Skip to main content Accessibility help

We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.

Close cookie message
×
Hostname: page-component-5c6d5d7d68-wpx84 Total loading time: 0 Render date: 2024-08-24T16:47:19.501Z Has data issue: false hasContentIssue false

14 - Computer and network security risk management

from IV - Protecting enterprises

Published online by Cambridge University Press:  11 September 2009

Mohammad Obaidat  and
Noureddine Boudriga
Mohammad Obaidat
Affiliation:
Monmouth University, New Jersey
Noureddine Boudriga
Affiliation:
Université du 7 Novembre à Carthage, Tunis
Get access

Summary

The use of communication technologies to conduct business has become a crucial factor that can significantly increase productivity. The need to secure information systems and networked infrastructures is now a common preoccupation in most enterprises. As a result, strong links are being established between security issues, communication technologies, an enterprise's security policy, and an enterprise's business activity. Risk management has become an important procedure for any enterprise that relies on the Internet and e-means in its daily work. Risk management determines the threats and vulnerabilities of any e-based system. It also integrates architectures, techniques, and models. This chapter attempts to deal with all of the above concepts and techniques.

Introduction

The development of information and communication technologies, especially the Internet, has prompted enterprises to redesign their communication infrastructure in order to take benefit of this visibility factor and re-engineer their business processes by implementing projects online, managing virtual enterprises, and externalizing their activities. Renovation and ICT use have contributed significantly to the success of many companies. Nevertheless, the current growth of digital attacks has caused decision makers in enterprises to doubt the confidence in information technology. In fact, security incidents that occurred recently (as discussed in the previous chapters) have emphasized three important facts: (a) computer network attacks can induce a huge damage on business activity, (b) many of the attacked enterprises have active security infrastructures at the moment the security incident occurred, and (c) the security infrastructure costs vary highly from one enterprise to the other based on the security policy adopted and the nature of the activity performed by the enterprise.

Type
Chapter
Information
Security of e-Systems and Computer Networks , pp. 325 - 350
Publisher: Cambridge University Press
Print publication year: 2007

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Alberts, C. J. and Dorofee, A. J. (2002). Managing Information Security Risks: the OCTAVE Approach. Addison-Wesley.Google Scholar
Barber, B. and Davey, J. (1992). The use of the CCTA risk analysis and management methodology CRAMM. In MEDINFO ‘92, North Holland, 1589–93.Google Scholar
Campbell, R. P. (1979). A modular approach to computer security risk management. Proceedings of the AFIPS Conference, 1979.
Mc, Dermott J. (2000). Attack net penetration testing. The 2000 New Security Paradigms Workshop, Ballycotton, County Cork, Ireland, September 2000.Google Scholar
Fessi, B. A., Hamdi, M., Benabdallah, S., and Boudriga, N. (2004). A decisional framework system for computer network intrusion detection. Conference on Multi-Objective Programming and Goal Programming, Hammamet, Tunisia, 2004.Google Scholar
Hamdi, M., Boudriga, N., Krichene, J., and Tounsi, M. (2003). NetRAM: a novel method for network security risk management. Nordic Workshop on Secure IT Systems (NordSec), Gjovik, Norway.Google Scholar
M.J., Hamdi, Krichene, and N., Boudriga (2004). Collective Computer Incident Response using Cognitive Maps, IEEE Conference on Systems, Man, and Cybernetics (IEEE SMC 2004), The Hague, Netherlands, October 10–13, 2004.
Hamdi, M. and Boudriga, N. (2005). Computer and network security risk management: theory, challenges and countermeasures. International Journal of Communication Systems, to appear, 2006.Google Scholar
Krichene, J., Boudriga, N., and Guemara, S. (2003). SECOMO: An estimation cost model for risk management, Proceedings 7th Intern. Conf. Telecom. (ConTel'03), pp. 593–599, Zaghreb, Croatia, June 11–13, 2003.Google Scholar
Moore, A. P., Ellison, R. J., and Linger, R. C. (2001). Attack Modeling for Information Security and Survivability, CMU/SEI Technical Report, CMU/SEI-2001-TN-01.CrossRefGoogle Scholar
Ozier, W. (2000). Risk analysis and assessment. In Handbook of Information Security, 4th edn. Krause, M., Tipton, H. F. (authors), Auerbach Press, Chapter 15, pp. 247–285.Google Scholar
Peltier, T. R. (2001). Information Security Risk Analysis. Auerbach Editions (available at: http://www.sei.cmu.edu/about/website/indexes/siteIndex/siteIndexTR.html).
Schneier, B. (2000). Secrets and Lies: Digital Security in a Networked World. Wiley.Google Scholar
Schumacher, M., C. Hall, M. Hurler, and A. Buchmann (2000). Data Mining in Vulnerability Databases, March 2000.
Stolen, K., F. den Braber, T. Dimitrakos, R. Fredriksen, B. A. Gran, S.-H. Houmb, Y. C. Stamatiou, and J. O. Aagedal (2003). Model-based risk assessment in a component-based software engineering process: the CORAS approach to identify security risks. In Business Component-Based Software Engineering, F., Barbier (ed.), Kluwer, pp. 189–207.Google Scholar

Save book to Kindle

To save this book to your Kindle, first ensure coreplatform@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

Available formats
×