2 research outputs found
A Knowledge Framework for Information Security Modeling
The data collection process for risk assessment highly depends on the security experience of security staffs of an organization. It is difficult to have the right information security staff, who understands both the security requirements and the current security state of an organization and at the same time possesses the skill to perform risk assessment. However, a well defined knowledge model could help to describe categories of knowledge required to guide the data collection process. In this paper, a knowledge framework is introduced, which includes a knowledge model to define the data skeleton of the risk environment of an organization and security patterns about relationships between threat, entity and countermeasures; and a data integration mechanism for integrating distributed security related data into a security data repository that is specific to an organization for information security modelling
Recommended from our members
An open framework for risk management
Risk assessment methodologies are ready to enter their third generation. In this next generation, assessment will be based on a whole system understanding of the system to be assessed. To realize this vision of risk management, the authors have begun development of an extensible software tool kit. This tool kit breaks with the traditional approach to assessment by having the analyst spend the majority of the assessment time building an explicit model that documents in a single framework the various facets of the system, such as the system`s behavior, structure, and history. Given this explicit model of the system, a computer is able to automatically produce a standard assessment products, such as fault trees and event trees. This brings with it a number of advantages relative to current risk management tools. Among these are a greater sense of completeness and correctness in assessment results and the ability to preserve and later employ lessons learned