Nalazite se na CroRIS probnoj okolini. Ovdje evidentirani podaci neće biti pohranjeni u Informacijskom sustavu znanosti RH. Ako je ovo greška, CroRIS produkcijskoj okolini moguće je pristupi putem poveznice www.croris.hr
izvor podataka: crosbi

The information systems' security level assessment model based on an ontology and evidential reasoning approach (CROSBI ID 221257)

Prilog u časopisu | izvorni znanstveni rad | međunarodna recenzija

Šolić, Krešimir ; Očevčić, Hrvoje ; Golub, Marin The information systems' security level assessment model based on an ontology and evidential reasoning approach // Computers & security, 55 (2015), 100-112. doi: 10.1016/j.cose.2015.08.004

Podaci o odgovornosti

Šolić, Krešimir ; Očevčić, Hrvoje ; Golub, Marin

engleski

The information systems' security level assessment model based on an ontology and evidential reasoning approach

In the area of information technology an amount of security issues persists through time. Ongoing activities on security solutions aim to integrate existing security guidelines, best practices, security standards and existing solutions, but they often lack a knowledge base or do not involve all security issues, particularly human influence. In this paper, we presented a model that can be the basis for a novel information systems security evaluation solution. This solution should be able to cover a wide range of all possible information security issues. Our model is based on an OWL ontology for knowledge base, uses an enhanced Evidential Reasoning algorithm for mathematical calculations and possesses a simple reflex intelligent agent's algorithm as a decision supporting element. Properties for this model supervene from properties of its constructing elements. Knowledge base being built on OWL ontology is a major element of the model. It can provide high flexibility and applicability to different information systems and business organizations ; upgradeability to be up to date regarding current security issues and new threats ; and high versatility, taking into evaluation all possible aspects regarding security issues, e.g., network security, software and hardware issues, human influence, security policies and disaster recovery plans. Enhanced Evidential Reasoning algorithm is based on the Dumpster–Shafer theory and is well suited for calculations with expert's subjective judgements combining qualitative with quantitative evaluation grades. We designed an algorithm for back coupling based on a simple reflex intelligent agent for results presentation and decision support. In our work, we explained how to connect and use each of the model's constructive elements to obtain information security evaluation results. In addition, we conducted a case study with the proposed model on a small business organization. To test our model, we also used the standard qualitative risk assessment method on the same business organization in order to compare both qualitative results. Preliminary testing results have shown that the presented model could achieve its goal if it would be developed into an integrated software tool with a well-defined and up-to-date ontological knowledge base.

information security model ; information security ; risk assessment ; security control selection ; security management ; OWL ; ontology ; evidential reasoning

nije evidentirano

nije evidentirano

nije evidentirano

nije evidentirano

nije evidentirano

nije evidentirano

Podaci o izdanju

55

2015.

100-112

objavljeno

0167-4048

1872-6208

10.1016/j.cose.2015.08.004

Povezanost rada

Računarstvo

Poveznice
Indeksiranost