|
| << vorige | volgende >> |
Tijdschrift beschrijving
Alle jaargangen van het bijbehorende tijdschrift
Alle afleveringen van het bijbehorende jaargang
Alle artikelen van de bijbehorende aflevering
Details van artikel 4 van 20 gevonden artikelen
| Titel: |
A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FEATURES |
| Auteur: |
Angel R. Otero Carlos E. Otero Abrar Qureshi |
| Verschenen in: |
International journal of network security & its applications |
| Paginering: | Jaargang 2 (2010) nr. 4 pagina's 1-11 |
| Jaar: |
2010 |
| Inhoud: |
For organizations, the protection of information is of utmost importance. Throughout the years,organizations have experienced numerous system losses which have had a direct impact on their mostvaluable asset, information. Organizations must therefore find ways to make sure that the appropriateand most effective information security controls are implemented in order to protect their critical or mostsensitive classified information. Existing information security control selection methods have beenemployed in the past, including risk analysis and management, baseline manuals, or random approaches.However, these methods do not take into consideration organization specific constraints such as costs ofimplementation, scheduling, and availability of resources when determining the best set of controls. Inaddition, these existing methods may not ensure the inclusion of required/necessary controls or theexclusion of unnecessary controls. This paper proposes a novel approach for evaluating informationsecurity controls to help decision-makers select the most effective ones in resource-constrainedenvironments. The proposed approach uses Desirability Functions to quantify the desirability of eachinformation security control taking into account benefits and penalties (restrictions) associated withimplementing the control. This provides Management with a measurement that is representative of theoverall quality of each information security control based on organizational goals. Through a case study,the approach is proven successful in providing a way for measuring the quality of information securitycontrols (based on multiple application-specific criteria) for specific organizations. |
| Uitgever: |
Academy & Industry Research Collaboration Center (AIRCC) (provided by DOAJ) |
| Bronbestand: |
Elektronische Wetenschappelijke Tijdschriften |
Details van artikel 4 van 20 gevonden artikelen
| << vorige | volgende >> |