Abstract
The data collection process for risk assessment highly depends on the security experience of security staffs of an organization. It is difficult to have the right information security staff, who understands both the security requirements and the current security state of an organization and at the same time possesses the skill to perform risk assessment. However, a well defined knowledge model could help to describe categories of knowledge required to guide the data collection process. In this paper, a knowledge framework is introduced, which includes a knowledge model to define the data skeleton of the risk environment of an organization and security patterns about relationships between threat, entity and countermeasures; and a data integration mechanism for integrating distributed security related data into a security data repository that is specific to an organization for information security modelling. © 2006 Shuangyan Liu, Chinghang Cheung, and Lamfor Kwok.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of 4th Australian Information Security Management Conference |
| Publication status | Published - 2006 |
| Event | 4th Australian Information Security Management Conference, AISM - Perth, WA, Australia Duration: 5 Dec 2006 → 5 Dec 2006 |
Conference
| Conference | 4th Australian Information Security Management Conference, AISM |
|---|---|
| Place | Australia |
| City | Perth, WA |
| Period | 5/12/06 → 5/12/06 |
Research Keywords
- Data Integration
- Information Security Management
- Knowledge Representation
- Risk Analysis
Fingerprint
Dive into the research topics of 'A knowledge framework for information security modeling'. Together they form a unique fingerprint.Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver