A study on information security management system evaluation - assets, threat and vulnerability

被引：24

作者：

Farn, KJ ^{[1
]}

Lin, SK ^{[1
]}

Fung, ARW ^{[1
]}

机构：

[1] Natl Chiao Tung Univ, Inst Informat Management, Hsinchu 300, Taiwan

来源：

COMPUTER STANDARDS & INTERFACES | 2004年 / 26卷 / 06期

关键词：

certification; evaluation; framework; Information Security Management System; National Information Assurance Certification and; accreditation process;

D O I：

10.1016/j.csi.2004.03.012

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

The security of information system is like a chain. Its strength is affected by the weakest knot. Since we can achieve 100% Information Security Management System (ISMS) security, we must cautiously fulfill the certification and accreditation of information security. In this paper, we analyzed, studied the evaluation knowledge and skills required for auditing the certification procedures for the three aspects of ISMS-asset, threat, and vulnerability. (C) 2004 Elsevier B.V. All rights reserved.

引用

页码：501 / 513

页数：13

共 24 条

[1]

Abrams M. D., 2000, Computer Security Journal, V16, P11

[2]

AHLBIN M, 2003, 4 INF COMM CRIT C ST

[3]

CAI MS, 2003, LIBERTY TIMES 0528, P1

[4]

CHEN YX, 2002, UNITED DAILY 0801, P8

[5] Survivable network system analysis: A case study [J].

Ellison, RJ ;

Linger, RC ;

Longstaff, T ;

Mead, NR .

IEEE SOFTWARE, 1999, 16 (04) :70-77

[6]

Fung ARW, 2003, COMPUT STAND INTER, V25, P447, DOI [10.1016/S0920-54, 10.1016/S0920-5489(03)00014-X]

[7]

HERMAN D, 2001, COMPUTER SECURITY J, V17, P21

[8]

*ISO, 1999, 15408 ISOIEC

[9]

*ISO, 1996, INF TECHN GUID MAN 1

[10]

*ISO IEC, 2003, N3592 ISOIEC JTC1SC2

← 1 2 3 →