根据BS 7799使用OCTAVE方法设计安全策略

The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI:10.1109/ARES.2007.69

J. Paulina, P. Marek

{"title":"根据BS 7799使用OCTAVE方法设计安全策略","authors":"J. Paulina, P. Marek","doi":"10.1109/ARES.2007.69","DOIUrl":null,"url":null,"abstract":"In the article, authors conduct a discussion concerning a methodology that improves the decision making process for the issues of information protection and management within a company. Authors describe the OCTAVE methodology (the operationally critical threat, asset, and vulnerability evaluation), including examples and refer to many legal regulations. Usage of OCTAVE in the process of creating a security policy is being subject to analysis. The article aims at presenting a methodology, which is successfully used in Western-European countries and proving that it can be adapted for implementations in other countries, fitting well into the policies of various institutions. The authors wish to bring closer the guidelines for creating a security policy and deploying security measures within institutions","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Designing a Security Policy According to BS 7799 Using the OCTAVE Methodology\",\"authors\":\"J. Paulina, P. Marek\",\"doi\":\"10.1109/ARES.2007.69\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In the article, authors conduct a discussion concerning a methodology that improves the decision making process for the issues of information protection and management within a company. Authors describe the OCTAVE methodology (the operationally critical threat, asset, and vulnerability evaluation), including examples and refer to many legal regulations. Usage of OCTAVE in the process of creating a security policy is being subject to analysis. The article aims at presenting a methodology, which is successfully used in Western-European countries and proving that it can be adapted for implementations in other countries, fitting well into the policies of various institutions. The authors wish to bring closer the guidelines for creating a security policy and deploying security measures within institutions\",\"PeriodicalId\":383015,\"journal\":{\"name\":\"The Second International Conference on Availability, Reliability and Security (ARES'07)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-04-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The Second International Conference on Availability, Reliability and Security (ARES'07)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2007.69\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The Second International Conference on Availability, Reliability and Security (ARES'07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2007.69","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

摘要

在本文中，作者对一种改进公司内部信息保护和管理问题决策过程的方法进行了讨论。作者描述了OCTAVE方法(可操作的关键威胁、资产和脆弱性评估)，包括示例并参考了许多法律法规。在创建安全策略的过程中使用OCTAVE正在进行分析。本文的目的是提出一种在西欧国家成功使用的方法，并证明它可以适用于其他国家的实施，很好地适应各种机构的政策。作者希望为在机构内创建安全策略和部署安全措施提供更接近的指导方针

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Designing a Security Policy According to BS 7799 Using the OCTAVE Methodology

In the article, authors conduct a discussion concerning a methodology that improves the decision making process for the issues of information protection and management within a company. Authors describe the OCTAVE methodology (the operationally critical threat, asset, and vulnerability evaluation), including examples and refer to many legal regulations. Usage of OCTAVE in the process of creating a security policy is being subject to analysis. The article aims at presenting a methodology, which is successfully used in Western-European countries and proving that it can be adapted for implementations in other countries, fitting well into the policies of various institutions. The authors wish to bring closer the guidelines for creating a security policy and deploying security measures within institutions

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

The Second International Conference on Availability, Reliability and Security (ARES'07)

自引率

0.00%

发文量