Quantitative Model in Security Informatics Risk Assessment

Authors

  • Andrés Casanova Universidad Antonio Nariño

Keywords:

Risk Assessment, Information security, logistic regression statistics model, influence diagrams, IDS, Network forensic

Abstract

This paper shows the importance of approaching in security Risk Assessment (RA) about Quantitative model in Risk Management. The RA has been calculated with qualitative method by different framework, for example: RISK IT FRAMEWORK (COBIT Component) [7], OCTAVE – ALLEGRO [8], MAGERIT V3 [9], FAIR [4], ISO 27005 [11], NIST800-30 [3]. All frameworks included in the scope the Risk Assessment; however this is more qualitative than quantitative. In this work, we propose a methodology to support the implementation and execution risk management, using quantitative risk assessment method. The methodology is based on three components: secure capture logs (apply networks forensic technical), likelihood risk or log analysis with logistic regression and risk assessment with influence diagrams.

Downloads

Download data is not yet available.

References

M. V. C. Juan Caros Correa Morales, La Separación en Regresión Logística, una solución y aplicación, Bogotá: Universidad Nacional de Colombia, 2003.

ACIS, Cultura en seguridad informatica retos y cambios, ISSN 0120-5919 ed., BOGOTA, 2014.

R. L. K. a. R. D. Vines, The CISM Prep Guide: Mastering the Five Domains of Information Security Management, ISBN 978-1-60420-215-1 ed., Indianapolis: John Wiley & Sons, 2012, p. 90.

J. A. Jones, An Introduction to Factor Analysis of Information Risk, http://riskmanagementinsight. com/media/documents/FAIR_Introduction.pdf, 2008

R. L. K. a. R. D. Vines, The CISM Prep Guide: Mastering the Five Domains of Information Security Management, ISBN 978-1-60420-215-1 ed., Indianapolis: John Wiley & Sons, 2012, p. 90.

J. S. Ortiz, Análisis de Decisiones estratégicas en entornos inciertos cambiantes y complejos, ISBN 978-987-1486-12-0 ed., Buenos Aires: Cengage, 2010, p. 58.

ISACA, The Risk IT Framework, Rolling Meadows: ISACA, 2009.

http://administracionelectronica.gob.es/ctt/, Ma gerit, “Metodología de Análisis y Gestión de Riesgos de los Sistemas de Información”, 2010.

C. A. a. A. Dorofee, Managing information Security Risks. The OCTAVE Approach, Addison Wesley, 2003.

P. Meyer, Probabilidades y aplicaciones estadísticas, Addision Wesley, 2010, p. 15.

M. Sahinoglu, Quantitative Risk Assessment for Dependent Vulnerabilities, IEEE.

Y. K. M. O. H. Alhazmi, Quantitative Vulnerability Assessment of Systems Software, IEEE, 2005.

M. Sahinoglu, Security Meter- A Probabilistic Framework to Quantify Security Risk, 2008.

Analisis de desiciones estrategicas, ISBN 978- 987-1486-12-0 ed., Buenos Aires: CENGAGE, 2009.

L. Z. G. C. Chen Lin, Automated Analysis of Multi-source Logs for Network Forensics. 978-0- 7695-3557-9/09 © 2009 IEEE, 2009.

«www.snort.org/downloads/#rule-downloads» [En línea].

J. Postel, http://www.rfc-es.org/rfc/rfc0791-es. txt.

J. C. M., Peritaje informático y la evidencia digital en Colombia, Universidad de los Andes, 2010.

«www. «http://cran.r-project.org/,» [En línea].

N. Nisiblat, El manejo de la prueba electrónica en el proceso civil colombiano, Universidad de los Andes, 2010

ACIS, «http://www.acis.org.co/fileadmin/Base _de_Conocimiento/XII_JornadaSeguridad/ PresentacionJairoCasanovaDECEVAL-LogEventos EvidenciaDigital.pdf.,» [En línea].

D. W. Hosmer, Applied logistic regression / David W. Hosmer, Stanley Lemeshow., New York : John Wiley & Sons.

D. W. Hosmer, Applied logistic regression / David W. Hosmer, Stanley Lemeshow, New York: John Wiley, 1989.

S. M. B. A. D. R. William R. Cheswick, Repelling the Wily Hacker, Boston: Lumeta Corporation, 2003.

A. D. Chistopher Alberts, Managing Information Security Risk: The Octave Approach, Albuquerque: Addison Wesley, 2002.

J. A. Casanova, Implementación de un prototipo de sistema de control de acceso para la red autónomo del laboratorio de redes, Universidad Nacional, 1998.

Downloads

Published

2016-02-24
Metrics
Views/Downloads
  • Abstract
    315
  • PDF (Español)
    607

How to Cite

Casanova, A. (2016). Quantitative Model in Security Informatics Risk Assessment. INGE@UAN - TENDENCIAS EN LA INGENIERÍA, 6(11). Retrieved from https://revistas.uan.edu.co/index.php/ingeuan/article/view/414

Issue

Vol. 6 No. 11 (2015)

Section

Artículo de investigación científica y tecnológica

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Metrics