The Information Security Program and How a Security Assessment Fits In

The article considers an issue of information security of the distance education systems. It analyzes the functions and architecture of the typical distance education system. With considering the requirements of information security it also discusses the university information system for solving the distance learning problems. The author defines valuable assets and information resources and describes the existing security threats. The subjects of interaction in the distance learning mode are presented. There is a consideration of the principal directions of the university’s activity in the distance learning system, requiring constant monitoring of information security. A threat model is worked out and the main security vulnerabilities are highlighted. The analysis of the causes and consequences of information security violation in the distance learning system is carried out and most vulnerable and critical nodes were identified. The hardware and software requirements for the remote mode work are regarded. A recommended list of hardware and software tools that ensure compliance with safety requirements is presented. The major lines of protection for distance learning systems are highlighted. The article proves the necessity of conducting a regular security assessment as a means for monitoring an effectiveness of the protection system.

Download Full-text

PENDETEKSIAN DINI TINGKAT KEMANAN INFORMASI BERBASIS ISO 27001 : 2013 MENGGUNAKAN METODE AHP (ANALYTICAL HIERARCHY PROCESS)

Cyber Security dan Forensik Digital ◽

10.14421/csecurity.2019.2.2.1480 ◽

2019 ◽

Vol 2 (2) ◽

pp. 57-64

Author(s):

Arini Arini

Keyword(s):

Decision Making ◽

Information Security ◽

Analytical Hierarchy Process ◽

British Standard Institution ◽

International Electrotechnical Commission ◽

Security Assessment ◽

Scoring Method ◽

Weighting Method ◽

Hierarchy Process ◽

Iso 27001

Information is one of the important assets for the survival of an organization / business, defense security and the integrity of the country, public trust between consumers, so that the availability, accuracy and integrity must be maintained, or commonly abbreviated as CIA (Confidentiality, Integrity & Availability). ISO 27001 is an information security standard published in October 2005 by the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). However, until now there has been no tool for companies in Indonesia to do a pre-assessment of the level of information security. Plus the lack of socialization of the rules and the lack of ISO 270001 expert in Indonesia, these are reason why the authors conducted this research. The author begins research by collecting data, by studying literature and interviewing experts to identify problems. After that, in its implementation, this research will be directed (knowledge acquisition) and reviewed directly by an ISO 27001 expert from The British Standard Institution of the United Kingdom (BSI) so that the results are more accurate. After that, the writer determines the weighting method (decision making), scoring method, system development method, and simulation method (testing). The results of the study are in the form of pre-assessment to evaluate the information security assessment index, which will be displayed according to indicators pioneered from ISO 27001: 2013 using AHP (Analytical Hierarchy Process) decision-making methods, as well as web-based making it easier to review.

Download Full-text

Phát triển Framework ứng dụng AI hỗ trợ tự động khai thác lỗ hổng bảo mật

Journal of Science and Technology on Information security ◽

10.54654/isj.v1i13.234 ◽

2022 ◽

Vol 1 (13) ◽

pp. 80-92

Author(s):

Nguyễn Mạnh Thiên ◽

Phạm Đăng Khoa ◽

Nguyễn Đức Vượng ◽

Nguyễn Việt Hùng

Keyword(s):

Information System ◽

Reinforcement Learning ◽

Information Security ◽

Vulnerability Assessment ◽

Large Scale ◽

Learning Technology ◽

Security Assessment ◽

Security Vulnerability ◽

Different Levels

Tóm tắt—Hiện nay, nhiệm vụ đánh giá an toàn thông tin cho các hệ thống thông tin có ý nghĩa quan trọng trong đảm bảo an toàn thông tin. Đánh giá/khai thác lỗ hổng bảo mật cần được thực hiện thường xuyên và ở nhiều cấp độ khác nhau đối với các hệ thống thông tin. Tuy nhiên, nhiệm vụ này đang gặp nhiều khó khăn trong triển khai diện rộng do thiếu hụt đội ngũ chuyên gia kiểm thử chất lượng ở các cấp độ khác nhau. Trong khuôn khổ bài báo này, chúng tôi trình bày nghiên cứu phát triển Framework có khả năng tự động trinh sát thông tin và tự động lựa chọn các mã để tiến hành khai thác mục tiêu dựa trên công nghệ học tăng cường (Reinforcement Learning). Bên cạnh đó Framework còn có khả năng cập nhật nhanh các phương pháp khai thác lỗ hổng bảo mật mới, hỗ trợ tốt cho các cán bộ phụ trách hệ thống thông tin nhưng không phải là chuyên gia bảo mật có thể tự động đánh giá hệ thống của mình, nhằm giảm thiểu nguy cơ từ các cuộc tấn công mạng. Abstract—Currently, security assessment is one of the most important proplem in information security. Vulnerability assessment/exploitation should be performed regularly with different levels of complexity for each information system. However, this task is facing many difficulties in large-scale deployment due to the lack of experienced testing experts. In this paper, we proposed a Framework that can automatically gather information and automatically select suitable module to exploit the target based on reinforcement learning technology. Furthermore, our framework has intergrated many scanning tools, exploited tools that help pentesters doing their work. It also can be easily updated new vulnerabilities exploit techniques.

Download Full-text

Information Security Assessment On Court Tracking Information System: A Case Study from Mataram District Court

10.1109/uemcon53757.2021.9666617 ◽

2021 ◽

Author(s):

Aishananda S. Auliani ◽

Candiwan

Keyword(s):

Information System ◽

Information Security ◽

District Court ◽

Security Assessment ◽

System A

Download Full-text

Global Information Security Assessment Methodology (GISAM™)

Information Security ◽

10.1201/9781420013412-8 ◽

2016 ◽

pp. 55-86

Keyword(s):

Information Security ◽

Global Information ◽

Security Assessment ◽

Assessment Methodology

Download Full-text

Metric Based Security Assessment

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch094 ◽

2008 ◽

pp. 1396-1415

Author(s):

James E. Goldman ◽

Vaughn R. Christie

Keyword(s):

Information Security ◽

Assessment Tool ◽

Maturity Model ◽

Security Assessment ◽

Self Assessment ◽

Security Metrics ◽

Capability Maturity ◽

Security Models ◽

Organization's Information Security ◽

Systems Security Engineering

This chapter introduces the Metrics Based Security Assessment (MBSA) as a means of measuring an organization’s information security maturity. It argues that the historical (i.e., first through third generations) approaches used to assess/ensure system security are not effective and thereby combines the strengths of two industry proven information security models, the ISO 17799 Standard and the Systems Security Engineering Capability Maturity Model (SSE-CMM), to overcome their inherent weaknesses. Furthermore, the authors trust that the use of information security metrics will enable information security practitioners to measure their information security efforts in a more consistent, reliable, and timely manner. Such a solution will allow a more reliable qualitative measurement of the return achieved through given information security investments. Ultimately, the MBSA will allow professionals an additional, more robust self-assessment tool in answering management questions similar to: “How secure are we?”

Download Full-text