AN APPROACH FOR DESIGNING OF ENTERPRISE IT LANDSCAPES TO PERFORM QUANTITAVE INFORMATION SECURITY RISK ASSESSMENT

Anton Romanov, Eiji Okamoto

Abstract

Nowadays most of enterprises must consider information security aspects as of the highest concern. It is caused not only by growing hacker’s activity but also because of increasing legal requirements and compliance issues. One of required procedures to manage information security is regular performing of information security risk assessment. This article describes an approach for designing and managing of an enterprise IT landscapes which makes possible to perform quantitative information security risk assessment using already established methodologies which were previously inapplicable by some reasons. Moreover, application of the proposed framework allows transformation of any IT landscape to such state. Other relevant key features of the proposed approach are unification and reduction of maintenance cost.

References

  1. Arbaugh, W.A, Fithen, W.L., and McHugh, J., 2000. Windows of Vulnerability: A Case Study Analysis. In Computer, volume 33, issue 12, 52-59.
  2. Arora, A., Hall, D., Pinto, A., Ramsey, D., and Telang R., 2004. An ounce of prevention vs. a pound of cure: How can we measure the value of IT security solutions? In Lawrence Berkeley National Laboratory. Paper LBNL-54549. http://repositories.cdlib.org/lbnl/ LBNL-54549
  3. Bodeaum, D.J., 1992. A Conceptual Model for Computer Security Risk Analysis. In Proceedings of Eighth Annual Computer Security Applications Conference, San Antonio, TX, 56-63.
  4. Bundesamt fur Sicherheit in der Informationstechnik (BSI), 2004. Threat catalogue for IT Grundschutz Manual.
  5. Di Renzo, B., Hillairet, M., Picard, M., Rifaut, A., Bernard, C., Hagen, D., Maar, P., and Reinard, D., 2007. Operational risk management in financial institutions: Process assessment in concordance with Basel II. In Software Process: Improvement and Practice volume 12, issue 4, 321-330.
  6. Ekelhart, A., Fenz, S., Klemen, M., and Weippl, E., 2007. Security Ontologies: Improving Quantitative Risk Analysis. In Proceedings of the 40th Annual HICSS. IEEE Computer Society, Washington, DC, 156a.
  7. IT Governance Institute, 2006. Control Objectives for Information and Related Technology (COBIT).
  8. Munteanu, A., Ioan, A., 2006. Information Security Risk Assessment: The Qualitative Versus Quantitative Dilemma. In Proceedings of 6th IBIMA, Bonn, Germany, 227-232.
  9. Ozcelik, Y., Rees, J., 2005. A New Approach for Information Security Risk Assessment: Value at Risk, from http://ssrn.com/abstract=1104264
  10. Romanov, A., Okamoto, E., 2009. A Framework for Building and Managing Secured ERP Landscape. In Proceedings of the 2009 International Conference on Security and Management, Las Vegas, NV (being printed).
  11. Wawrzyniak, D., 2006. Information security risk assessment model risk management. LNCS 4086, Springer-Verlag Berlin Heidelberg, 21-30.
Download


Paper Citation


in Harvard Style

Romanov A. and Okamoto E. (2009). AN APPROACH FOR DESIGNING OF ENTERPRISE IT LANDSCAPES TO PERFORM QUANTITAVE INFORMATION SECURITY RISK ASSESSMENT . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009) ISBN 978-989-674-005-4, pages 313-318. DOI: 10.5220/0002224803130318


in Bibtex Style

@conference{secrypt09,
author={Anton Romanov and Eiji Okamoto},
title={AN APPROACH FOR DESIGNING OF ENTERPRISE IT LANDSCAPES TO PERFORM QUANTITAVE INFORMATION SECURITY RISK ASSESSMENT},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)},
year={2009},
pages={313-318},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002224803130318},
isbn={978-989-674-005-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)
TI - AN APPROACH FOR DESIGNING OF ENTERPRISE IT LANDSCAPES TO PERFORM QUANTITAVE INFORMATION SECURITY RISK ASSESSMENT
SN - 978-989-674-005-4
AU - Romanov A.
AU - Okamoto E.
PY - 2009
SP - 313
EP - 318
DO - 10.5220/0002224803130318