منوی کاربری
  • پشتیبانی: ۴۲۲۷۳۷۸۱ - ۰۴۱
  • سبد خرید

دانلود رایگان مقاله انگلیسی ارزیابی عملکرد مکانیسم توصیه های شناسایی ریسک امنیت اطلاعات - الزویر 2018

عنوان فارسی
ارزیابی عملکرد مکانیسم توصیه های شناسایی ریسک امنیت اطلاعات
عنوان انگلیسی
Performance evaluation of the recommendation mechanism of information security risk identification
صفحات مقاله فارسی
0
صفحات مقاله انگلیسی
21
سال انتشار
2018
نشریه
الزویر - Elsevier
فرمت مقاله انگلیسی
PDF
نوع مقاله
ISI
نوع نگارش
مقالات پژوهشی (تحقیقاتی)
رفرنس
دارد
پایگاه
اسکوپوس
کد محصول
E10212
رشته های مرتبط با این مقاله
مهندسی کامپیوتر
گرایش های مرتبط با این مقاله
امنیت اطلاعات
مجله
محاسبات عصبی - Neurocomputing
دانشگاه
Telecommunication Laboratories - Chunghwa Telecom Co. - Ltd - Taiwan - ROC
کلمات کلیدی
تهدید، آسیب پذیری، توصیه خطر، امنیت
doi یا شناسه دیجیتال
https://doi.org/10.1016/j.neucom.2017.05.106
۰.۰ (بدون امتیاز)
امتیاز دهید
چکیده

Abstract


In recent decades, information security has become crucial for protecting the benefits of a business operation. Many organizations perform information security risk management in order to analyze their weaknesses, and enforce the security of the business processes. However, identifying the threat-vulnerability pairs for each information asset during the processes of risk assessment is not easy and time-consuming for the risk assessor. Furthermore, if the identified risk diverges from the real situation, the organization may put emphasis on the unnecessary controls to prevent the non-existing risk. In order to resolve the problem mentioned above, we utilize the data mining approach to discover the relationship between assets and threat-vulnerability pairs. In this paper, we propose a risk recommendation mechanism for assisting user in identifying threats and vulnerabilities. In addition, we also implement a risk assessment system to collect the historical selection records and measure the elapsed time. The result shows that with the assistance of risk recommendations, the mean elapsed time is shorter than with the traditional method by more than 21 %. The experimental results show that the risk recommendation system can improve both the performance of efficiency and accuracy of risk identification.

نتیجه گیری

Conclusion and Future work


In this paper, we propose a recommendation mechanism to assist the risk assessor in selecting the most suitable threat-vulnerability pairs while performing risk identification. The recommendation list is created through the use of 300 Predictive Apriori with the historical selection data of the ISO/IEC 27001:2013 certified business unit. The results of a prior experiment performed by security experts confirmed that the recommendation list can help risk assessors in selecting the appropriate risk item. In addition, in order to evaluate the elapsed time of the risk identification, 305 we implemented a risk assessment system for helping risk assessors in the whole risk management cycle. Meanwhile, the system collects the historical selection records from risk assessors. More than a hundred of critical information systems were selected for performing the experiment. According to the experimental results, with the assistance of the recommendation list, risk assessors can 310 shorten the elapsed time of decision-making. Finally, this not only improves the efficiency, but also enhances the accuracy of selecting the appropriate threatvulnerability pair in the process of risk identification. In the future, we intend to expand the scope of the experiment, which will ensure that more data can be collected and analyzed . The more data we 315 collect, the more the model will be complete. In addition, the algorithm of the association rule adopted in this paper can be refined and extended so as to improve the performance and accuracy. Finally, much more research in general needs to be done to assist organizations in protecting their assets from harm within an acceptable price range.


بدون دیدگاه