首页    期刊浏览 2022年07月07日 星期四
登录注册

文章基本信息

  • 标题:A Conceptual Framework for Threat Assessment Based on Organization’s Information Security Policy
  • 本地全文:下载
  • 作者:Joseph Elias Mbowe 1 , Irina Zlotnikova 1 , Simon S. Msanjila 2 , George S. Oreku
  • 期刊名称:Journal of Information Security
  • 印刷版ISSN:2153-1234
  • 电子版ISSN:2153-1242
  • 出版年度:2014
  • 卷号:05
  • 期号:04
  • 页码:166-177
  • DOI:10.4236/jis.2014.54016
  • 语种:English
  • 出版社:Scientific Research Publishing
  • 摘要:The security breaches of sensitive information have remained difficult to solve due to increased malware programs and unauthorized access to data stored in critical assets. As risk appetite differ from one organization to another, it prompts the threat analysis tools be integrated with organization’s information security policy so as to ensure security controls at local settings. However, it has been noted that the current tools for threat assessment processes have not encompassed information security policy for effective security management (i.e. confidentiality, integrity and availability) based on organization’s risk appetite and culture. The information security policy serves as a tool to provide guidance on how to manage and secure all business operations including critical assets, infrastructure and people in the organization. This guidance (e.g. usage and controls) facilitates the provisions for threat assessment and compliance based on local context. The lack of effective threat assessment frameworks at local context have promoted the exposure of critical assets such as database servers, mails servers, web servers and user smart-devices at the hand of attackers and thus increase risks and probability to compromise the assets. In this paper we have proposed a conceptual framework for security threat assessment based on organization’s information security policy. Furthermore, the study proposed the policy automation canvas for provision of a methodology to alert the security managers what possible threats found in their organizations for quick security mitigation without depending on security expertise.
  • 关键词:Critical Asset; Information Security; Information Security Policy; Threat Analysis; Threat Assessment; Security Threat Visualization
国家哲学社会科学文献中心版权所有