Title :
SecConfig: A Pre-Active Information Security Protection Technique
Author :
Chen, Ching-Jiang ; Li, Ming-Hwa
Author_Institution :
Dept. of Info. Manage., Nat. Yunlin Univ. of Sci. & Technol., Douliou
Abstract :
Recently, malicious programs and targeted attacks in social engineering have proved that lots of traditional outer protection schemes cannot prevent these threats. According to the principles of ISO27001 and BS7799 standards, an automatic information security protection system named "SecConfig" (security configuration) is proposed in this paper for the information security protection at the end host. There are totally 31 potential information security threats classified into three main categories: 1) the central control of the information security protection, 2) the fix of the information security at the operation system level and the application level, and 3) the asset management and information security live monitor platform. In this paper, there are 520 end hosts and 20 experimental rounds (one round per month) used to evaluate the proposed system. The results show that, excluding artificial and inartificial causes, more than 95% hosts can be protected safely and efficiently in the later rounds.
Keywords :
information management; security of data; SecConfig; asset management; preactive information security protection technique; Application software; Asset management; Centralized control; Computer networks; Computer security; Data security; Information management; Information security; Intrusion detection; Protection; information security; information security management system (ISMS); pre-active protection;
Conference_Titel :
Networked Computing and Advanced Information Management, 2008. NCM '08. Fourth International Conference on
Conference_Location :
Gyeongju
Print_ISBN :
978-0-7695-3322-3
DOI :
10.1109/NCM.2008.79
