{"title":"远程IT安全评估方案:一种前瞻性的风险管理方法","authors":"Suleyman Kondakci","doi":"10.1109/IWIA.2006.1","DOIUrl":null,"url":null,"abstract":"We present a new model to conduct security evaluation of remote assets with dedicated profiles. An alternative approach to risk management in information assurance (IA) and a related protocol for remote evaluation of information assets is presented here. Application of this protocol ensures long-term risk management, hence efficient proactive lifecycle protection of critical information systems. Due to its generic and interoperable structure based on the modern Web technologies, the protocol can be applied to risk assessment and evaluation of a multitude type of systems. The protocol consists of a secure communication architecture associated with each asset a security profile, and software services and agents that communicate over the Internet and other open networks. The secure communication architecture uses a secure exchange protocol incorporating the fast elliptic curve cryptography. Interoperable, continuous, inexpensive, time- and location-neutral, and minimum resource usage are some of its advantages. With this new notion, we also aim at inspiring developers and researchers to develop value-added security evaluation tools, techniques and procedures","PeriodicalId":156960,"journal":{"name":"Fourth IEEE International Workshop on Information Assurance (IWIA'06)","volume":"199 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"A remote IT security evaluation scheme: a proactive approach to risk management\",\"authors\":\"Suleyman Kondakci\",\"doi\":\"10.1109/IWIA.2006.1\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We present a new model to conduct security evaluation of remote assets with dedicated profiles. An alternative approach to risk management in information assurance (IA) and a related protocol for remote evaluation of information assets is presented here. Application of this protocol ensures long-term risk management, hence efficient proactive lifecycle protection of critical information systems. Due to its generic and interoperable structure based on the modern Web technologies, the protocol can be applied to risk assessment and evaluation of a multitude type of systems. The protocol consists of a secure communication architecture associated with each asset a security profile, and software services and agents that communicate over the Internet and other open networks. The secure communication architecture uses a secure exchange protocol incorporating the fast elliptic curve cryptography. Interoperable, continuous, inexpensive, time- and location-neutral, and minimum resource usage are some of its advantages. With this new notion, we also aim at inspiring developers and researchers to develop value-added security evaluation tools, techniques and procedures\",\"PeriodicalId\":156960,\"journal\":{\"name\":\"Fourth IEEE International Workshop on Information Assurance (IWIA'06)\",\"volume\":\"199 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-04-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Fourth IEEE International Workshop on Information Assurance (IWIA'06)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IWIA.2006.1\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Fourth IEEE International Workshop on Information Assurance (IWIA'06)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IWIA.2006.1","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A remote IT security evaluation scheme: a proactive approach to risk management
We present a new model to conduct security evaluation of remote assets with dedicated profiles. An alternative approach to risk management in information assurance (IA) and a related protocol for remote evaluation of information assets is presented here. Application of this protocol ensures long-term risk management, hence efficient proactive lifecycle protection of critical information systems. Due to its generic and interoperable structure based on the modern Web technologies, the protocol can be applied to risk assessment and evaluation of a multitude type of systems. The protocol consists of a secure communication architecture associated with each asset a security profile, and software services and agents that communicate over the Internet and other open networks. The secure communication architecture uses a secure exchange protocol incorporating the fast elliptic curve cryptography. Interoperable, continuous, inexpensive, time- and location-neutral, and minimum resource usage are some of its advantages. With this new notion, we also aim at inspiring developers and researchers to develop value-added security evaluation tools, techniques and procedures
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
