Abstract
In the days of technological advancement, a role of information security (IS) is very important. There is an urgent need in implementing and assessing information security at a good level. However, it is accompanied with very high costs: experts in IS are quite expensive specialists. An automation of some security implementation and evaluation tasks can reduce these costs and potentially increase the quality of IS strategies being developed and IS audit quality. We believe that expert systems approach can be beneficial in achieving this automation. Though information security is a very broad field, encompassing many complex concepts, we are trying to develop a methodology of formalizing of IS knowledge to build a knowledge base for expert system that can serve as IS audit expert. In this paper we discuss methods for knowledge base building.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Val Thiagarajan, B.E.: BS 7799 Audit Checklist (2002), http://www.sans.org/score/checklists/ISO_17799_checklist.pdf
ISO IEC 27002 2005 Information Security Audit Tool(2005), http://www.praxiom.com/iso-17799-audit.htm
Stepanova, D., Parkin, S., Moorsel, A.: A knowledge Base For Justified Information Security Decision-Making. In: 4th International Conference on Software and Data Technologies (ICSOFT 2009), pp. 326–311 (2009)
Atymtayeva, L., Kozhakhmet, K., Bortsova, G., Inoue, A.: Methodology and Ontology of Expert System for Information Security Audit. In: Proceedings of the 6th International Conference on Soft Computing and Intelligent Systems and the 13th International Symposium on Advanced Intelligent Systems, Kobe, Japan, pp. 238–243 (2012)
Atymtayeva, L., Kozhakhmet, K., Bortsova, G.: Some Issues of Development of Intelligent System for Information Security Auditing. In: Proceedings of the International Conference of Computational Intelligence and Intelligent Systems 2012, London, UK, June 1-2, vol. 2, pp. 725–731 (2012)
Atymtayeva, L., Kozhakhmet, K., Bortsova, G., Inoue, A.: Expert System for Security Audit Using Fuzzy Logic. In: Proceedings of the 23rd Midwest Artificial Intelligence and Cognitive Science Conference, MAICS, Cincinnati, USA, April 21-22, pp. 146–151 (2012), http://ceur-ws.org/Vol-841/
Atymtayeva, L., Akzhalova, A., Kozhakhmet, K., Naizabayeva, L.: Development of Intelligent Systems for Information Security Auditing and Management:Review and Assumptions Analysis. In: Proceedings of the 5th International Conference on Application of Information and Communication Technologies, Baku, Azerbaijan, October 12-14, pp. 87–91 (2011)
Tsudik, G., Summers, R.: AudES - an Expert System for Security Auditing. IBM Los Angeles Scientific Center (1990)
Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: ASIACCS 2009: Proceedings of the 2009 ACM Symposium on Information, Computer and Communications Security. ACM (2009)
Threats catalogue on Information Systems Information technology — Security techniques — Code of practice for information security management (2005)
ISO/IEC 27002:2005, Information technology — Security techniques — Code of practice for information security management (2005)
Maljuk, A.A.: Information Security: Contemporary Issues. Security Information Tehnologiy (1), 5–9 (2010)
Domarev, V.V.: Safety of information technology. The System approach - Kiev, p. 992. Publishing House, Diasoft (2004)
Maljuk, A.: On the intensification of information security. Security of Information Technology (1), 6–10 (2011)
Maljuk, A.A.: Information security; conceptual and methodological framework for the protection of information. Textbook. allowance for vuzov. M: Hot
Line-Telecom, - 280c (2004)
Gerasimenko, V.A., Maljuk, A.A.: Framework for the protection of information. MEPI, Moscow (1997)
Maksimov, V.I., Kornoushenko, E.K.: The analytical basis for the use cognitive approach in solving semi-structured problems
Proceedings of the Institute of Control Sciences. - M.,- T. 2, pp. 95–109 (1999)
Castells, M.: The Information Age: Economy, Society and Culture. In: Shkaratan, O.I. (ed.) Per. from English. Under Teach., Moscow (2000)
Azhmuhamedov, I.M.: The principles of integrated security Information Systems. Journal ASTU. Series: Governance
Computer Engineering and Computer Science 1, 7–11 (2011)
Skorodumov BI on conceptual and terminological apparatus
Information Security. BIT (4), 43–45 (2008)
The Federal Law of 27.12.2002, 184-FZ (as amended. 1 December 2007). On technical regulation. Confident 2, C.44–C.49 (2002)
Nikolaev, Y.I.: Designing secure information technology, p. 312. St. Petersburg State Technical Publishing, St. Petersburg (1997)
Rumyantsev, O.G., Dodonov, V.N.: Legal encyclopedia, Moscow, vol. INFRA-M (1997)
Dotsenko, E.L.: Psychological Manipulation 295 (1996)
Crimean, L.A.: Organizational Data Protection, http://www.dsec.ru/about/articles/stuff
Vihorev, S.V.: The classification of information security threats
Cnews.ru annual review of Network attacks and system information Safety 2001, http://www.elvis.ru/informatorium_networks.shtml
Lukatckiy, A.: Detection of attacks. BHV-Petersburg, St. Petersburg (2003)
Vihorev, S.V., Kobtsev, R.Y.: How to identify the sources of threats? Open number of 7-8/2002g, http://www.elvis.ru/files/howto.pdf
http://art.thelib.ru/computers/security/mir_atak_mnogoobrazen.html # ixzz1PQX
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Atymtayeva, L., Kozhakhmet, K., Bortsova, G. (2014). Building a Knowledge Base for Expert System in Information Security. In: Cho, Y., Matson, E. (eds) Soft Computing in Artificial Intelligence. Advances in Intelligent Systems and Computing, vol 270. Springer, Cham. https://doi.org/10.1007/978-3-319-05515-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-05515-2_7
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-05514-5
Online ISBN: 978-3-319-05515-2
eBook Packages: EngineeringEngineering (R0)