Wasim A. Al-Hamdani
ABSTRACT
This article is present information assurance model based on Non risk assessment model. The model based on diligence model where assurance is achieved by using threat and vulnerability reviews and countermeasures based on tangible best practices. An information security program can be initiated based on one of three models: bench marks, risk assessment and diligence model. The article presents the three modules then adopts the last one to build information assurance security model based on layering levels.
- NIST National Institute of standard and technology. 1990 Computer Security Division, Computer Resource Center, Special Publications (800 Series) established in 1990, all documents can be retrieved from http://csrc.nist.gov/Google Scholar
- John Pike, NSA/NCSC Rainbow Series. 2006, Updated August February 6, 2006, Can be retrieved from http://www.fas.org/irp/nsa/rainbow.htmGoogle Scholar
- Commonwealth of Australia The Environmental Health Risk Assessment Provides Guidelines for Assessing Human Health Risks from Environmental Hazards, June 2004. Available from http://www.carers.health.gov.au/Google Scholar
- Stamatelatos, M. G. 2004. NASA Perspective on Risk Assessment Can be retrieved from http://www7.nationalacademies.orgGoogle Scholar
- C. Kreitner and B. Miuccio. 2001. The Center for Internet Security: Global Security Benchmarks for Computers Connected to the Internet Information Systems Control Journal, Volume 6, 2001, Can be retrieved from http://www.isaca.org/Google Scholar
- Donn B Parker. 2008. ACM Communication Forum, Feb 2008 Volume 51, No. 2Google Scholar
- Donn B Parker. 1998. Fighting Computer Crime: A New Framework for Protecting Information. Wiley; Subsequent edition (August 27, 1998) Google ScholarDigital Library
- Donn B Parker. 2002. Toward a New Framework for Information Security Chapter 5 in Computer Security Handbook, Fourth Edition, Seymour Bosworth and M. E. Kabay (eds.), John Wiley & SonsGoogle Scholar
- Donn B Parker. 2007. "What's Wrong with Information Security and How to Fix It Thinking Outside of the Box," invited speaker InfoSecCD 2007, Kennesaw state university, Georgia.Google Scholar
- H. F. Tipton & K. Henry, (ed.). 2006. Official (ISC)2 Guide to the CISSP CBK, Auerbach; 2nd edition Google ScholarDigital Library
- ISO 17799-2005. 2005.International Organization for Standardization International Standards for Business, Government and Society, Can be retrieved from http://www.iso.org/Google Scholar
- ISO/IEC 27001:2005. 2005. Information Technology -- Security Techniques -- Information Security Management Systems, Retrieved from http://www.iso.org/Google Scholar
- Joseph Boyce and Daniel Jennings. 2002. Information Assurance: Managing Organizational IT Security Risks, Butterworth-Heinemann; 1st edition Google ScholarDigital Library
- C. C. Wood. 2005. Information Security Made Easy, Information Shield (2005) ISO 17799 Security Policy SolutionsGoogle Scholar
- ISO/IEC 27001:2005 Information technology -- Security techniques -- Information security management systems -- Requirements can be found in http://www.iso.org/iso/Google Scholar
- IEEE P 1700. (2008. ISSAA Standard; Version 21.0 Can be retrieved from http://issaa.org/Google Scholar
- IPS PUB 200 Minimum Security Requirements for Federal Information and Information Systems 2006Google Scholar
- IEEE Standard 828-1990, IEEE Standard for Software Configuration Management Plans can be found on http://ieeexplore.ieee.org/Xplore/Google Scholar
- IEEE (1987), IEEE1042-1987, Guide to Software Configuration Management, can be found in http://ieeexplore.ieee.org/Xplore/Google Scholar
- ISO standard 10007. 2003. Quality Management, Guidance for Configuration Management, can be found in http://www.iso.org/iso/Google Scholar
- ISO/IEC standard 12207.2008. Information technology -- Software life cycle processes" can be found in http://www.iso.org/iso/Google Scholar
Index Terms
- Non risk assessment information security assurance model
Recommendations
Taxonomy of information security risk assessment (ISRA)
Information is a perennially significant business asset in all organizations. Therefore, it must be protected as any other valuable asset. This is the objective of information security, and an information security program provides this kind of ...
Economic acceptable risk assessment model
InfoSecCD '08: Proceedings of the 5th annual conference on Information security curriculum developmentAcceptable risk is the residual risk that follows the implementation of the safeguard. Residual risk is the qualitative or quantitative risk that could not be removed, or which was accepted. Managing the residual risk is the core of risk management. ...
Information Systems Security Risk Assessment: Harmonization with International Accounting Standards
CIMCA '08: Proceedings of the 2008 International Conference on Computational Intelligence for Modelling Control & AutomationThis paper emerges from research by [1],[11], [22] and [21], and it draws on real-world examples so as to underline some limits of quantitative risk assessment. The paper is a case study and emphasis that theoretical formulas used in information ...
Comments