A Study on E-Taiwan Promotion Information Security Governance Programs with E-government Implementation of Information Security Management Standardization

Abstract The promotion of Information Security Governance (ISG) has become an important factor in the implementation of e-government and information security management within the "National Information and Communications Technology Security Development Program (2009˜2012)" in continuing the "Plan for Establishment of Information and Communication Technology Infrastructure Security Mechanism (2001˜2008)" in Taiwan; in July 2013, the working outline of the project was adjusted. And, it was asked all departments of Executive Yuan and local government to process aggressively by regulation on December 25, 2013. This study examines information security development program, and strategies for meeting e-government and information security management requirements within the implementation of information security development programs through information security management systems (ISMS). Moreover, an action program for improved ISMS performance, using an approach combining ISG and ISMS, is proposed. Based on this, this research employs history analysis and in-depth interview methodologies to develop insights into e-Taiwan information security management. Furthermore, the research objective is to examine the relevance between the execution of e-government and information security management framework and ISMS implementation by using the ISG project approach

Software Vulnerability Patch Management with Semi-Markov Decision Process

Abstract: Information security incidents frequency has been increasing dramatically, the aim of this study is to analyze the state-space reachability problems through the transition of vulnerable status after the informative system vulnerability exposure. In this research we took into consideration the time factor to analyze the arrival time to reachable states problem discussed in stochastic Petri nets. The mean arrival time and variance of the process between starting from an initial state and arriving at reachable states. We will therefore elaborate a novel model based on the semi-Markov stochastic Petri nets model for analyzing the period between the exposure of the vulnerability and the completion of its patch. We use the semi-Markov process to analyze the state-space reachability problems of the stochastic Petri nets, resulting in a novel model for software vulnerability patch management. Moreover, we include also the concept of discounted multi-objective semi-Markov decision process to obtain the total of the efficient extreme point set