Browse > Article

Security Risk Evaluation Scheme for Effective Threat Management  

Kang, Pil-Yong (한국인터넷진흥원 정보보호본부)
Publication Information
Journal of KIISE:Computer Systems and Theory / v.36, no.5, 2009 , pp. 380-386 More about this Journal
Abstract
It is most important that identifying security threats(or vulnerabilities) of critical IT assets and checking the propriety of related security countermeasures in advance for enhancing security level. In this paper, we present a new security risk evaluation scheme based on critical assets and threats for this. The presented scheme provides the coverage and propriety of the countermeasures(e.g., intrusion detection rules and vulnerability scan rules, etc.), and the quantitative risk level of identified assets and threats. So, it is expected that the presented scheme will be utilized in threat management process efficiently compared to previous works.
Keywords
Threat Management; Risk Evaluation;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S. Drew, "Reducing Enterprise Risk with Effective Threat Management," Information Systmes Security, vol.13, Jan. 2005, pp.37-42.   DOI
2 S. J. Scott, "Threat Management Systems - The State of Intrucsion Detection," Snort Documents, Aug. 2002, hppt://www.snort.org/docs/threatmenagement.pdf
3 Symantec DeepSight Threat Management System, http://www.symantec.com
4 SNORT - Th OpenSourc etwork Inrusion Detection System, http://www.snort.org
5 SARA - Security Auitor's Research Assistant,http://www.arc.com/sara/
6 ISO/IEC JCT 1/SC 27, "Guidelines for the Management of IT Security(GMITS) - Park 3: Techniques for the Management of IT Security," ISO/IEC TR 13335-3:1998, 1998,
7 NESSUS - Vuneablity Scanner, http://www.nessus.org
8 P. Kan and W. Si, "Mesage-basd Open EFramewor orSecurity ncidents Prevention and Respnse," Proceeding ofthe JWIS2007, Japan (Tkyo), Aug. 207, pp.395-408.
9 CVE - Common Vulnerabiliie and Expsures, MITRE,http://w.cve.itre.org
10 Cisco Threat Response, http://www.cisco.com
11 British Standard Institute, "Guide to BS7799 Risk Assessment," PD 3002:2002, 2002.
12 G. Stonebumer, A. Goguen, and A. Feringa, "Risk Management Guide for Information Technology Systems," NIST SP 800-30, NIST, July 2002.
13 BUGtrag,http://www.securityfocus.com