ISO 27005 und BSI IT-Grundschutz

Klipper, Sebastian

doi:10.1007/978-3-8348-9870-8_4

Cited by 1 publication

(4 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are several ways to elicit the risk. There are several sources of Information security that enlist the current and past risks that can effect on information security [34]. Furthermore, the Information Security Risk Assessment team also elicit real time risks from the Information System.…”

Section: Risk Elicitationmentioning

confidence: 99%

“…It is the task in which significance of each risk is evaluated, each risk mitigation process is prioritized in the light of its severity and cost [34].…”

Section: Risk Prioritizationmentioning

confidence: 99%

“…Various threats have high mitigation cost and very low severity level as compared to cost of the damage they do. The system, thereafter, accordingly set their mitigation priority as very low and often don't mitigate them due to their high cost [33,34].…”

Section: Threat and Vulnerability Cost Estimationmentioning

confidence: 99%

“…This task is a tricky and very critical one as it assess the effectiveness of the already proposed controls for the mitigation of risk. If the control already applied on the same type of risk, then its previous effectiveness would be considered before its selection, otherwise agent would be activated to identify alternative controls for concerned risk [34].…”

Section: Control Efficiency Assessmentmentioning

confidence: 99%

See 3 more Smart Citations

Agent Based Information Security Framework for Hybrid Cloud Computing

2019

KSII TIIS

View full text Add to dashboard Cite

In general, an information security approach estimates the risk, where the risk is to occur due to an unusual event, and the associated consequences for cloud organization. Information Security and Risk Management (ISRA) practices vary among cloud organizations and disciplines. There are several approaches to compare existing risk management methods for cloud organizations but their scope is limited considering stereo type criteria, rather than developing an agent based task that considers all aspects of the associated risk. It is the lack of considering all existing renowned risk management frameworks, their proper comparison, and agent techniques that motivates this research. This paper proposes Agent Based Information Security Framework for Hybrid Cloud Computing as an all-inclusive method including cloud related methods to review and compare existing different renowned methods for cloud computing risk issues and by adding new tasks from surveyed methods. The concepts of software agent and intelligent agent have been introduced that fetch/collect accurate information used in framework and to develop a decision system that facilitates the organization to take decision against threat agent on the basis of information provided by the security agents. The scope of this research primarily considers risk assessment methods that focus on assets, potential threats, vulnerabilities and their associated measures to calculate consequences. After in-depth comparison of renowned ISRA methods with ABISF, we have found that ISO/IEC 27005:2011 is the most appropriate approach among existing ISRA methods. The proposed framework was implemented using fuzzy inference system based upon fuzzy set theory, and MATLAB® fuzzy logic rules were used to test the framework. The fuzzy results confirm that proposed framework could be used for information security in cloud computing environment.

show abstract

Section: Risk Elicitationmentioning

confidence: 99%

“…It is the task in which significance of each risk is evaluated, each risk mitigation process is prioritized in the light of its severity and cost [34].…”

Section: Risk Prioritizationmentioning

confidence: 99%

Section: Threat and Vulnerability Cost Estimationmentioning

confidence: 99%

Section: Control Efficiency Assessmentmentioning

confidence: 99%

See 2 more Smart Citations