Abstract
A security model to facilitate the recording and investigation of organisational security data is proposed; this model employs a directory structure for security entities and relationships. The model database with associated software may then be employed to develop and display organisational threat networks representing the risk environment of the organisational information processing and communication system. Thereafter the design of the defence systems may be facilitated by interactive procedures to determine appropriate countermeasure structures.
Chapter PDF
Key words
References
R. Baskerville Information Systems Security Design Methods: Implications for Information Systems Development. ACM Computer Surveys, 25(4) 1993, 375–414.
R. Craft, G. Wysss, R. Vandewart and D. Funkhouser. An Open Framework for Risk Management. 21 St National Information Systems Security Conf, 6–9 Oct. 1998, Crystal City, Virginia, USA.
L. F. Kwok and D. Longley. Code of Practice: A Standard for Information Security Management. Information Security in Research and Business, Proc. IFIP TC11 13 th Int. Conf. on Information Security (Editors: Yngstrom and Carlsen), IFIP Sec.’97, Copenhagen, Denmark, 14–16 May 1997, Chapman & Hall 1997, pp.78–90.
L. F. Kwok. A Hypertext Information Security Model for Organisations. Information Management and Computer Security, 5 (4) 1997, 138–148.
L. F. Kwok and D. Longley. Information Security Management and Modelling, Information Management and Computer Security, 7(1) 1999, 30–39.
A. Anderson, L. F. Kwok and D. Longley. Security Modelling for Organisations. Proc. 2 nd ACM Conf. on Computer and Communications Security, CCS’94, Fairfax, Virginia, USA, 2–4 Nov 1994, ACM Press 1994, pp.241–250.
L. F. Kwok and D. Longley. A Security Officer’s Workbench. Computers and Security, 15 (8) 1996, 695–700.
W. Caelli, D. Longley, and A. B. Tickle. A Methodology for Describing Information and Physical Security Architectures. IT Security: The Need for International Cooperation, Proc. IFIP TC11 8 th Int. Conf. on Information Security (Editors Gable and Caelli), IFIP Sec.’92, Singapore, 27–29 May 1992, NY:Elsevier Science Publishers 1992, pp.277–296.
P. Fung, L. F. Kwok and D. Longley. Electronic Information Security Documentation. ACSW Frontiers 2003 (Eds. Johnson, Montague and Steketee), Australasian Information Security Workshop (AISW2003), 4–7 Feb. 2003, Adelaide, Australia, pp 25–31.
The Directory, CCITT Rec. X500-X521 ISO/IEC Standard 9594:1993.
A. Anderson. The Object Oriented Modelling of Information Systems SecurityRisk, PhD thesis, Queensland University of Technology 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kwok, Lf., Longley, D. (2004). Security Modelling for Risk Analysis. In: Deswarte, Y., Cuppens, F., Jajodia, S., Wang, L. (eds) Security and Protection in Information Processing Systems. SEC 2004. IFIP — The International Federation for Information Processing, vol 147. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8143-X_3
Download citation
DOI: https://doi.org/10.1007/1-4020-8143-X_3
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-8016-1
Online ISBN: 978-1-4020-8143-9
eBook Packages: Springer Book Archive