{"title":"集成企业目标的信息安全度量","authors":"B. Karabey, N. Baykal","doi":"10.1109/CCST.2009.5335549","DOIUrl":null,"url":null,"abstract":"Security is one of the key concerns in the domain of information technology systems. Maintaining the confidentiality, integrity and availability of such systems, mandates a rigorous prior analysis of the security risks that confront these systems. In order to analyze, mitigate and recover from these risks a metrics based approach is essential in prioritizing the response strategies against these risks. In addition to that the enterprise objectives must be focally integrated in the definition, impact calculation and prioritization phases of this analysis to come up with metrics that are useful both for the technical and managerial communities within an organization. Also the inclusion of enterprise objectives in the identification of information assets will act as a preliminary filter to overcome the real life scalability issues inherent with such threat modeling efforts. Within this study an attack tree based approach will be utilized to offer an information security risk metric that integrates the enterprise objectives with the information asset vulnerabilities within an organization. In the essential step of enterprise resource identification, the resource-based view of a company will be utilized.","PeriodicalId":117285,"journal":{"name":"43rd Annual 2009 International Carnahan Conference on Security Technology","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Information security metric integrating enterprise objectives\",\"authors\":\"B. Karabey, N. Baykal\",\"doi\":\"10.1109/CCST.2009.5335549\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security is one of the key concerns in the domain of information technology systems. Maintaining the confidentiality, integrity and availability of such systems, mandates a rigorous prior analysis of the security risks that confront these systems. In order to analyze, mitigate and recover from these risks a metrics based approach is essential in prioritizing the response strategies against these risks. In addition to that the enterprise objectives must be focally integrated in the definition, impact calculation and prioritization phases of this analysis to come up with metrics that are useful both for the technical and managerial communities within an organization. Also the inclusion of enterprise objectives in the identification of information assets will act as a preliminary filter to overcome the real life scalability issues inherent with such threat modeling efforts. Within this study an attack tree based approach will be utilized to offer an information security risk metric that integrates the enterprise objectives with the information asset vulnerabilities within an organization. In the essential step of enterprise resource identification, the resource-based view of a company will be utilized.\",\"PeriodicalId\":117285,\"journal\":{\"name\":\"43rd Annual 2009 International Carnahan Conference on Security Technology\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-11-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"43rd Annual 2009 International Carnahan Conference on Security Technology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCST.2009.5335549\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"43rd Annual 2009 International Carnahan Conference on Security Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCST.2009.5335549","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Information security metric integrating enterprise objectives
Security is one of the key concerns in the domain of information technology systems. Maintaining the confidentiality, integrity and availability of such systems, mandates a rigorous prior analysis of the security risks that confront these systems. In order to analyze, mitigate and recover from these risks a metrics based approach is essential in prioritizing the response strategies against these risks. In addition to that the enterprise objectives must be focally integrated in the definition, impact calculation and prioritization phases of this analysis to come up with metrics that are useful both for the technical and managerial communities within an organization. Also the inclusion of enterprise objectives in the identification of information assets will act as a preliminary filter to overcome the real life scalability issues inherent with such threat modeling efforts. Within this study an attack tree based approach will be utilized to offer an information security risk metric that integrates the enterprise objectives with the information asset vulnerabilities within an organization. In the essential step of enterprise resource identification, the resource-based view of a company will be utilized.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
