Spelling suggestions: "subject:"enterprise forminformation 2security"" "subject:"enterprise forminformation bsecurity""
1 |
Assessment of Enterprise Information Security : - How to make it Credible and EfficientJohansson, Erik January 2005 (has links)
<p>Information is an important business asset in today’s enterprises. Hence enterprise information security is an important system quality that must be carefully managed. Although enterprise information security is acknowledged as one of the most central areas for enterprise IT management, the topic still lacks adequate support for decision making on top-management level.</p><p>This composite thesis consists of four articles which presents the Enterprise Information Security Assessment Method (EISAM), a comprehensive method for assessing the current state of the enterprise information security. The method is useful in helping guide top-management’s decision-making because of the following reasons: 1) it is easy to understand, 2) it is prescriptive, 3) it is credible, and 4) it is efficient.</p><p>The assessment result is easy to understand because it presents a quantitative estimate. The result can be presented as an aggregated single value, abstracting the details of the assessment. The result is easy to grasp and enables comparisons both within the organization and in terms of industry in general.</p><p>The method is prescriptive since it delivers concrete and traceable measurements. This helps guide top-level management in their decisions regarding enterprise-wide information security by highlighting the areas where improvements efforts are essential.</p><p>It is credible for two reasons. Firstly, the method presents an explicit and transparent definition of enterprise information security. Secondly, the method in itself includes an indication of assessment uncertainty, expressed in terms of confidence levels.</p><p>The method is efficient because it focuses on important enterprise information security aspects, and because it takes into account how difficult it is to find security related evidence. Being resource sparse it enables assessments to take place regularly, which gives valuable knowledge for long-term decision-making.</p><p>The usefulness of the presented method, along with its development, has been verified through empirical studies at a leading electric power company in Europe and through statistical surveys carried out among information security experts in Sweden.</p><p>The success from this research should encourage further researcher in using these analysis techniques to guide decisions on other enterprise architecture attributes.</p>
|
2 |
Assessment of Enterprise Information Security : How to make it Credible and EfficientJohansson, Erik January 2005 (has links)
Information is an important business asset in today’s enterprises. Hence enterprise information security is an important system quality that must be carefully managed. Although enterprise information security is acknowledged as one of the most central areas for enterprise IT management, the topic still lacks adequate support for decision making on top-management level. This composite thesis consists of four articles which presents the Enterprise Information Security Assessment Method (EISAM), a comprehensive method for assessing the current state of the enterprise information security. The method is useful in helping guide top-management’s decision-making because of the following reasons: 1) it is easy to understand, 2) it is prescriptive, 3) it is credible, and 4) it is efficient. The assessment result is easy to understand because it presents a quantitative estimate. The result can be presented as an aggregated single value, abstracting the details of the assessment. The result is easy to grasp and enables comparisons both within the organization and in terms of industry in general. The method is prescriptive since it delivers concrete and traceable measurements. This helps guide top-level management in their decisions regarding enterprise-wide information security by highlighting the areas where improvements efforts are essential. It is credible for two reasons. Firstly, the method presents an explicit and transparent definition of enterprise information security. Secondly, the method in itself includes an indication of assessment uncertainty, expressed in terms of confidence levels. The method is efficient because it focuses on important enterprise information security aspects, and because it takes into account how difficult it is to find security related evidence. Being resource sparse it enables assessments to take place regularly, which gives valuable knowledge for long-term decision-making. The usefulness of the presented method, along with its development, has been verified through empirical studies at a leading electric power company in Europe and through statistical surveys carried out among information security experts in Sweden. The success from this research should encourage further researcher in using these analysis techniques to guide decisions on other enterprise architecture attributes. / QC 20101028
|
3 |
A Policy-Based Management Framework for Cloud Computing SecurityRunsewe, Olubisi Atinuke January 2014 (has links)
Cloud Computing has changed how computing is done as applications and services are being consumed from the cloud. It has attracted a lot of attention in recent times due to the opportunities it offers. While Cloud Computing is economical, the security challenges it poses are quite significant and this has affected the adoption rate of the technology. With the potential vulnerabilities being introduced by moving data to the cloud, it has become imperative for cloud service providers to guarantee the security of information, leaving cloud service consumers (e.g., enterprises) with the task of negotiating the terms and conditions of services provided by the cloud service providers as well as trusting them with their data. Although various security solutions used for addressing the security of data within the enterprises are now being applied to the cloud, these security solutions are challenged due to the dynamic, distributed and complex nature of the cloud technology.
This thesis proposes a novel Policy-Based Management (PBM) framework capable of achieving cross-tenant authorization, handling dynamic and anonymous users while reducing the security management task to address cloud security. The framework includes an access control model adapted to the cloud environment that adopts features from role-based, task-based and attribute-based access control frameworks for a fine-grained access control. We demonstrate how this framework can be applied to develop an access control system for an enterprise using cloud services. The framework verifies the correctness of access control policies for cloud security through reasoning technique.
|
4 |
Analysis of information security risks and protection management requirements for enterprise networksSaleh, Mohamed Saad Morsy January 2011 (has links)
With widespread of harmful attacks against enterprises' electronic services, information security readiness of these enterprises is becoming of increasing importance for establishing the required safe environment for such services. Various approaches are proposed to manage enterprise information security risks and to assess its information security readiness. These approaches are, however, not adequate to manage information security risks, as all required information security components of its structural and procedural dimensions have not considered. In addition, current assessment approaches lack numerical indicators in assessing enterprise information security readiness. Furthermore, there is no standard approach for analysing cost versus benefit in selecting recommended protection measures. This thesis aims at contributing to the knowledge by developing comprehensive Enterprise Information Security Risk Management (EISRM) framework that integrates typical approaches for information security risk management, and incorporates main components of key risk management methodologies. In addition, for supporting phases of the proposed EISRM framework, analytical models for enterprise information security readiness assessment and cost-benefit analysis are developed. The practical evaluation, using the proposed enterprise information security readiness assessment model has been performed depending on a developed investigation form that used to investigate nine enterprises inside Saudi Arabia. The results demonstrate the effectiveness of the model in assessing and comparing enterprises information security readiness at all levels of the model, using numerical indicators and graphical representations. The EISRM framework and the analytical models presented in this research can be used by enterprises as single point of reference for assessing and cost effectively improving their information security readiness.
|
5 |
Analysis of Information Security Risks and Protection Management Requirements for Enterprise Networks.Saleh, Mohamed S.M. January 2011 (has links)
With widespread of harmful attacks against enterprises¿ electronic services, information security readiness of these enterprises is becoming of increasing importance for establishing the required safe environment for such services. Various approaches are proposed to manage enterprise information security risks and to assess its information security readiness. These approaches are, however, not adequate to manage information security risks, as all required information security components of its structural and procedural dimensions have not considered. In addition, current assessment approaches lack numerical indicators in assessing enterprise information security readiness. Furthermore, there is no standard approach for analysing cost versus benefit in selecting recommended protection measures.
This thesis aims at contributing to the knowledge by developing comprehensive Enterprise Information Security Risk Management (EISRM) framework that integrates typical approaches for information security risk management, and incorporates main components of key risk management methodologies. In addition, for supporting phases of the proposed EISRM framework, analytical models for enterprise information security readiness assessment and cost-benefit analysis are developed.
The practical evaluation, using the proposed enterprise information security readiness assessment model has been performed depending on a developed investigation form that used to investigate nine enterprises inside Saudi Arabia. The results demonstrate the effectiveness of the model in assessing and comparing enterprises information security readiness at all levels of the model, using numerical indicators and graphical representations. The EISRM framework and the analytical models presented in this research can be used by enterprises as single point of reference for assessing and cost effectively improving their information security readiness.
|
Page generated in 0.1364 seconds