Authors:
Vivek Agrawal
and
Einar Arthur Snekkenes
Affiliation:
Department of Information Security and Communication Technology, Norwegian University of Science and Technology, Gjøvik and Norway
Keyword(s):
Ballot, Benchmarking, Electronic Voting, Response, Secure Benchmark.
Related
Ontology
Subjects/Areas/Topics:
Applied Cryptography
;
Cryptographic Techniques and Key Management
;
Data and Application Security and Privacy
;
Data Engineering
;
Data Protection
;
Databases and Data Security
;
Information and Systems Security
;
Security and Privacy in Web Services
;
Security Deployment
;
Security in Information Systems
;
Security Protocols
;
Security Requirements
Abstract:
It is a common practice in the industry to organize benchmark processes to establish information security performance evaluation standards. A benchmarking system collects information security-related data from the organization to establish a standard. The information shared by the organization often contains sensitive data (details of the vulnerability, Cyber attacks). The present benchmarking systems do not provide a secure way of exchanging sensitive information between the submitter and the benchmark authority. Furthermore, there is a lack of any mechanism for the submitters to verify that the final benchmark result contains the response submitted by them. Hence, people are reluctant to take active participation in sharing their sensitive information in the benchmarking process. We propose a novel approach to solve the security limitations of present benchmarking systems by applying the concepts of electronic voting to benchmark. Our solution provides secrecy to submitters’ identi
ty and to the benchmark responses. Our approach also ensures that all the submitted responses have been correctly counted and considered in the final benchmark result.
(More)