Path: Top -> Journal -> Jurnal Internasional -> Journal -> Computer
Attack Tree Based Information Security Risk Assessment Method Integrating Enterprise Objectives with Vulnerabilities
Attack Tree Based Information Security Risk Assessment Method Integrating Enterprise Objectives with Vulnerabilities
2011Journal from gdlhub / 2017-08-14 11:52:31
Oleh : Bugra Karabey, Nazife Baykal , IAJIT
Dibuat : 2012-06-22, dengan 1 file
Keyword : Enterprise information security, enterprise modelling, risk assessment, risk assessment method, resource based view, attack trees, risk management.
Subjek : Attack Tree Based Information Security Risk Assessment Method Integrating Enterprise Objectives with Vulnerabilities
Url : http://www.ccis2k.org/iajit/PDF/vol.10,no.3/11-4356.pdf
Sumber pengambilan dokumen : Internet
In order to perform the analysis and mitigation efforts related with the Information Security risks there exists
quantitative and qualitative approaches, but the most critical shortcoming of these methods is the fact that the outcome mainly
addresses the needs and priorities of the technical community rather than the management. For the enterprise management,
this information is essentially required as a decision making aid for the asset allocation and the prioritization of mitigation
efforts. So ideally the outcome of an information security risk method must be in synchronization with the enterprise objectives
to act as a useful decision tool for the management. Also in the modelling of the threat domain, attack trees are frequently
utilized. However the execution of attack tree modelling is costly from the effort and timing requirements and also has inherent
scalability issues. So within this article our design-science research based work on an information security risk assessment
method that addresses these two issues of enterprise objective inclusion and model scalability will be outlined.
In order to perform the analysis and mitigation efforts related with the Information Security risks there exists
quantitative and qualitative approaches, but the most critical shortcoming of these methods is the fact that the outcome mainly
addresses the needs and priorities of the technical community rather than the management. For the enterprise management,
this information is essentially required as a decision making aid for the asset allocation and the prioritization of mitigation
efforts. So ideally the outcome of an information security risk method must be in synchronization with the enterprise objectives
to act as a useful decision tool for the management. Also in the modelling of the threat domain, attack trees are frequently
utilized. However the execution of attack tree modelling is costly from the effort and timing requirements and also has inherent
scalability issues. So within this article our design-science research based work on an information security risk assessment
method that addresses these two issues of enterprise objective inclusion and model scalability will be outlined.
Beri Komentar ?#(0) | Bookmark
| Properti | Nilai Properti |
|---|---|
| ID Publisher | gdlhub |
| Organisasi | IAJIT |
| Nama Kontak | Herti Yani, S.Kom |
| Alamat | Jln. Jenderal Sudirman |
| Kota | Jambi |
| Daerah | Jambi |
| Negara | Indonesia |
| Telepon | 0741-35095 |
| Fax | 0741-35093 |
| E-mail Administrator | elibrarystikom@gmail.com |
| E-mail CKO | elibrarystikom@gmail.com |
Print ...
Kontributor...
- , Editor: fachruddin
Download...
Download hanya untuk member.
8
File : 8.0.PDF
(556026 bytes)