• DocumentCode
    1835165
  • Title

    Evaluating Security Risks following a Compliance Perspective

  • Author

    Correiae, R. ; Pirmez, Luci ; Carmo, Luiz F Rust C

  • Author_Institution
    Nucleo de Comput. Eletron., Univ. Fed. do Rio de Janeiro, Rio de Janeiro
  • fYear
    2008
  • fDate
    3-5 Dec. 2008
  • Firstpage
    27
  • Lastpage
    36
  • Abstract
    One of the great challenges of information security area concerns the development of methods for measuring the degree of risk to which information is subject, consequence of the wide gamma of vulnerabilities and potential attacks. The compliance perspective for risk evaluation methodologies can be characterized as the search for turning a information system more aligned with a given security standard, for example ISO 27002. This paper proposes a security assessment procedure for quantifying the current compliance-level of information systems (IS) according to a control-based standard. It aims at identifying the that should be fully or partially implemented to achieve the maximum return of a given investment (ROI). Basically, to assess compliance, we have investigated different analytical models associated to a set of security attributes and compounds. Lastly, we make use of hypothetic scenarios to evaluate the behaviour of the proposed models through a comparative analysis under selected requirements.
  • Keywords
    information systems; risk management; security of data; information security area; risk evaluation methodologies; security assessment procedure; security risks; Analytical models; Control systems; Data security; ISO standards; Information security; Information systems; Investments; Quality management; Risk analysis; Systems engineering and theory;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    High Assurance Systems Engineering Symposium, 2008. HASE 2008. 11th IEEE
  • Conference_Location
    Nanjing
  • ISSN
    1530-2059
  • Print_ISBN
    978-0-7695-3482-4
  • Type

    conf

  • DOI
    10.1109/HASE.2008.55
  • Filename
    4708861