Construction and Evaluation of Bayesian Index on Information Security Risk
| Autor: | Chih-Kai Chu, Chien-Lung Chan |
|---|---|
| Rok vydání: | 2009 |
| Předmět: |
Risk analysis (engineering)
Certified Information Security Manager Information security management Computer science Enterprise information security architecture Information security Computer security computer.software_genre Asset (computer security) computer Security information and event management Information security management system Threat |
| Zdroj: | 2009 2nd International Conference on Computer Science and its Applications. |
| DOI: | 10.1109/csa.2009.5404245 |
| Popis: | The goal of this study lies in the construction and evaluation of a Bayesian index for measuring enterprise’s information security risk. By the integration of information security experts’ judgment, we constructed a quantitative model for the assessment of enterprise’s information security risk. The risk assessment of enterprise’s information security enables the enterprises to realize their information security risk and to make better decision to improve it. Through Delphi method and in-depth interview with domain experts, the risk factors of information security were grouped into 5 categories with 29 risk items in total. The first five key indicators are as follows: 1. Top management support 2. The impediment and the detection of worm virus and spyware’s attack 3. The protective measure and technique against the known hacker's attack 4. System access privilege control password, gold key management and 5. The information security equipment/software meets the requirement. Finally, the model was cross validated with the enterprise implementing ISO/IEC 27001. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|