Abstract-Universities in the public and private sectors depend on information technology and information systems to successfully carry out their missions and business functions. Information systems are subject to serious threats that can have adverse effects on organizational operations and assets, and individuals by exploiting both known and unknown vulnerabilities to compromise the confidentiality, integrity, or availability of the information being processes, stored or transmitted by those systems. Threats to information systems can include purposeful attacks, environmental disruptions, and human/machine errors, and can result in harm to the integrity of data. Therefore, it is imperative that all the actors at all levels in a university information system understand their responsibilities and are held accountable for managing information security riskthat is the risk associated with the operation and use of information systems that support the missions and business functions of their university.The purpose of this paper is to propose an information security toolkit namely URMIS (University Risk Management Information System) based on multi agent systems and integrating with existing information security frameworks and standards, to enhance the security of universities information systems.
Abstract-The increasing demand of the protection of an enterprise information system has become one of the major priority and commitment of the executive committee and the board of directors. Risk management aligned with IT resources consists of a strong result which is called Information Security Governance (ISG) or the 4th wave. This article will present a multi-agent system which automates the ISG process on the behalf of the top management. The originality consists on using multi-agents systems including the 4th wave which has never been done before in other scientific works. It would result on the assessment of a new model merging the development of ISG, compliance and risk management in one framework which demonstrates the pivotal role of handling security risks in a company. In this context, we must address security with highly precautions; we should not only focus on the technical problems of security but also to their decisional part which involves the board and top management. Following the PDCA approach, we will demonstrate how our model can use international standards and methods to support organization's information systems.Index Terms-4th wave, information security governance, multi-agents systems, plan do check act.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.