A Data-driven Assessment Model for Information Systems Security Risk Management
نویسندگان
چکیده
In this paper, a data-driven assessment model for information systems security risk management is proposed based on the knowledge from observed cases and domain experts. In the model, genetic algorithm is applied to search the rules of security risk identification based on historical data. For identifying the causal relationships of risk factors and predict the occurrence probability of security risk, a Bayesian network (BN) is developed. Structure learning and parameter learning are utilized to integrate the database of observed cases with domain expert experience in the development of the BN. The significance of the work is that the model provides more objective and visible support for security risk assessment in the information systems.
منابع مشابه
بهبود رتبه بندی مخاطرات امنیت اطلاعات با استفاده از مدل های تصمیم گیری چند شاخصه
One of the most important capabilities of information security management systems, which must be implemented in all organizations according to their requirements, is information security risk management. The application of information security risk management is so important that it can be named as the heart of information security management systems. Information security risk rating is conside...
متن کاملIdentifying Information Security Risk Components in Military Hospitals in Iran
Background and Aim: Information systems are always at risk of information theft, information change, and interruptions in service delivery. Therefore, the present study was conducted to develop a model for identifying information security risk in military hospitals in Iran. Methods: This study was a qualitative content analysis conducted in military hospitals in Iran in 2019. The sample consist...
متن کاملارائه الگویی برای ارزیابی ریسک آتشسوزیهای عمدی
Background & Objectives : It is not possible to live without using fire. However, fire could destruct human properties in a short time. One of the most important types of fire is intentional fire. This type of fire has become a great problem for insurance companies, fire departments, industries, government and business in the recent years. This study aimed to provide a framework for risk assess...
متن کاملRisk Management in the context of Information Security: a Model-Driven approach
Information security is concerned with the requirements of availability, integrity, and confidentiality of information’s assets, which are fundamental to the long-term survival of an organization. Information security relies in risk management for security risks identification, evaluation and treatment, according to the ISO 31000. The methodologies supporting information security implementation...
متن کاملSecurity, confidentiality, and privacy of information in the field of health with data EPR embedding in medical MRI images based on HVS model
the development of new technology and modern equipment has led to the development of telemedicine systems. As a result, there are dangers such as publishing patient information and intentionally or unintentionally, medical information. The forensic organization, as one of the powerful arms of the judiciary, pursues important cases in the medical and psychiatric commissions to take steps to rea...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- JCP
دوره 7 شماره
صفحات -
تاریخ انتشار 2012