Framework for the Optimal Design of an Information System to Diagnostic the Enterprise Security Level and Management the Information Risk Based on ISO/IEC-27001

2020 ◽  
pp. 3-13
Author(s):  
Christopher A. Kanter-Ramirez ◽  
Josue A. Lopez-Leyva ◽  
Lucia Beltran-Rocha ◽  
Dominica Ferková
Keyword(s):  
Information System ◽  
Optimal Design ◽  
Security Level ◽  
Information Risk ◽  
Iec 27001 ◽  
Enterprise Security

IRISK METHOD FOR SECURITY ESTIMATION OF THE SIMULATION POLYGON FOR THE PROTECTION OF CRITICAL INFORMATION RESOURCES

2019 ◽  
Author(s):  
Bogdan Korniyenko ◽  
Lilia Galata
Keyword(s):  
Risk Assessment ◽  
Information System ◽  
Information Security ◽  
Risk Analysis ◽  
Information Resources ◽  
Security System ◽  
Assessment System ◽  
Automated System ◽  
Information Risk ◽  
Critical Information

In this article, the research of information system protection by ana­ ly­ zing the risks for identifying threats for information security is considered. Information risk analysis is periodically conducted to identify information security threats and test the information security system. Currently, various information risk analysis techni­ ques exist and are being used, the main difference being the quantitative or qualitative risk assessment scales. On the basis of the existing methods of testing and evaluation of the vulnerabilities for the automated system, their advantages and disadvantages, for the possibility of further comparison of the spent resources and the security of the information system, the conclusion was made regarding the deter­ mi­ nation of the optimal method of testing the information security system in the context of the simulated polygon for the protection of critical information resources. A simula­ tion ground for the protection of critical information resources based on GNS3 application software has been developed and implemented. Among the considered methods of testing and risk analysis of the automated system, the optimal iRisk methodology was identified for testing the information security system on the basis of the simulated. The quantitative method Risk for security estimation is considered. Generalized iRisk risk assessment is calculated taking into account the following parameters: Vulnerabili­ ty  — vulnerability assessment, Threat — threat assessment, Control — assessment of security measures. The methodology includes a common CVSS vul­ nerability assessment system, which allows you to use constantly relevant coefficients for the calculation of vulnerabilities, as well as have a list of all major vulnerabilities that are associated with all modern software products that can be used in the automated system. The known software and hardware vulnerabilities of the ground are considered and the resistance of the built network to specific threats by the iRisk method is calculated.

Enhance Enterprise Security through Implementing ISO/IEC 27001 Standard

2021 ◽  
Author(s):  
Huaqun Guo ◽  
Meng Wei ◽  
Ping Huang ◽  
Eyasu Getahun Chekole
Keyword(s):  
Iec 27001 ◽  
Enterprise Security

scholarly journals A Security Situation Assessment Model of Information System for Smart Mobile Devices

2020 ◽  
Vol 2020 ◽  
pp. 1-11
Author(s):  
Lixia Xie ◽  
Liping Yan ◽  
Xugao Zhang ◽  
Hongyu Yang
Keyword(s):  
Information System ◽  
Mobile Devices ◽  
Weight Vector ◽  
Assessment Model ◽  
Interval Matrix ◽  
Security Level ◽  
Entropy Weight ◽  
Situation Assessment ◽  
Smart Mobile ◽  
Smart Mobile Devices

The accuracy of the existing security situation assessment model of information system for smart mobile devices is affected by expert evaluation preferences. This paper proposes an information system security situation assessment model for smart mobile devices, which is based on the modified interval matrix-entropy weight-based cloud (MIMEC). According to the security situation assessment index system, the interval judgment matrix reflecting the relative importance of different indexes is modified to improve the objectivity of the index layer weight vector. Then, the entropy weight-based cloud is used to quantify the criterion layer and the target layer security situation index, and the security level of the system is graded. The evaluation experiment on the departure control system for smart mobile devices not only verify the validity of this model but also demonstrate that this model has higher stability and reliability than other models.

scholarly journals Analisis Keamanan Sistem Informasi Berbasis Website Dengan Metode Open Web Application Security Project (OWASP) Versi 4: Systematic Review

2020 ◽  
Vol 5 (2) ◽  
pp. 185
Author(s):  
Anggi Elanda ◽  
Robby Lintang Buana
Keyword(s):  
Systematic Review ◽  
Information System ◽  
Web Application ◽  
Web Server ◽  
Security Level ◽  
Web Application Security ◽  
Web Based ◽  
Non Profit ◽  
Application Security

Abstract -- OWASP (Open Web Application Security Project) version 4 issued by a non-profit organization called owasp.org which is dedicated to the security of web-based applications. This systematic review is intended to review whether the Open Web Application Security Project (OWASP) method is widely used to detect security in a website-based Information System. In this systematic review, we review 3 literature from several publisher sources and make a comparison regarding OWASP version 4 results and the security level of a web server from the publisher's source.Keywords— OWASP, Website Vulnerability, Website Security Detection

scholarly journals Security Assessment Methodology Based on the Semantic Model of Metrics and Data

2021 ◽  
pp. 29-40
Author(s):  
Elena Doynikova ◽  
◽  
Andrey Fedorchenko ◽  
Igor Kotenko ◽  
Evgenia Novikova ◽  
...  
Keyword(s):  
Information System ◽  
System Analysis ◽  
Semantic Analysis ◽  
Data Sources ◽  
Security Level ◽  
Security Assessment ◽  
Semantic Model ◽  
Security Metrics ◽  
Security Research ◽  
Proposed Model

The purpose of the article: development of semantic model of metrics and data and technique for security assessment based on of this model to get objective scores of information system security. Research method: theoretical and system analysis of open security data sources and security metrics, semantic analysis and classification of security data, development of the security assessment technique based on the semantic model and methods of logical inference, functional testing of the developed technique. The result obtained: an approach based on the semantic model of metrics and data is proposed. The model is an ontology generated considering relations among the data sources, information system objects and data about them, primary metrics of information system objects and integral metrics and goals of assessment. The technique for metrics calculation and assessment of unspecified information systems security level in real-time using the proposed model is developed. The case study demonstrating applicability of the developed technique and ontology to answer security assessment questions is provided. The area of use of the proposed approach are security assessment components of information security monitoring and management systems aimed at increasing their efficiency.

scholarly journals Evaluasi Tingkat Kesiapan Keamanan Informasi Pada Lembaga Pendidikan Menggunakan Indeks Kami 4.0

2019 ◽  
Vol 1 (2) ◽  
pp. 53-62
Author(s):  
Pramudhita Ferdiansyah ◽  
Subektiningsih Subektiningsih ◽  
Rini Indrayani
Keyword(s):  
Information System ◽  
Information Security ◽  
Electronic System ◽  
Third Parties ◽  
Security Evaluation ◽  
Security Systems ◽  
Collection Method ◽  
System Requirements ◽  
Security Index ◽  
Iec 27001

Evaluasi keamanan sistem informasi sangat diperlukan bagi sebuah organisasi, instansi, maupun perusahaan guna mencegah kebocoran data ataupun kerusakan sistem informasi. Penelitian ini dilakukan di sektor pendidikan pada lembaga UPTD XYZ di bawah kuasa Dinas Pendidikan Provinsi Daerah Istimewa Yogyakarta. Evaluasi kematangan dan tata kelola keamanan informasi diterapkan berdasarkan standar ISO/IEC 27001:2017 dengan menggunakan indeks keamanan informasi KAMI versi 4.0. Metode pengumpulan data dilakukan dengan cara observasi langsung dan interview terhadap penanggungjawab sistem informasi. Hasil yang didapatkan dari evaluasi untuk kebutuhan sistem elektronik sebesar 20, sedangkan tingkat kelengkapan informasi mendapatkan skor 245. Dari hasil tersebut dapat disimpulkan bahwa tingkat keamanan informasi masih sangat rendah dan diperlukan perbaikan sistem keamanan informasi dengan bekerja sama dengan pengembang keamanan informasi dari pihak ketiga. Information system security evaluation is indispensable for an organization, agency, or company to prevent data leakage or damage to information systems. This research was conducted in the education sector at the UPTD XYZ institution under the authority of the Yogyakarta Provincial Education Office. Information security maturity and governance evaluation is implemented based on ISO / IEC 27001: 2017 standard by using the WE information security index version 4.0. The data collection method is done by direct observation and interviews with the person in charge of the information system. The results obtained from the evaluation for electronic system requirements were 20, while the level of completeness of information got a score of 245. From these results it can be concluded that the level of information security is still very low and it is necessary to improve information security systems in collaboration with information security developers from third parties.

scholarly journals The security system for maintenance of the required information security level

2018 ◽  
Vol 210 ◽  
pp. 04005
Author(s):  
Maciej Kiedrowicz ◽  
Jerzy Stanik
Keyword(s):  
Information System ◽  
Quality Management ◽  
Information Security ◽  
Working Conditions ◽  
Information Resources ◽  
Security System ◽  
Security Level ◽  
Security Feature ◽  
Organizational Configurations ◽  
The Impact

The article outlines the concept of maintaining the required security level of the information system in the organization (SIO) through appropriate control of the security configurations of the security system. The security system (SS) model was proposed and its basic elements characterized to maintain the current security level of the information resources. The desired current security feature of the SIO shall be obtained by generating appropriate security technical and organizational configurations from the set of permissible solutions. The proposed concept, which takes into account the impact of not only basic security elements of the information resources (e.g. types of resources, security attributes, risks, vulnerability), but also changes in the working conditions of the information system and security system as well as the entire security and quality management environment of the organization, constitutes own proposal of the authors.

Sign in / Sign up

Export Citation Format

Share Document