Evaluation of influence of identified changes in the state of the information system on information security grade

• Autorzy: Klasa T.
• Języki publikacji: EN

Abstrakty

EN

Information security became a significant problem for micro and SME companies, especially at the time of worldwide crisis and growing tough competition. While large organizations and institutions have already implemented their own information security management systems, smaller companies mostly claimed that in their case it is not a risk that requires further attention. As a result, even if information security was analyzed and evaluated in a form of internal or external audit, very often no complex plan of system monitoring was prepared. This was based on the assumption that the information system of the company acts as described in the model evaluated during audit. Thus, monitoring was limited to chosen functional areas of the system with limited analysis of dependencies between various local counter measures. Proposed evaluation of influence on information security grade provides necessary analysis of such dependencies to determine whether security grade confirmed by the audit procedure is held despite some elements did not comply with the model. In simple words, proposed evaluation shows if the system as a whole is comparably secure, or not. Because proposed evaluation includes analysis of individual preferences and requirements, it can be easily adjusted to any size and type of the company.

Słowa kluczowe

EN

risk monitoring; information security management; information systems

• Wydawca: Wydawnictwo Politechniki Poznańskiej
• Czasopismo: Foundations of Computing and Decision Sciences
• Rocznik: 2011
• Tom: Vol. 36, No. 3-4
• Strony: 229--242
• Opis fizyczny: Bibliogr. 23

Twórcy

autor

Klasa T.

• PhD student, West Pomeranian University of Technology, Szczecin, Poland Faculty of Computer Science and Information Technology ul. Żołnierska 52, 70-210 Szczecin, Poland,

Bibliografia

• [1] Managing projects large and small, Harvard Business School Publishing Corporation, Harvard 2004
• [2] Klasa T., Automated Information Security Assessment System, Applied Informatics. Methods and Algorithms, Faculty of Economics and Management, University of Szczecin, Szczecin 2010
• [3] Stokłosa J., Bilski T., Pankowski T., Bezpieczeństwo danych w systemach informatycznych, Wydawnictwo Naukowe PWN Warszawa, Poznań 2001
• [4] Burchard B., Niemczyk K., Methodological aspects of security evaluation, Advanced Computer Systems Part II, pp. 227-234, Faculty of Computer Science & Information Systems, Technical University of Szczecin, Szczecin 2001
• [5] Pejaś J., El Frey I. - Some methods of the analysis and risk assessment in the PKI system services providers, Enhanced Methods in Computer Security, Biometric and Artificial Intelligence Systems, Kluwer Academic Publishers, 2005
• [6] El Frey I., New approach enabling to define evaluation assurance level to the IT system, Polish Journal of Environmental Studies, vol. 16 No 5B, Olsztyn 2007
• [7] Nikolic B., Ruzic-Dimitrijevic L., Risk Assessment of Information Technology Systems, Issues in Informing Systems and Information Technology vol.6, 2009
• [8] El Frey I., About some application of risk analysis and evaluation, Artificial Intelligence and Security in Computing Systems, Kluwer Academic Publishers, 2003
• [9] Miller J., Górski J., Software support for collaborative risk management, Advanced Computer Systems, Kluwer Academic Publishers, Boston 2002
• [10] Winiarski J., Analiza porównawcza komputerowych narzędzi wspomagania procesu zarządzania ryzykiem, Ryzyko Przedsięwzięć Informatycznych, Materiały ogólnopolskiej konferencji naukowej, pp. 249-256, Wydział Informatyki Politechniki Szczecińskiej, Szczecin 2006
• [11]Bizon-Górecka J., Modelowanie struktury system zarządzania ryzykiem w przedsiębiorstwie - ujęcie holistyczne, pp. 27, Towarzystwo Naukowe Organizacji i Kierownictwa, Bydgoszcz 2007
• [12] United States Code, Title 44, Chapter 35, Subchapter III, § 3542
• [13] Kisielnicki J., Strategia informatyzowania organizacji w świecie ryzyka i niepewności, mat. konf. Strategia Systemów Informacyjnych 1999, Akademia Ekonomiczna, Kraków, 1999
• [14] Lent B., Zarządzanie procesami prowadzenia projektów. Informatyka i Telekomunikacja, Difin, Warszawa 2005
• [15] Szyjewski Z., Klasa T., Computer-aided risk tree method in risk management, Polish Journal of Environmental Studies, Vol. 17, No. 3B, Hard, Olsztyn 2008
• [16] Flasiński M., Zarządzanie projektami informatycznymi, Wydawnictwo Naukowe PWN, Warszawa 2006
• [17] Szyjewski Z., Metodyki zarządzania projektami informatycznymi, Placet, Warszawa 2004
• [18] The Logic behind CRAMM's Assessment of Measures of Risk and Determination of Appropriate Countermeasures, Insight Consulting, Siemens, v. 1.0, 11.10.2005
• [19] Mehari 2007, Risk Analysis Guide, Methods Commission
• [20] Bai X., Lin Y., Wang L., Zhong P., Model-based monitoring and policy enforcement of services, Simulation Modelling Practice and Theory 17 (2009) pp. 1399-1412
• [21] Stephen B., Petropoulakis L., The design and implementation of an agent-based framework for acceptable usage policy monitoring and enforcement, Journal of Network and Computer Applications 30 (2007) pp. 445^165
• [22] Jankowski J., Gawryluk A., Model of agent system for electronic markets monitoring, Selected Issues of Information Technology, Faculty of Economics and Management, University of Szczecin, Szczecin 2010
• [23] Fault Tree Analysis. Edition 2.0, International Electrotechnical Commission, 2006