为即时信息安全审计提供了新的方面

2016 IEEE Conference on Quality Management, Transport and Information Security, Information Technologies (IT&MQ&IS) Pub Date : 2016-10-01 DOI:10.1109/ITMQIS.2016.7751920

I. Livshitz, Kseniya A. Nikiforova, P. Lontsikh, S. N. Karasev

{"title":"为即时信息安全审计提供了新的方面","authors":"I. Livshitz, Kseniya A. Nikiforova, P. Lontsikh, S. N. Karasev","doi":"10.1109/ITMQIS.2016.7751920","DOIUrl":null,"url":null,"abstract":"This publication discusses the problem concerning the concept of the instantaneous information security (IT-Security) audits directed, including providing protection against “zero-day” threats. It is noted that effective “zero-day” counteraction based on implementation a set of preventive IT-Security controls, but not limited new technical facilities installation only. A key feature of this concept of instantaneous IT-Security audits is to assess how the left limit of the protection level in the process of IT-Security audits performing. Methodological basis of the concept of instantaneous IT-Security audits are ISO 27001 and 19011 standards series, supplemented by many (expandable) IT-Security metrics to quantify the object protection level. The obtained results can find application in create of models and methods of IT-Security audits performing and continuous improvement of an object protection under the influence of IT-Security violation threats.","PeriodicalId":330739,"journal":{"name":"2016 IEEE Conference on Quality Management, Transport and Information Security, Information Technologies (IT&MQ&IS)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"The new aspects for the instantaneous information security audit\",\"authors\":\"I. Livshitz, Kseniya A. Nikiforova, P. Lontsikh, S. N. Karasev\",\"doi\":\"10.1109/ITMQIS.2016.7751920\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This publication discusses the problem concerning the concept of the instantaneous information security (IT-Security) audits directed, including providing protection against “zero-day” threats. It is noted that effective “zero-day” counteraction based on implementation a set of preventive IT-Security controls, but not limited new technical facilities installation only. A key feature of this concept of instantaneous IT-Security audits is to assess how the left limit of the protection level in the process of IT-Security audits performing. Methodological basis of the concept of instantaneous IT-Security audits are ISO 27001 and 19011 standards series, supplemented by many (expandable) IT-Security metrics to quantify the object protection level. The obtained results can find application in create of models and methods of IT-Security audits performing and continuous improvement of an object protection under the influence of IT-Security violation threats.\",\"PeriodicalId\":330739,\"journal\":{\"name\":\"2016 IEEE Conference on Quality Management, Transport and Information Security, Information Technologies (IT&MQ&IS)\",\"volume\":\"10 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE Conference on Quality Management, Transport and Information Security, Information Technologies (IT&MQ&IS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ITMQIS.2016.7751920\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Conference on Quality Management, Transport and Information Security, Information Technologies (IT&MQ&IS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ITMQIS.2016.7751920","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

本出版物讨论了有关直接的即时信息安全(IT-Security)审计概念的问题，包括提供针对“零日”威胁的保护。值得注意的是，有效的“零日”应对措施是基于实施一套预防性的It安全控制措施，而不仅仅局限于安装新的技术设施。这种即时IT-Security审计概念的一个关键特征是评估IT-Security审计执行过程中保护级别的极限。即时IT-Security审计概念的方法基础是ISO 27001和19011系列标准，并辅以许多(可扩展的)IT-Security度量来量化对象保护级别。所得结果可用于创建it安全审计的模型和方法，在it安全违规威胁的影响下执行和持续改进对象保护。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

The new aspects for the instantaneous information security audit

This publication discusses the problem concerning the concept of the instantaneous information security (IT-Security) audits directed, including providing protection against “zero-day” threats. It is noted that effective “zero-day” counteraction based on implementation a set of preventive IT-Security controls, but not limited new technical facilities installation only. A key feature of this concept of instantaneous IT-Security audits is to assess how the left limit of the protection level in the process of IT-Security audits performing. Methodological basis of the concept of instantaneous IT-Security audits are ISO 27001 and 19011 standards series, supplemented by many (expandable) IT-Security metrics to quantify the object protection level. The obtained results can find application in create of models and methods of IT-Security audits performing and continuous improvement of an object protection under the influence of IT-Security violation threats.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 IEEE Conference on Quality Management, Transport and Information Security, Information Technologies (IT&MQ&IS)

自引率

0.00%

发文量