A Security Assurance Model to Holistically Assess the Information Security Posture

Détails

ID Serval
serval:BIB_8F3E9B7B6F88
Type
Partie de livre
Sous-type
Chapitre: chapitre ou section
Collection
Publications
Institution
Titre
A Security Assurance Model to Holistically Assess the Information Security Posture
Titre du livre
Complex Intelligent Systems and their Applications
Auteur⸱e⸱s
Tashi I., Ghernaouti-Hélie S.
Editeur
New York, USA: Springer New York
ISBN
978-1-4419-1635-8
978-1-4419-1636-5
Statut éditorial
Publié
Date de publication
2010
Editeur⸱rice scientifique
Xhafa F., Barolli L., Papajorgji P. J.
Volume
41
Série
Springer Optimization and Its Applications
Numéro de chapitre
5
Pages
83-108
Langue
anglais
Résumé
Managing Information Security (InfoSec) within an organization is becoming a very complex task. Currently, InfoSec Assessment is performed by using frameworks, methodologies, or standards which consider separately the elements related to security. Unfortunately, this is not necessarily effective because it does not take into consideration the necessity of having a global and systemic, multidimensional approach to ICT Security evaluation. This is mainly because the overall security level is only as strong as the weakest link. This chapter proposes a model aiming to holistically assess all dimensions of security in order to minimize the likelihood that a given threat takes advantage of the weakest link. Then a formalized structure taking into account all security elements is presented. The proposed model is based on, and integrates, a number of security best practices and standards that permit the definition of a reliable InfoSec framework. At this point an assessment process should be undertaken, the result of which will be the assurance that InfoSec is adequately managed within the organization. The added value of this model is that it is simple to implement and responds to concrete needs in terms of reliance upon efficient and dynamic evaluation tools and through a coherent evaluation system.
Création de la notice
03/02/2011 16:32
Dernière modification de la notice
20/08/2019 14:52
Données d'usage