Abstract
Conventional risk analysis methodologies are aimed at the identification of suitable countermeasures for specific risks. In the past, many risk analysis methodologies failed to come up to expectations. The analysis of some commercial methodologies identified key problem areas. This paper proposes a categorization method which was used to investigate the recommended countermeasures from various methodologies. The method is based on three categories namely:
-
* Proactive countermeasures — countermeasures that are implemented and activated before an incident occurs and which are constantly active;
-
* Dynamic countermeasures — countermeasures that are triggered by an incident;
-
* Reactive countermeasures — countermeasures that are activated after an incident has occurred.
This paper emphasizes the use of dynamic countermeasures to improve consistency and effectiveness and to reduce cost. The Petri Net modelling method is used to illustrate the difference between the three categories by simulating an actual process. The underlying principle of this article is the importance of having dynamic countermeasures implemented that can either be activated or deactivated, as the case may be. Not only will these countermeasures help to make security measures foolproof, but they will also help reduce the overheads associated with security directly or indirectly.
Chapter PDF
Similar content being viewed by others
Keywords
References
Karin P. Badenhorst, Jan H.P. Eloff (1994), TOPM: A formal approach to optimization of information technology risk management, Computers & Security 13 411–435.
CCTA (1993), The CCTA Risk Analysis and Management Method (CRAMM) User Guide, Version 2.1, CCTA.
Alison Classe (1994), Hazard Warning, Computers & Security 13 568.
CLUSIF (1994), Management of the Information Security Master Plan - MARION, CLUSIF, Paris.
CLUSIF (1988), Les Projects Prioritaires arpes le Schema Directeur Security, CLUSIF, Paris.
Michel Denault, Dimitris Gritzalis, Dimitris Karagiannis, Paul Spirakis (1994), Intrusion detection: approach and performance issues of the SECURENET system, Computers & Security 13 495–507.
Stella Gatziu, Klaus R. Dittrich (1994), Detecting composite events in active database systems using Petri Nets, Proc. of the 4th Intl. Workshop on research issues in Data Engineering: Active Database Systems, Houston, Texas.
Tadao Murata (1989), Petri Nets: Properties, Analysis and Applications, Proc. of the IEEE, 77 541–580.
Ronald Sharp, Steven Eisen (1994), Network security in a heterogeneous environment, Computers & Security, 13 489.
Peter Sommer (1994), Industrial Espionage: Analysing the Risk, Computers & Security; Volume 13 558–563.
Chris Sundt (1994), Putting your information on a network creates new security problems, Computers & Security; 13 488.
Ian M. Symonds (1994), Security in Distributed and Client/Server Systems - A Management View, Computers & Security; 13 473–480.
XP Conseil (1990), The MARION and MELISA Methods, XP Conceil, Paris.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Labuschagne, L., Eloff, J.F.P. (1996). Activating dynamic countermeasures to reduce risk. In: Katsikas, S.K., Gritzalis, D. (eds) Information Systems Security. SEC 1996. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-1-5041-2919-0_16
Download citation
DOI: https://doi.org/10.1007/978-1-5041-2919-0_16
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2921-3
Online ISBN: 978-1-5041-2919-0
eBook Packages: Springer Book Archive