Automated Security Metrics in ISMSs to Discover the Level of Security of OSs and DBMSs

Angel Gallego, Antonio Santos-Olmo, Luís Enrique Sánchez, Eduardo Fernández-Medina

Abstract

The information society is ever-increasingly dependent upon Information Security Management Systems (ISMSs), and the availability of these systems has come to be vital to the evolution of SMEs. However, this type of companies requires ISMSs which have been adapted to their particular characteristics, and which are optimised from the point of view of the resources that are necessary to install and maintain them. This paper concentrates on the development of a process for ISMSs that will allow the level of security of critical applications installed in these sytems, i.e., Operative Systems and Data Base Management Systems, to be measured. This process is currently being directly applied in real cases, thus leading to an improvement in its application.

References

  1. Kluge, D. Formal Information Security Standards in German Medium Enterprises. in CONISAR: The Conference on Information Systems Applied Research. 2008.
  2. Dhillon, G. and J. Backhouse, Information System Security Management in the New Millennium. Communications of the ACM, 2000. 43(7): p. 125-128.
  3. Park, C.-S., S.-S. Jang, and Y.-T. Park, A Study of Effect of Information Security Management System[ISMS] Certification on Organization Performance. IJCSNS International Journal of Computer Science and Network Security., 2010. 10(3): p. 10-21.
  4. Barlette, Y. and V. Vladislav. Exploring the Suitability of IS Security Management Standards for SMEs. in Hawaii International Conference on System Sciences, Proceedings of the 41st Annual. 2008. Waikoloa, HI, USA.
  5. Fal, A.M., Standardization in information security management Cybernetics and Systems Analysis 2010. 46(3): p. 181-184.
  6. Wiander, T. and J. Holappa, Theoretical Framework of ISO 17799 Compliant. Information Security Management System Using Novel ASD Method., in Technical Report, V.T.R.C.o. Finland, Editor. 2006.
  7. Wiander, T. Implementing the ISO/IEC 17799 standard in practice - experiences on audit phases. in AISC 7808: Proceedings of the sixth Australasian conference on Information security. 2008. Wollongong, Australia.
  8. Yao, L., Discussion on Effectiveness Measurement in ISMS: Based on Analysis of ISMS Effectiveness Measurement in ISO/IEC 27004:2009. Electronic Product Reliability and Environmental, 2010.
  9. ISO/IEC27004, ISO/IEC FCD 27004, Information Technology - Security Techniques - Information Security Metrics and Measurement (under development). 2009.
  10. Sánchez, L.E., et al. Security Management in corporative IT systems using maturity models, taking as base ISO/IEC 17799. in International Symposium on Frontiers in Availability, Reliability and Security (FARES'06) in conjunction with ARES. 2006. Viena (Austria).
  11. Sánchez, L.E., et al. MMISS-SME Practical Development: Maturity Model for Information Systems Security Management in SMEs. in 9th International Conference on Enterprise Information Systems (WOSIS'07). 2007b. Funchal, Madeira (Portugal). June.
  12. Sánchez, L.E., et al. Developing a model and a tool to manage the information security in Small and Medium Enterprises. in International Conference on Security and Cryptography (SECRYPT'07). 2007a. Barcelona. Spain.: Junio.
  13. Sánchez, L.E., et al. Developing a maturity model for information system security management within small and medium size enterprises. in 8th International Conference on Enterprise Information Systems (WOSIS'06). 2006. Paphos (Chipre). March.
  14. Sánchez, L.E., et al. SCMM-TOOL: Tool for computer automation of the Information Security Management Systems. in 2nd International conference on Software and Data Technologies (ICSOFT'07). . 2007c. Barcelona-España Septiembre.
Download


Paper Citation


in Harvard Style

Gallego A., Santos-Olmo A., Enrique Sánchez L. and Fernández-Medina E. (2011). Automated Security Metrics in ISMSs to Discover the Level of Security of OSs and DBMSs . In Proceedings of the 8th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2011) ISBN 978-989-8425-61-4, pages 159-166. DOI: 10.5220/0003593901590166


in Bibtex Style

@conference{wosis11,
author={Angel Gallego and Antonio Santos-Olmo and Luís Enrique Sánchez and Eduardo Fernández-Medina},
title={Automated Security Metrics in ISMSs to Discover the Level of Security of OSs and DBMSs},
booktitle={Proceedings of the 8th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2011)},
year={2011},
pages={159-166},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003593901590166},
isbn={978-989-8425-61-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 8th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2011)
TI - Automated Security Metrics in ISMSs to Discover the Level of Security of OSs and DBMSs
SN - 978-989-8425-61-4
AU - Gallego A.
AU - Santos-Olmo A.
AU - Enrique Sánchez L.
AU - Fernández-Medina E.
PY - 2011
SP - 159
EP - 166
DO - 10.5220/0003593901590166