Security Evaluation Model based on the Score of Security Mechansisms
نویسندگان
چکیده
Information security plays a key role in protection of organization’s assets. There exist a number of standards and guidelines providing huge lists of security controls that, if properly used, might be useful against cyber threats. However, these standards leave the process of controls selection to the organizations. Security manager has to carry out a decision on implementation of security controls. Deciding which controls should be encompassed and which bypassed could be tough and indeterminate, since different sources usually prefer another solutions. This work presents motivation for using metrics as an instrument for a risk analysis. The main goal of this work is to define proper security evaluation model for an organization, based on the score of security mechanisms. We present a mathematical model of evaluation, which minimizes subjectivity in this process and it should lead to more automatized risk analysis and make the results of the analysis more comparable. Our work is based on the ISO/IEC 27002 standard on which is built our evaluation model.
منابع مشابه
Quantitative evaluation of software security: an approach based on UML/SecAM and evidence theory
Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient kn...
متن کاملFormal approach on modeling and predicting of software system security: Stochastic petri net
To evaluate and predict component-based software security, a two-dimensional model of software security is proposed by Stochastic Petri Net in this paper. In this approach, the software security is modeled by graphical presentation ability of Petri nets, and the quantitative prediction is provided by the evaluation capability of Stochastic Petri Net and the computing power of Markov chain. Each...
متن کاملEvaluation of the Criteria in the First Generation of CPTED Approach on Security of Public Space at Dehkade Farahzad of Tehran Based on ANP Model
متن کامل
Modeling of Electronic Health Management for Islamic Republic of Iran Social Security Organization
Background: Social Security Organization with more than 40 million insured people, supplies therapeutic services to nearly fifty percent of the country’s population. This volume of service needs a good update and on line planning, organizing, coordination, staffing, and budgeting. Electronic health is improving day to day and is a good tool in helping the Social Security Organization in conduct...
متن کاملSecurity, confidentiality, and privacy of information in the field of health with data EPR embedding in medical MRI images based on HVS model
the development of new technology and modern equipment has led to the development of telemedicine systems. As a result, there are dangers such as publishing patient information and intentionally or unintentionally, medical information. The forensic organization, as one of the powerful arms of the judiciary, pursues important cases in the medical and psychiatric commissions to take steps to rea...
متن کامل