A knowledge framework for information security modelling

Liu, Shuangyan; Cheung, Ching-hang and Kwok, Lam-for (2006). A knowledge framework for information security modelling. In: 4th Australian Information Security Management Conference, 05 Dec 2006, Perth, Australia, School of Computer and Information Science, Edith Cowan University, Perth, Western Australia.

URL: http://ro.ecu.edu.au/ism/81/

Abstract

The data collection process for risk assessment highly depends on the security experience of security staffs of an organization. It is difficult to have the right information security staff, who understands both the security requirements and the current security state of an organization and at the same time possesses the skill to perform risk assessment. However, a well defined knowledge model could help to describe categories of knowledge required to guide the data collection process. In this paper, a knowledge framework is introduced, which includes a knowledge model to define the data skeleton of the risk environment of an organization and security patterns about relationships between threat, entity and countermeasures; and a data integration mechanism for integrating distributed security related data into a security data repository that is specific to an organization for information security modelling.

Viewing alternatives

No digital document available to download for this item

Item Actions

Export

About