Title :
New approach in information system security evaluation
Author :
Breier, Jakub ; Hudec, Ladislav
Author_Institution :
Fac. of Inf. & Inf. Technol., Slovak Univ. of Technol., Bratislava, Slovakia
Abstract :
Information technology risk assessment approaches are based on subjective and qualitative methods of measurement and evaluation mainly. In this paper an approach based on the Analytic Hierarchy Process technique is proposed, using level of security mechanisms implementation as an input. By using the predefined weights of these mechanisms it will give us overall security score in five main security attributes - confidentiality, integrity, availability, authenticity and non-repudiability. The main purpose of this work is to bring an objectivity into the process of the risk assessment and to provide an adequate evaluation of implemented security controls. As a basis for our work the ISO/IEC 27002:2005 standard is used. This standard contains the database of control objectives to which the proposed security mechanisms are assigned.
Keywords :
IEC standards; ISO standards; analytic hierarchy process; information systems; risk management; security of data; ISO/IEC 27002:2005 standard; analytic hierarchy process technique; confidentiality; information system security evaluation; information technology risk assessment; qualitative method; security control; security mechanism; Asset management; Availability; Information security; Standards; Vectors;
Conference_Titel :
Satellite Telecommunications (ESTEL), 2012 IEEE First AESS European Conference on
Conference_Location :
Rome
Print_ISBN :
978-1-4673-4687-0
Electronic_ISBN :
978-1-4673-4686-3
DOI :
10.1109/ESTEL.2012.6400145
