Browse > Article
http://dx.doi.org/10.7840/kics.2014.39C.4.326

Security Assessment Metrics Model for Online Services  

Choo, Yeun-Su (Department of computer Graduate School Soongsil University)
Park, Jae-Pyo (Graduate School of Information Sciences Soongsil University)
Jun, Moon-Seog (Department of computer Graduate School Soongsil University)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.39C, no.4, 2014 , pp. 326-333 More about this Journal
Abstract
Internet Services have security issues. To prepare proper security measures for these security issues, security level setting is positively necessary. Until now, we use a security level with CIA (Confidentiality, Integrity, and Availability) Security Levels. However, CIA Security Levels has problems with ambiguous measures for the middle level of security setting. Moreover, security level overlap occurs, in some cases, when user authentications are not done. Additionally, there exist some levels among CIA Security Levels which cannot be applied to Internet services. In this paper, new security level model, CIAA Security Levels with deletion of ambiguous middle level of security setting and addition of authentication to one of security level setting factors, is proposed. The CIAA Security Levels model can be applied to more concrete security measures than CIA Security Levels. The proposed Security Levels model is applicable to almost any on-line services and it can be applied to new online services.
Keywords
Information Security; Security Levels; CIAA(Confidentiality, Integrity, Availability, Authentication);
Citations & Related Records
Times Cited By KSCI : 4  (Citation Analysis)
연도 인용수 순위
1 "Study of malware detection based mobile OS," Korea Inf. Security Agency, 2010
2 "The preliminary diagnosis practice guidebook for information security," Korea Inf. Security Agency, 2010
3 L. M. Yeal, "A study of information security pre-evaluation model in ubiquitous information technology of u-logistics service environment," Department of Information Sevurity Gradute School, University of Soongsil, 2011.
4 J. Bang, R. Ha, P. Kang, and H. Kim, "Security verification framework for e-GOV mobile app," The Korea Inst. Commun. Inf. Sci., vol. 37c, no. 2, pp. 119-130, Feb. 2012.   과학기술학회마을   DOI
5 J. Bang and R. Ha, "Research on major weakness rules for secure software development," The Korea Inst. Commun. Inf. Sci., vol. 38c, no. 10, pp. 831-840, Oct. 2013.   과학기술학회마을   DOI
6 J. Bang and R. Ha, "Validation test codes development of static analysis tool for secure software," The Korea Inst. Commun. Inf. Sci., vol. 38c, no. 5, pp. 420-427, May 2013.   과학기술학회마을   DOI
7 J.-S. Sung, "A study of contents secure in smart phone," J. Security Eng., vol. 8, no. 6, pp. 665-672, Dec. 2011.
8 ISO/IEC JTC 1/SC 27, Information technology - Security techniques - Entity authentication assurance framework, 2011
9 L. G. Seok, L. J. Myung, and B. J. Ho, "Correlation analysis between strength of function and evaluation assurance level of common criteria," Korea Inf. Commun. Soc. Summer Conf., pp. 1627-1628, Jeju island, Korea, Jun. 2009.
10 J. Ahn, J. Bang, and E. Lee, "Quantitative scoring criteria on the importance of software weaknesses," J. Korea Inst. Inf. Security Cryptology, vol. 22, no. 6, pp. 1407-1417, Dec. 2012.   과학기술학회마을