A remote IT security evaluation scheme: a proactive approach to risk management

We present a new model to conduct security evaluation of remote assets with dedicated profiles. An alternative approach to risk management in information assurance (IA) and a related protocol for remote evaluation of information assets is presented here. Application of this protocol ensures long-term risk management, hence efficient proactive lifecycle protection of critical information systems. Due to its generic and interoperable structure based on the modern Web technologies, the protocol can be applied to risk assessment and evaluation of a multitude type of systems. The protocol consists of a secure communication architecture associated with each asset a security profile, and software services and agents that communicate over the Internet and other open networks. The secure communication architecture uses a secure exchange protocol incorporating the fast elliptic curve cryptography. Interoperable, continuous, inexpensive, time- and location-neutral, and minimum resource usage are some of its advantages. With this new notion, we also aim at inspiring developers and researchers to develop value-added security evaluation tools, techniques and procedures