{"title":"对信息系统安全正式风险分析和评估的修改","authors":"Imed El Fray, Artur Wiliński","doi":"10.12913/22998624/185162","DOIUrl":null,"url":null,"abstract":"In the article, a modification of formal model of risk analysis (FoMRA) was proposed. The modified FoMRA1 method takes into account the guidelines of ISO/IEC 27001 and ISO/IEC 27005 standards. The applied modifica - tion and abstraction by resources and security controls (also called countermeasures) significantly shortened the time of risk weight calculation in comparison with the MEHARI method. An attempt was also made to further reduce the time of risk analysis using agents collecting information and data from various network nodes, from operating systems and devices, and additional agents containing information on reports on security procedures, security services, security management and organizational activities related to the information systems (mainte - nance, insurance, outsourcing contracts, etc.) and transfer it to the local FoMRA1 database. The obtained results indicate that the proposed method together with agents installed in various nodes enable a quick reaction to the system threats and prevention of their impacts (quasi-real-time security monitoring system).","PeriodicalId":517116,"journal":{"name":"Advances in Science and Technology Research Journal","volume":"2 3","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Modifications of the Formal Risk Analysis and Assessment for the Information System Security\",\"authors\":\"Imed El Fray, Artur Wiliński\",\"doi\":\"10.12913/22998624/185162\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In the article, a modification of formal model of risk analysis (FoMRA) was proposed. The modified FoMRA1 method takes into account the guidelines of ISO/IEC 27001 and ISO/IEC 27005 standards. The applied modifica - tion and abstraction by resources and security controls (also called countermeasures) significantly shortened the time of risk weight calculation in comparison with the MEHARI method. An attempt was also made to further reduce the time of risk analysis using agents collecting information and data from various network nodes, from operating systems and devices, and additional agents containing information on reports on security procedures, security services, security management and organizational activities related to the information systems (mainte - nance, insurance, outsourcing contracts, etc.) and transfer it to the local FoMRA1 database. The obtained results indicate that the proposed method together with agents installed in various nodes enable a quick reaction to the system threats and prevention of their impacts (quasi-real-time security monitoring system).\",\"PeriodicalId\":517116,\"journal\":{\"name\":\"Advances in Science and Technology Research Journal\",\"volume\":\"2 3\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Advances in Science and Technology Research Journal\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.12913/22998624/185162\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Advances in Science and Technology Research Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.12913/22998624/185162","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Modifications of the Formal Risk Analysis and Assessment for the Information System Security
In the article, a modification of formal model of risk analysis (FoMRA) was proposed. The modified FoMRA1 method takes into account the guidelines of ISO/IEC 27001 and ISO/IEC 27005 standards. The applied modifica - tion and abstraction by resources and security controls (also called countermeasures) significantly shortened the time of risk weight calculation in comparison with the MEHARI method. An attempt was also made to further reduce the time of risk analysis using agents collecting information and data from various network nodes, from operating systems and devices, and additional agents containing information on reports on security procedures, security services, security management and organizational activities related to the information systems (mainte - nance, insurance, outsourcing contracts, etc.) and transfer it to the local FoMRA1 database. The obtained results indicate that the proposed method together with agents installed in various nodes enable a quick reaction to the system threats and prevention of their impacts (quasi-real-time security monitoring system).
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
