The Experts below are selected from a list of 417 Experts worldwide ranked by ideXlab platform
Taimyoung Chung - One of the best experts on this subject based on the ideXlab platform.
-
Risk assessment method based on business process oriented asset evaluation for information system security
International Conference on Conceptual Structures, 2007Co-Authors: Seonho Park, Taimyoung ChungAbstract:We presented Risk assessment methodology focused on business-process oriented asset evaluation and Qualitative Risk Analysis method. The business process-oriented asset evaluation is to evaluate asset's value by the degree of asset contribution related to business process. Namely, asset's value is different according to the importance of department to which asset belongs, the contribution of asset's business, and security safeguard, etc. We proposed new asset's value evaluation applied to the weight of above factors. The weight is decided by evaluation matrix by Delphi team. We assess Risk by Qualitative method applied to the improved international standard method which is added the effectiveness of operating safeguard at information system. It reflects an assumption that they can reduce Risk level when existent safeguards are established appropriately. Our model derives to practical Risk assessment method than existent Risk assessment method, and improves reliability of Risk Analysis.
-
International Conference on Computational Science (3) - Risk Assessment Method Based on Business Process-Oriented Asset Evaluation for Information System Security
Computational Science – ICCS 2007, 2007Co-Authors: Seonho Park, Taimyoung ChungAbstract:We presented Risk assessment methodology focused on business-process oriented asset evaluation and Qualitative Risk Analysis method. The business process-oriented asset evaluation is to evaluate asset's value by the degree of asset contribution related to business process. Namely, asset's value is different according to the importance of department to which asset belongs, the contribution of asset's business, and security safeguard, etc. We proposed new asset's value evaluation applied to the weight of above factors. The weight is decided by evaluation matrix by Delphi team. We assess Risk by Qualitative method applied to the improved international standard method which is added the effectiveness of operating safeguard at information system. It reflects an assumption that they can reduce Risk level when existent safeguards are established appropriately. Our model derives to practical Risk assessment method than existent Risk assessment method, and improves reliability of Risk Analysis.
Seonho Park - One of the best experts on this subject based on the ideXlab platform.
-
Risk assessment method based on business process oriented asset evaluation for information system security
International Conference on Conceptual Structures, 2007Co-Authors: Seonho Park, Taimyoung ChungAbstract:We presented Risk assessment methodology focused on business-process oriented asset evaluation and Qualitative Risk Analysis method. The business process-oriented asset evaluation is to evaluate asset's value by the degree of asset contribution related to business process. Namely, asset's value is different according to the importance of department to which asset belongs, the contribution of asset's business, and security safeguard, etc. We proposed new asset's value evaluation applied to the weight of above factors. The weight is decided by evaluation matrix by Delphi team. We assess Risk by Qualitative method applied to the improved international standard method which is added the effectiveness of operating safeguard at information system. It reflects an assumption that they can reduce Risk level when existent safeguards are established appropriately. Our model derives to practical Risk assessment method than existent Risk assessment method, and improves reliability of Risk Analysis.
-
International Conference on Computational Science (3) - Risk Assessment Method Based on Business Process-Oriented Asset Evaluation for Information System Security
Computational Science – ICCS 2007, 2007Co-Authors: Seonho Park, Taimyoung ChungAbstract:We presented Risk assessment methodology focused on business-process oriented asset evaluation and Qualitative Risk Analysis method. The business process-oriented asset evaluation is to evaluate asset's value by the degree of asset contribution related to business process. Namely, asset's value is different according to the importance of department to which asset belongs, the contribution of asset's business, and security safeguard, etc. We proposed new asset's value evaluation applied to the weight of above factors. The weight is decided by evaluation matrix by Delphi team. We assess Risk by Qualitative method applied to the improved international standard method which is added the effectiveness of operating safeguard at information system. It reflects an assumption that they can reduce Risk level when existent safeguards are established appropriately. Our model derives to practical Risk assessment method than existent Risk assessment method, and improves reliability of Risk Analysis.
Shlomi Dolev - One of the best experts on this subject based on the ideXlab platform.
-
Google Android: A State-of-the-Art Review of Security Mechanisms
Neural Networks, 2009Co-Authors: Asaf Shabtai, Uri Kanonov, Yuval Fledel, Yuval Elovici, Shlomi DolevAbstract:Google's Android is a comprehensive software framework for mobile communication devices (i.e., smartphones, PDAs). The Android framework includes an operating system, middleware and a set of key applications. The incorporation of integrated access services to the Internet on such mobile devices, however, increases their exposure to damages inflicted by various types of malware. This paper provides a comprehensive security assessment of the Android framework and the security mechanisms incorporated into it. A methodological Qualitative Risk Analysis that we conducted identifies the high-Risk threats to the framework and any potential danger to information or to the system resulting from vulnerabilities that have been uncovered and exploited. Our review of current academic and commercial solutions in the area of smartphone security yields a list of applied and recommended defense mechanisms for hardening mobile devices in general and the Android in particular. Lastly, we present five major (high-Risk) threats to the Android framework and propose security solutions to mitigate them. We conclude by proposing a set of security mechanisms that should be explored and introduced into Android-powered devices.
Ibrahim Sogukpinar - One of the best experts on this subject based on the ideXlab platform.
-
ISRAM: Information security Risk Analysis method
Computers and Security, 2005Co-Authors: Bilge Karabacak, Ibrahim SogukpinarAbstract:Continuously changing nature of technological environment has been enforcing to revise the process of information security Risk Analysis accordingly. A number of quantitative and Qualitative Risk Analysis methods have been proposed by researchers and vendors. The purpose of these methods is to analyze today's information security Risks properly. Some of these methods are supported by a software package. In this study, a survey based quantitative approach is proposed to analyze security Risks of information technologies by taking current necessities into consideration. The new method is named as Information Security Risk Analysis Method (ISRAM). Case study has shown that ISRAM yields consistent results in a reasonable time period by allowing the participation of the manager and staff of the organization. © 2004 Elsevier Ltd. All rights reserved.
-
ISRAM: information security Risk Analysis method.
Computers & Security, 2005Co-Authors: Bilge Karabacaka, Ibrahim SogukpinarAbstract:Continuously changing nature of technological environment has been enforcing to revise the process of information security Risk Analysis accordingly. A number of quantitative and Qualitative Risk Analysis methods have been proposed by researchers and vendors. The purpose of these methods is to analyze today's information security Risks properly. Some of these methods are supported by a software package. in this study, a survey based quantitative approach is proposed to analyze security Risks of information technologies by taking current necessities into consideration. The new method is named as Information Security Risk Analysis Method (ISRAM). Case study has shown that ISRAM yields consistent results in a reasonable time period by allowing the participation of the manager and staff of the organization. [ABSTRACT FROM AUTHOR]
N.b Zannone - One of the best experts on this subject based on the ideXlab platform.
-
Security Risk management by Qualitative vulnerability Analysis
Proceedings - 2011 3rd International Workshop on Security Measurements and Metrics Metrisec 2011, 2012Co-Authors: G.a Elahi, E.a Yu, N.b ZannoneAbstract:Security Risk assessment in the requirements phase is challenging because Risk factors, such as probability and damage of attacks, are not always numerically measurable or available in the early phases of development. This makes the selection of proper security solutions problematic because mitigating impacts and side-effects of solutions are not often quantifiable. In the early development phases, analysts need to assess Risks in the absence of numerical measures or deal with a mixture of quantitative and Qualitative data. We propose a Risk Analysis process which intertwines security requirements engineering with a vulnerability-centric and Qualitative Risk Analysis method. The proposed method is Qualitative and vulnerability-centric, in the sense that by identifying and analyzing common vulnerabilities the probability and damage of Risks are evaluated Qualitatively. We also propose an algorithmic decision Analysis method that considers Risk factors and alternative security solutions, and helps analysts select the most cost-effective solution. The decision Analysis method enables making a decision when some of the available data is Qualitative. © 2011 IEEE.
-
Metrisec@ESEM - Security Risk Management by Qualitative Vulnerability Analysis
2011 Third International Workshop on Security Measurements and Metrics, 2011Co-Authors: Golnaz Elahi, Eric Yu, N.b ZannoneAbstract:Security Risk assessment in the requirements phase is challenging because Risk factors, such as probability and damage of attacks, are not always numerically measurable or available in the early phases of development. This makes the selection of proper security solutions problematic because mitigating impacts and side-effects of solutions are not often quantifiable. In the early development phases, analysts need to assess Risks in the absence of numerical measures or deal with a mixture of quantitative and Qualitative data. We propose a Risk Analysis process which intertwines security requirements engineering with a vulnerability-centric and Qualitative Risk Analysis method. The proposed method is Qualitative and vulnerability-centric, in the sense that by identifying and analyzing common vulnerabilities the probability and damage of Risks are evaluated Qualitatively. We also propose an algorithmic decision Analysis method that considers Risk factors and alternative security solutions, and helps analysts select the most cost-effective solution. The decision Analysis method enables making a decision when some of the available data is Qualitative.
