SIEM-Based Framework for Security Controls Automation
www.emeraldinsight.com/journals.htm The purpose of this paper is to propose a framework for security controls automation, in order to achieve greater efficiency and reduce the complexity of information security management. This research reviewed the controls recommended by well known standards such as ISO/IEC 27001 and NIST…
Ontological Mapping of Information Security Best-Practice Guidelines
[:en] Due to a rapid growth in the use of electronic data processing and networking, an information security management system with a holistic and widespread view becomes more and more important for any kind of organization. The fundamental challenge for such systems is the representation…
An Ontology-Based Approach for Constructing Bayesian Networks
Bayesian networks are commonly used for determining the probability of events that are influenced by various variables. Bayesian probabilities encode degrees of belief about certain events, and a dynamic knowledge body is used to strengthen, update, or weaken these assumptions. The creation of Bayesian networks…
Increasing Knowledge Capturing Efficiency by Enterprise Portals
www.emeraldinsight.com/journals.htm Collaborative ontology editing tools enable distributed user groups to build and maintain ontologies. Enterprises that use these tools to simply capture knowledge for a given ontological structure face the following problems: isolated software solution requiring its own user management; the user interface often does…
Information Security Automation: How Far Can We Go?
ieeexplore.ieee.org/xpl/articleDetails.jsp Information security management is a very complex task which involves the implementation and monitoring of more than 130 security controls. To achieve greater efficiency in this process it is necessary to automate as many controls as possible. This paper provides an analysis of how…
A Community Knowledge Base for IT Security
dx.doi.org/10.1109/MITP.2011.35 Corporate IT security managers have a difficult time staying on top of the endless tide of new technologies and security threats sweeping into their organizations and information systems. The effectiveness of security controls must be balanced with a variety of operational issues, including the…
Information Security Risk Management: In which Security Solutions is it worth Investing?
[:en] Information Security Risk Management: In which Security Solutions is it worth Investing?: As companies are increasingly exposed to information security threats, decision makers are permanently forced to pay attention to security issues.Information security risk management provides an approach for measuring the security through risk…
An Ontology- and Bayesian-Based Approach for Determining Threat Probabilities
[:en] Information security risk management is crucial for ensuring long-term business success and thus numerous approaches to implementing an adequate information security risk management strategy have been proposed. The subjective threat probability determination is one of the main reasons for an inadequate information security strategy…
Ontology-Based Decision Support for Information Security Risk Management
[:en]As e-Business and e-Commerce applications are increasingly exposed to a variety of information security threats, corporate decision makers are increasingly forced to pay attention to security issues. Risk management provides an effective approach for measuring the security but existing risk management approaches come with major…
Verification, Validation, and Evaluation in Information Security Risk Management
[:en] Over the last four decades, various information security risk management (ISRM) approaches have emerged. However, there is a lack of sound verification, validation, and evaluation methods for these approaches. While restrictions, such as the impossibility of measuring exact values for probabilities and follow-up costs,…