From the Resource to the Business Process Risk Level
Although a variety of information security risk management (ISRM) approaches have been proposed, well-founded methods that provide an answer to the following question are still missing: How can the risk level of a business process be determined by taking the risk levels of the involved…
Ontology-Based Generation of Bayesian Networks
[:en] Bayesian networks are indispensable for determining the probability of events which are influenced by various components. Bayesian probabilities encode degrees of belief about certain events and a dynamic knowledge body is used to strengthen, update, or weaken these assumptions. The creation of Bayesian networks…
AURUM: A Framework for Information Security Risk Management
ieeexplore.ieee.org/xpl/articleDetails.jsp As companies are increasingly exposed to a variety of information security threats, they are permanently forced to pay attention to security issues. Risk management provides an effective approach for measuring the security through risk assessment, risk mitigation and evaluation. Existing risk management approaches are…
Ontologiebasiertes IT Risikomanagement
Informationssicherheitsrisikomanagement (Information Security Risk Management, ISRM) stellt einen effizienten Zugang zur Bewertung, Verringerung und Evaluierung von Informationssicherheitsrisiken dar. Bereits bestehende ISRM-Ansätze sind weitgehend akzeptiert, setzen jedoch sehr detailliertes Informationssicherheitswissen und genaue Kenntnisse des tatsächlichen Unternehmensumfeldes voraus. Die inadäquate Umsetzung von ISRM gefährdet die planmäßige Umsetzung…
Interactive Selection of ISO 27001 Controls under Multiple Objectives
[:en]link.springer.com/chapter/10.1007%2F978-0-387-09699-5_31 IT security incidents pose a major threat to the efficient execution of corporate strategies. Although, information security standards provide a holistic approach to mitigate these threats and legal acts demand their implementation, companies often refrain from the implementation of information security standards, especially due…
Fortification of IT Security by Automatic Security Advisory Processing
The past years have seen the rapid increase of security related incidents in the field of information technology. IT infrastructures in the commercial as well as in the governmental sector are becoming evermore heterogeneous which increases the complexity of handling and maintaining an adequate security…
Semantic Potential of Existing Security Advisory Standards
New discoveries made on a nearly daily basis and the constantly growing amount of vulnerabilities in software products have led to the distribution of great numbers of vendor dependent vulnerability information over various channels such as mailing lists and RSS (Really Simple Syndication) feeds. However,…