| Autor: |
Ilya I. Livshitz, Pawel A. Lontsikh, Valentina V. Kozhukhova, Egor P. Kunakov, Elena Y. Golovina |
| Rok vydání: |
2020 |
| Předmět: |
|
| Zdroj: |
2020 International Conference Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS). |
| DOI: |
10.1109/itqmis51053.2020.9322976 |
| Popis: |
Nowadays, the attention has increased significantly on the IT-components security, including the assessment of multiple types of objects using cloud infrastructure. The article discusses the opinions of Russian and foreign experts on a wide range of issues of IT-security as stand-alone IT-components and holistic cloud services. The article proposes a practical approach based on the “Hybrid” methodology using formal assessment procedures based on two cardinalities of criteria: the assessment of management systems compliance degree (based on ISO/IEC 27001 series) and the assessment of functional safety requirements (based on IEC 61508 series and ISO/IEC 15408 series). The proposed method allows to obtain the traceability results of IT-security risk assessment of cloud IT-components in the given constraints. Sufficient and correctly implemented countermeasures minimize the risk (residual risk) for significant assets. These results can be applied to the processes of an independent assessment, including critical infrastructure, with the required accuracy of calculation. |
| Databáze: |
OpenAIRE |
| Externí odkaz: |
|
