Risk Management in the context of Information Security: a Model-Driven approach

نویسندگان

  • ANACLETO CORREIA
  • ANTÓNIO GONÇALVES
  • M. FILOMENA TEODORO
چکیده

Information security is concerned with the requirements of availability, integrity, and confidentiality of information’s assets, which are fundamental to the long-term survival of an organization. Information security relies in risk management for security risks identification, evaluation and treatment, according to the ISO 31000. The methodologies supporting information security implementation, such the ones based on the ISO 27000 set of standards, are holistic approaches that deals with corporate systems, as well as an extended network that includes business partners, vendors, customers and other stakeholders. This paper uses the model-driven approach for addressing information security systems conception and design, deemed to be compliant with the ISO/IEC 27000 and the ISO 31000 set of standards. A domain level model (computation independent model) based on the information security and risk management vocabulary present in the standards was built. This CIM model serves as a meta-model for platform independent models of information security systems compliant with the information security and risk management standards. This model is the baseline for conceiving, implementing and testing actual information security systems, allowing users from different organizational, functional, and technical levels to use a common language when embedding information security and risk management in their processes. Key-Words: information security, risk management, model-driven architecture, MDA. WSEAS TRANSACTIONS on INFORMATION SCIENCE and APPLICATIONS Anacleto Correia, António Gonçalves, M. Filomena Teodoro E-ISSN: 2224-3402 10 Volume 14, 2017

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Identifying and Ranking Technology-Telecommunications Context of Information Security anagement System in E-Government Using Fuzzy AHP Approach

In recent years, many security threats have entered into the organizations’ information and changed the  organizational performance resulting in their exorbitant costs. This question is of particular importanceabout government agencies that use information and Internet systems. This issue enabled the top managers of organizations to implement a security system and minimize these costs. Using In...

متن کامل

CAMAC: a context-aware mandatory access control model

Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments such as military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes and flexibility of access control mechanisms may be required especially in pervasive c...

متن کامل

بهبود رتبه بندی مخاطرات امنیت اطلاعات با استفاده از مدل های تصمیم گیری چند شاخصه

One of the most important capabilities of information security management systems, which must be implemented in all organizations according to their requirements, is information security risk management. The application of information security risk management is so important that it can be named as the heart of information security management systems. Information security risk rating is conside...

متن کامل

Identifying Information Security Risk Components in Military Hospitals in Iran

Background and Aim: Information systems are always at risk of information theft, information change, and interruptions in service delivery. Therefore, the present study was conducted to develop a model for identifying information security risk in military hospitals in Iran. Methods: This study was a qualitative content analysis conducted in military hospitals in Iran in 2019. The sample consist...

متن کامل

Critical Success Factors in implementing information security governance (Case study: Iranian Central Oil Fields Company)

The oil industry, as one of the main industries of the country, has always faced cyber attacks and security threats. Therefore, the integration of information security in corporate governance is essential and a governance challenge. The integration of information security and corporate governance is called information security governance. In this research, we identified "critical success factor...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2017