• DocumentCode
    2794074
  • Title

    New approach in information system security evaluation

  • Author

    Breier, Jakub ; Hudec, Ladislav

  • Author_Institution
    Fac. of Inf. & Inf. Technol., Slovak Univ. of Technol., Bratislava, Slovakia
  • fYear
    2012
  • fDate
    2-5 Oct. 2012
  • Firstpage
    1
  • Lastpage
    6
  • Abstract
    Information technology risk assessment approaches are based on subjective and qualitative methods of measurement and evaluation mainly. In this paper an approach based on the Analytic Hierarchy Process technique is proposed, using level of security mechanisms implementation as an input. By using the predefined weights of these mechanisms it will give us overall security score in five main security attributes - confidentiality, integrity, availability, authenticity and non-repudiability. The main purpose of this work is to bring an objectivity into the process of the risk assessment and to provide an adequate evaluation of implemented security controls. As a basis for our work the ISO/IEC 27002:2005 standard is used. This standard contains the database of control objectives to which the proposed security mechanisms are assigned.
  • Keywords
    IEC standards; ISO standards; analytic hierarchy process; information systems; risk management; security of data; ISO/IEC 27002:2005 standard; analytic hierarchy process technique; confidentiality; information system security evaluation; information technology risk assessment; qualitative method; security control; security mechanism; Asset management; Availability; Information security; Standards; Vectors;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Satellite Telecommunications (ESTEL), 2012 IEEE First AESS European Conference on
  • Conference_Location
    Rome
  • Print_ISBN
    978-1-4673-4687-0
  • Electronic_ISBN
    978-1-4673-4686-3
  • Type

    conf

  • DOI
    10.1109/ESTEL.2012.6400145
  • Filename
    6400145