Title :
Evaluating Security Risks following a Compliance Perspective
Author :
Correiae, R. ; Pirmez, Luci ; Carmo, Luiz F Rust C
Author_Institution :
Nucleo de Comput. Eletron., Univ. Fed. do Rio de Janeiro, Rio de Janeiro
Abstract :
One of the great challenges of information security area concerns the development of methods for measuring the degree of risk to which information is subject, consequence of the wide gamma of vulnerabilities and potential attacks. The compliance perspective for risk evaluation methodologies can be characterized as the search for turning a information system more aligned with a given security standard, for example ISO 27002. This paper proposes a security assessment procedure for quantifying the current compliance-level of information systems (IS) according to a control-based standard. It aims at identifying the that should be fully or partially implemented to achieve the maximum return of a given investment (ROI). Basically, to assess compliance, we have investigated different analytical models associated to a set of security attributes and compounds. Lastly, we make use of hypothetic scenarios to evaluate the behaviour of the proposed models through a comparative analysis under selected requirements.
Keywords :
information systems; risk management; security of data; information security area; risk evaluation methodologies; security assessment procedure; security risks; Analytical models; Control systems; Data security; ISO standards; Information security; Information systems; Investments; Quality management; Risk analysis; Systems engineering and theory;
Conference_Titel :
High Assurance Systems Engineering Symposium, 2008. HASE 2008. 11th IEEE
Conference_Location :
Nanjing
Print_ISBN :
978-0-7695-3482-4
DOI :
10.1109/HASE.2008.55
