Geri Dön

Control prioritization model for improvinginformation security risk assessment

Başlık çevirisi mevcut değil.

PDF İndir

  1. Tez No: 759810
  2. Yazar: NADHER MOHAMMED AHMED
  3. Danışmanlar: Belirtilmemiş.
  4. Tez Türü: Doktora
  5. Konular: Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrol, Bilim ve Teknoloji, Savunma ve Savunma Teknolojileri, Computer Engineering and Computer Science and Control, Science and Technology, Defense and Defense Technologies
  6. Anahtar Kelimeler: Belirtilmemiş.
  7. Yıl: 2014
  8. Dil: İngilizce
  9. Üniversite: Universiti Utara Malaysia UUM
  10. Enstitü: Yurtdışı Enstitü
  11. Ana Bilim Dalı: Belirtilmemiş.
  12. Bilim Dalı: Belirtilmemiş.
  13. Sayfa Sayısı: 184

Özet

Evaluating particular assets for information security risk assessment should take into consideration the availability of adequate resources and return on investments (ROI). Despite the need for a good risk assessment framework, many of the existing frameworks lack of granularity guidelines and mostly depend on qualitative methods. Hence, they require additional time and cost to test all the information security controls. Further, the reliance on human inputs and feedback will increase subjective judgment in organizations. The main goal of this research is to design an efficient Information Security Control Prioritization (ISCP) model in improving the risk assessment process. Case studies based on penetration tests and vulnerability assessments were performed to gather data. Then, Technique for Order Performance by Similarity to Ideal Solution (TOPSIS) was used to prioritize them. A combination of sensitivity analysis and expert interviews were used to test and validate the model. Subsequently, the performance of the model was evaluated by the risk assessment experts. The results demonstrate that ISCP model improved the quality of information security control assessment in the organization. The model plays a significant role in prioritizing the critical security technical controls during the risk assessment process. Furthermore, the model's output supports ROI by identifying the appropriate controls to mitigate risks to an acceptable level in the organizations. The major contribution of this research is the development of a model which minimizes the uncertainty, cost and time of the information security control assessment. Thus, the clear practical guidelines will help organizations to prioritize important controls reliably and more efficiently. All these contributions will minimize resource utilization and maximize the organization's information security.

Özet (Çeviri)

Penilaianaset tertentu untuk penilaian risiko keselamatan maklumat perlu mengambil kira kewujudan sumber yang mencukupi dan pulangan ke atas pelaburan (ROI). Walaupun rangka kerja penilaian risiko yang baik diperlukan, kebanyakan rangka kerja yang sedia ada tidak mempunyai garis panduan terperinci dan kebanyakannya bergantung kepada kaedah kualitatif. Oleh itu, ia memerlukan tambahan masa dan kos untuk menguji semua kawalan keselamatan maklumat. Kebersandaran kepada input dan maklum balas manusia akan meningkatkan penentuan subjektif dalam organisasi. Matlamat utama tesis ini adalah untuk mereka bentuk model Keutamaan Kawalan Keselamatan Maklumat (ISCP) yang efektif bagi memperbaiki proses penilaian risiko. Kajian kes berdasarkan ujian penembusan dan penilaian kerentanan telah dilaksanakan untuk mengumpul data. Kemudian, Teknik untuk Susunan Prestasi dengan Keserupaan kepada Penyelesaian Ideal (TOPSIS) telah digunakan untuk menentukan keutamaan data. Gabungan analisis kepekaan dan temuduga pakar telah digunakan untuk menguji dan mengesahkan model ini. Seterusnya, prestasi model tersebut telah dinilai oleh pakar keselamatan. Hasil penyelidikan ini menunjukkan model ISCP telah meningkatkan kualiti penilaian kawalan keselamatan maklumat dalam organisasi. Model ini memainkan peranan penting untuk menentukan keutamaan kawalan keselamatan teknikal yang kritikal semasa proses penilaian risiko. Tambahan pula, output model ini menyokong perlaburan keselamatan dengan mengenal pasti kawalan yang sesuai untuk mengurangkan risiko ke tahap yang boleh diterima dalam organisasi. Sumbangan utama kajian ini adalah pembangunan satu model yang mengurangkan ketidak-tentuan, kos dan masa penilaian kawalan keselamatan maklumat. Panduan yang praktikal dan jelas akan membantu organisasi untuk menentukan keutamaan kawalan penting dengan lebih cekap dan dipercayai. Semua sumbangan ini akan meminimakan pembaziran sumber dan memaksimakan keselamatan organisasi. Kata kunci: Penilaian risiko keselamatan maklumat, pengurusan risiko, proses penilaian, keutamaan kawalan keselamatan

Benzer Tezler

  1. Tez No

    751520

    Machine learning model for mutation impact prediction based on network properties

    Mutasyon etkisi tahmini için ağ özelliklerini içeren makine öğrenme modeli

    BERK GÜRDAMAR

    Yüksek Lisans

    İngilizce

    İngilizce

    2022

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve KontrolAcıbadem Mehmet Ali Aydınlar Üniversitesi

    Biyoistatistik ve Biyoinformatik Ana Bilim Dalı

    PROF. DR. OSMAN UĞUR SEZERMAN

  2. Tez No

    649818

    Pencere sistemlerindeki bozulmaların teşhis, analiz ve müdahalesine yönelik karar destek modeli

    Decision support model for diagnosis, analysis and intervention of the failures in window systems

    EMİNE MERVE OKUMUŞ

    Doktora

    Türkçe

    Türkçe

    2020

    MimarlıkMimar Sinan Güzel Sanatlar Üniversitesi

    Mimarlık Ana Bilim Dalı

    PROF. DR. ÖZLEM EREN

  3. Tez No

    305224

    Kümeleme yaklaşımı ile model tabanlı test önceliklerinin belirlenmesi

    Determination of model based test priorities by clustering approach

    NİDA GÖKÇE

    Doktora

    Türkçe

    Türkçe

    2012

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve KontrolMuğla Üniversitesi

    Matematik Ana Bilim Dalı

    YRD. DOÇ. DR. BEKİR TANER DİNÇER

  4. Tez No

    692574

    An optimization model to control the flow of relief commodities in humanitarian supply chain under uncertainty

    Belirsiz koşullarda insani yardım tedarik zinciri malzeme akışını kontrol etmede optimizasyon modeli

    ISRAA ISMAIL

    Doktora

    İngilizce

    İngilizce

    2021

    Endüstri ve Endüstri Mühendisliğiİstanbul Teknik Üniversitesi

    Endüstri Mühendisliği Ana Bilim Dalı

    DOÇ. DR. ESRA BAŞ

  5. Tez No

    297861

    Quality of service aware contention and deployment quality analysis in multimedia wireless sensor networks

    Çoklu ortam kablosuz algılayıcı ağlarında servis kalitesi bilinçli çekişme ve yerleştirme kalitesi analizi

    MEHMET YUNUS DÖNMEZ

    Doktora

    İngilizce

    İngilizce

    2011

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve KontrolBoğaziçi Üniversitesi

    Bilgisayar Mühendisliği Ana Bilim Dalı

    PROF. DR. CEM ERSOY

Geri Dön