Evaluating Security Risks following a Compliance Perspective
One of the great challenges of information security area concerns the development of methods for measuring the degree of risk to which information is subject,consequence of the wide gamma of vulnerabilities and potential attacks. The compliance perspective for risk evaluation methodologies can be characterized as the search for turning a information system more aligned with a given security standard, for example ISO 27002. This paper proposes a security assessment procedure for quantifying the current compliance-level of Information Systems (IS) according to a control-based standard. It aims at identifying the that should be fully or partially implemented to achieve the maximum return of a given investment (ROI). Basically, to assess compliance, we have investigated different analytical models associated to a set of security attributes and compounds. Lastly, we make use of hypothetic scenarios to evaluate the behaviour of the proposed models through a comparative analysis under selected requirements.
Reinaldo de B.Correia Luci Pirmez Luiz F.Rust C.Carmo
Nucleo de Computacao Eletronica Universidade Federal do Rio de Janeiro P.O.Box 2324, 20001-970 Rio d INMETRO Av.Nossa Senhora das Gracas, 50, CEP:25250-020 Xerem, Duque de Caxias -RJ Brazil
国际会议
11th IEEE High Assurance Systems Engineering Symposium(HASE 2008)(第十一届IEEE高可信系统工程国际研讨会)
南京
英文
27-36
2008-12-03(万方平台首次上网日期,不代表论文的发表时间)