. One of the ways that can be used to determine the security status of the company is by doing a risk assessment. This study proposes an expert system to determine the position or the level of the security system of a company by doing a risk assessment. The standard of risk assessment is based on the ISO 27002. Forward chaining method is used for the determination of rules and scoring in this expert system. The conclusion of this study is that the integration between the risk assessment and expert system helps in determining the position of a company-level security and also determining whether the company needs to do an audit of their information systems security or not.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 IEEE International Conference on Knowledge Engineering and Applications (ICKEA)

自引率

0.00%

发文量