Title :
A method for system auditing based on baseline assessment
Author :
Zhang, Jianwu ; Xu, Guoai ; Yang, Yixian ; Guo, Shize
Author_Institution :
Key Lab. of Network & Inf. Attack & Defense Technol. of MOE, Beijing Univ. of Posts & Telecommun., Beijing, China
Abstract :
Common Criteria (CC) provides only the standard for evaluating information security product or system. CC based evaluation on system auditing is considered crucial for the overall evaluation and in trouble without an effective method; however, the information system is a large-scale complex system. It includes many uncertain factors, as software, hardware, people and so on. As a result, information systems security risk is related to many ambiguous factors, what are difficult to measure, with ambiguity. In this paper, a method for system auditing based on baseline assessment was presented, In our method, analytic hierarchy process is introduced, which could be used to evaluate the security situation of information system.
Keywords :
decision making; information systems; security of data; analytic hierarchy process; baseline assessment; common criteria; information security product; information system; large-scale complex system; system auditing; Hardware; IP networks; Protocols; Security; Syntactics; XML; analytical hierarchy process(AHP); baseline assessment; configration auditing;
Conference_Titel :
Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on
Conference_Location :
Xi´an
Print_ISBN :
978-1-61284-485-5
DOI :
10.1109/ICCSN.2011.6014334
