Abstract
In this paper, we propose a web application for security policy management by using threats-countermeasure model based on international standards. The main objective of this research is to create a knowledge-base to identify and specify the threats that affect the IT environment. In addition, our proposed knowledge-base system intends to fuse similar security controls or objectives to create effectively a security guideline for a specific IT environment. This web application display a detail of the most common threats to the information systems, and for each threat, present a set of related security controls from different international standards including ISO/IEC 27002.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ISO/IEC 15408. Common Criteria for Information Technology Security Evaluation Part 1-3. Version 3 CCIMB-99-031 (August 1999)
ISO/IEC TR 15446. Information technology - Security techniques - Guide for the production of protection profiles and security targets (2004)
ISO/IEC TR 13335-1-5, Information technology - Guidelines for the management of IT Security
ISO/IEC 17799. Information technology - Code of practice for information security management (2000)
ISO/IEC 27001. Information technology - Security techniques - Information security management systems - Requirements (2005)
Ramirez Caceres, G.H., Teshigawara, Y.: Proposal of a Creation Method for Secure and Trusted IT Environment Based on Multiple International Standards. In: APNOMS 2006, Busan, Korea (September 2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Caceres, G.H.R., Teshigawara, Y. (2008). A Knowledge-Based Tool to Support Clear Relationship between Threats and Countermeasures Based on International Standards. In: Ma, Y., Choi, D., Ata, S. (eds) Challenges for Next Generation Network Operations and Service Management. APNOMS 2008. Lecture Notes in Computer Science, vol 5297. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88623-5_67
Download citation
DOI: https://doi.org/10.1007/978-3-540-88623-5_67
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88622-8
Online ISBN: 978-3-540-88623-5
eBook Packages: Computer ScienceComputer Science (R0)