IT/IS security management with uncertain information

Cyril Klimeš; Jiří Bartoš

Kybernetika (2015)

  • Volume: 51, Issue: 3, page 408-419
  • ISSN: 0023-5954

Abstract

top
The paper introduces a novel proposal of a security management system destined primarily for application in the field of IT. Its core is formed by a triplet of cooperating knowledge-based (expert) systems, the knowledge bases of which consist of vague If-Then rules. The knowledge bases were created by experts on the problem domain and multiple times tested and verified on actual scenarios and real systems. With the system, a comprehensive methodology that is a part of a more complex approach to a decision making process is introduced. The proposed fuzzy tool is demonstrated on examples and problems from the area of information security. The paper also briefly reviews other used approaches to information security management - mainly qualitative and quantitative methodologies.

How to cite

top

Klimeš, Cyril, and Bartoš, Jiří. "IT/IS security management with uncertain information." Kybernetika 51.3 (2015): 408-419. <http://eudml.org/doc/271617>.

@article{Klimeš2015,
abstract = {The paper introduces a novel proposal of a security management system destined primarily for application in the field of IT. Its core is formed by a triplet of cooperating knowledge-based (expert) systems, the knowledge bases of which consist of vague If-Then rules. The knowledge bases were created by experts on the problem domain and multiple times tested and verified on actual scenarios and real systems. With the system, a comprehensive methodology that is a part of a more complex approach to a decision making process is introduced. The proposed fuzzy tool is demonstrated on examples and problems from the area of information security. The paper also briefly reviews other used approaches to information security management - mainly qualitative and quantitative methodologies.},
author = {Klimeš, Cyril, Bartoš, Jiří},
journal = {Kybernetika},
keywords = {information retrieval; fuzzy sets; modeling information systems under uncertainty; adaptive model; information security; risk management; risk analysis; information retrieval; fuzzy sets; modeling information systems under uncertainty; adaptive model; information security; risk management; risk analysis},
language = {eng},
number = {3},
pages = {408-419},
publisher = {Institute of Information Theory and Automation AS CR},
title = {IT/IS security management with uncertain information},
url = {http://eudml.org/doc/271617},
volume = {51},
year = {2015},
}

TY - JOUR
AU - Klimeš, Cyril
AU - Bartoš, Jiří
TI - IT/IS security management with uncertain information
JO - Kybernetika
PY - 2015
PB - Institute of Information Theory and Automation AS CR
VL - 51
IS - 3
SP - 408
EP - 419
AB - The paper introduces a novel proposal of a security management system destined primarily for application in the field of IT. Its core is formed by a triplet of cooperating knowledge-based (expert) systems, the knowledge bases of which consist of vague If-Then rules. The knowledge bases were created by experts on the problem domain and multiple times tested and verified on actual scenarios and real systems. With the system, a comprehensive methodology that is a part of a more complex approach to a decision making process is introduced. The proposed fuzzy tool is demonstrated on examples and problems from the area of information security. The paper also briefly reviews other used approaches to information security management - mainly qualitative and quantitative methodologies.
LA - eng
KW - information retrieval; fuzzy sets; modeling information systems under uncertainty; adaptive model; information security; risk management; risk analysis; information retrieval; fuzzy sets; modeling information systems under uncertainty; adaptive model; information security; risk management; risk analysis
UR - http://eudml.org/doc/271617
ER -

References

top
  1. 13335-3, ČSN ISO/IEC TR, Information technology - Guidelines for the management of IT Security - Part 3: Techniques for the management of IT Security., Český normalizační institut, Praha 1999, pp. 1-25. 
  2. 27001, ČSN ISO/IEC, Information technology - Security techniques - Information security management systems - Requirements., Český normalizační institut, Praha 2006, Annex A. 
  3. Bartoš, J., Procházka, J., Klimeš, C., Walek, B., Pešl, M., Fuzzy reasoning model for decision making under uncertainty., In: 16th International Conference on Soft Computing Mendel 2010, Brno 2010. 
  4. Bartoš, J., Procházka, J., Klimeš, C., Walek, B., Pešl, M., Fuzzy reasoning model for decision making under uncertainty., In: 16th International Conference on Soft Computing Mendel 2011. Brno 2010, pp. 203-209. 
  5. Bartoš, J., Walek, B., 10.1109/tsp.2013.6613883, In: Proc. 36th International Conference on Telecommunications and Signal Processing (TSP), Faculty of Electrical Engineering and Communication, Brno University of Technology, Brno 2013, pp. 20-22. DOI10.1109/tsp.2013.6613883
  6. Bartoš, J., Walek, B., Smolka, P., Procházka, J., Klimeš, C., Fuzzy modeling tools for information system testing., In: 17th International Conference on Soft Computing Mendel 2011. Brno 2011, pp. 154-161. 
  7. Habiballa, H., Novák, V., Dvořák, A., Pavliska, V., Using software package LFLC 2000., In: 2nd International Conference Aplimat, Bratislava 2003, pp. 355-358. 
  8. Klimeš, C., Procházka, J., Reasoning in Software Support and Maintenance., In: Abstracts of Contributions to 5th International Workshop on Data-Algorithm-Decision Making. DAR - UTIA 2009/3, Praha 2009. 
  9. Klimeš, C., Expert System Utilization for Modeling the Decision Making Processes upon Indetermination., Acta Electrotechnica et Informatica 1 (2007), 1. 
  10. Klimeš, C., Procházka, J., Research paper: Using LFLC for decision making in SW support and maintenance., In: Research intention DAR - OASA 2/2009. Ostrava 2009. 
  11. Krutz, R. L., Vines, R. D., The CISSP Prep Guide-Mastering the Ten Domains of Computer Security., John Wiley Sons, Inc., 2001, pp. 12-33. 
  12. Makowski, M., 10.1016/b978-044451813-2/50004-x, In: System and Human Science for Safety, Security and Dependability, November 2003, pp. 1-20. DOI10.1016/b978-044451813-2/50004-x
  13. Novák, V., Fuzzy množiny a jejich aplikace., SNTL, Praha 1986. Zbl0961.94500
  14. Novák, V., 10.1007/978-3-540-39675-8_6, Springer,Heidelberg 2004, pp. 167-185. MR2083023DOI10.1007/978-3-540-39675-8_6
  15. Novák, V., Perfilieva, I., Močkoř, J., 10.1007/978-1-4615-5217-8, Kluwer Academic Publishers, Boston - Dordrecht - London 1999. MR1733839DOI10.1007/978-1-4615-5217-8
  16. Walek, B., Bartoš, J., Žáček, J., Proposal of The Expert System for Conducting Information Security Risk Analysis, Proceedings of the International Conference on Electrical and Electronics Engineering, Clean Energy and Green Computing., In: The Society of Digital Information and Wireless Communications, 2013, pp. 58-68. 
  17. Steiner, F., Tupá, J., Management rizik v systémech řízení bezpečnosti informací., In: MOPP 2007. Západočeská univerzita, Plzeň 2007, pp. 177-183. 
  18. Šegudović, H., Quantitative risk analysis method comparison., In: MIPRO 2007 conference, ISS, pp. 1-6. 
  19. Šegudović, H., Upravljanje sigurnošću informacijskih sustava., In: KOM 2003, FER LSS, 2003, pp. III 31-40. 
  20. Walek, B., Bartoš, J., Klimeš, C., A methodology for creating a conceptual model under uncertainty., In: International Conference on Computer, Electrical, and Systems Science, and Engineering, Amsterdam 2012, pp. 86-92. 

NotesEmbed ?

top

You must be logged in to post comments.

To embed these notes on your page include the following JavaScript code on your page where you want the notes to appear.

Only the controls for the widget will be shown in your chosen language. Notes will be shown in their authored language.

Tells the widget how many notes to show per page. You can cycle through additional notes using the next and previous controls.

    
                

                
Note: Best practice suggests putting the JavaScript code just before the closing </body> tag.