DocumentCode
1835165
Title
Evaluating Security Risks following a Compliance Perspective
Author
Correiae, R. ; Pirmez, Luci ; Carmo, Luiz F Rust C
Author_Institution
Nucleo de Comput. Eletron., Univ. Fed. do Rio de Janeiro, Rio de Janeiro
fYear
2008
fDate
3-5 Dec. 2008
Firstpage
27
Lastpage
36
Abstract
One of the great challenges of information security area concerns the development of methods for measuring the degree of risk to which information is subject, consequence of the wide gamma of vulnerabilities and potential attacks. The compliance perspective for risk evaluation methodologies can be characterized as the search for turning a information system more aligned with a given security standard, for example ISO 27002. This paper proposes a security assessment procedure for quantifying the current compliance-level of information systems (IS) according to a control-based standard. It aims at identifying the that should be fully or partially implemented to achieve the maximum return of a given investment (ROI). Basically, to assess compliance, we have investigated different analytical models associated to a set of security attributes and compounds. Lastly, we make use of hypothetic scenarios to evaluate the behaviour of the proposed models through a comparative analysis under selected requirements.
Keywords
information systems; risk management; security of data; information security area; risk evaluation methodologies; security assessment procedure; security risks; Analytical models; Control systems; Data security; ISO standards; Information security; Information systems; Investments; Quality management; Risk analysis; Systems engineering and theory;
fLanguage
English
Publisher
ieee
Conference_Titel
High Assurance Systems Engineering Symposium, 2008. HASE 2008. 11th IEEE
Conference_Location
Nanjing
ISSN
1530-2059
Print_ISBN
978-0-7695-3482-4
Type
conf
DOI
10.1109/HASE.2008.55
Filename
4708861
Link To Document