On Optimizing the Path to Information Security Compliance

Dieguez, Mauricio; Sepúlveda, Samuel; Cares, Carlos

doi:10.1109/quatic.2012.44

Cited by 2 publications

(6 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…However, we can identify works that address other research issues, namely: Requirements [16], [3], [27], [29]; Audit [17], [21], [23], [24]; Knowledge Management [12], [22], [34], [40].…”

Section: Discussion and Related Workmentioning

confidence: 99%

“…Table 1 presents the keywords and the search string. [11]; [12]; [13]; [14]; [15,16]; [17]; [18]; [19]; [20]; [21]; [22]; [23]; [24]; [25]; [26]; [27]; [28]; [29]; [30]; [31]; [32]; [33]; [34]; [35]; [36]; [37]; [38]; [39]; [40]; [41]; [42]; [43]; [44]; [45]; [44]; [8]; [46]; [47]. Generic and abstract proposals (Top-Level Ontologies) can be found in [48], [3], [49], [50], and [51].…”

Section: Surveymentioning

confidence: 99%

“…: Risk Management, Security Policies; Incident Analysis; Attack Patterns, Performance Tests; Expert Systems Tests, etc.). Works which aim to describe domains and sub-domains are the following: [11]; [12]; [13]; [14]; [15,16]; [17]; [18]; [19]; [20]; [21]; [22]; [23]; [24]; [25]; [26]; [27]; [28]; [29]; [30]; [31]; [32]; [33]; [34]; [35]; [36]; [37]; [38]; [39]; [40]; [41]; [42]; [43]; [44]; [45]; [44]; [8]; [46]; [47].…”

Section: Research Work On Ontologiesmentioning

confidence: 99%

See 2 more Smart Citations

A Survey of Security Assessment Ontologies

Rosa¹,

Jino²

2017

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

Abstract.A literature survey on ontologies concerning the Security Assessment domain has been carried out to uncover initiatives that aim at formalizing concepts from the "Security Assessment" field of research. A preliminary analysis and a discussion on the selected works are presented. Our main contribution is an updated literature review, describing key characteristics, results, research issues, and application domains of the papers. We have also detected gaps in the Security Assessment literature that could be the subject of further studies in the field. This work is meant to be useful for security researchers who wish to adopt a formal approach in their methods.

show abstract

“…However, we can identify works that address other research issues, namely: Requirements [16], [3], [27], [29]; Audit [17], [21], [23], [24]; Knowledge Management [12], [22], [34], [40].…”

Section: Discussion and Related Workmentioning

confidence: 99%

Section: Surveymentioning

confidence: 99%

Section: Research Work On Ontologiesmentioning

confidence: 99%

See 1 more Smart Citation

A Survey of Security Assessment Ontologies

Rosa¹,

Jino²

2017

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

show abstract

“…Además, se debe considerar el caso en el que una organización desea cumplir con más de una norma de seguridad, como las organizaciones públicas, que, además de intentar lograr una norma internacional, debe cumplir con las normas locales regulaciones y políticas gubernamentales (Diéguez, Cares, & Sepúlveda, 2012).…”

Section: Gestión De Los Controles De Seguridad De La Informaciónunclassified

“…En un artículo anterior (Diéguez et al, 2012), propusimos un método de selección de ISC. Nuestro modelo, al igual que los cinco seleccionados, puede considerarse como un problema de optimización multi-objetivos, pero, a diferencia de los anteriores, considera las dependencias entre los controles.…”

Section: Gestión De Los Controles De Seguridad De La Informaciónunclassified

Comparación de dos enfoques cuantitativos para seleccionar controles de seguridad de la información

Dieguez

Cares

2019

RISTI

Self Cite

View full text Add to dashboard Cite

Resumen: Proporcionar procesos y herramientas sistemáticos para tomar una decisión sobre inversiones en seguridad en un escenario con restricciones presupuestarias, es de suma importancia para asegurar que dichas decisiones se tomen adecuadamente. Presentamos un enfoque de programación de conjunto de respuestas (ASP) para resolver este problema. Nuestra propuesta se compara con el desarrollo del problema utilizando programación lineal (PL). Ilustramos la fase de modelado y el rendimiento computacional de ambas soluciones. El modelo ASP presenta tiempos de resolución del tipo exponencial a medida que aumenta el número de controles sobre los que debe decidirse. Por otro lado, el modelo basado en PL no presenta variaciones importantes en sus tiempos de resolución de problemas. Sin embargo, el problema es más fácil de modelar en ASP. Luego, esta propuesta tiene ventajas para modelar y resolver problemas específicos en los que se requiere una respuesta rápida con una baja cantidad de controles. Palabras-clave:Answer set programming; Programación lineal; Optimización; Controles de seguridad de la información; Sistema de gestión de seguridad de la información. Comparing Two Quantitative Approaches to Select Information Security ControlsAbstract: Provide systematic processes and tools to make a decision about security investments under a scenario of budget constraints, is of paramount importance to assure that such decisions are soundly made. We present a answer set programming (ASP) approach to solve this problem. Our proposal is then compared against a traditional linear programming (LP) operational research technique. We illustrate the modeling phase and computational performance of both solutions. The model based on ASP presents resolution times of the exponential type as the number of controls over which it must be decided increases. On the other hand, the model based on LP does not present important variations in its problem resolution times. RISTI, N.º 32, 06/2019Comparación de dos enfoques cuantitativos para seleccionar controles de seguridad de la información However, the problem is easier to model in ASP. Then, this proposal has advantages for modeling and solving specific problems in which a rapid response is required and which do not require many controls.

show abstract

On Optimizing the Path to Information Security Compliance

Cited by 2 publications

References 15 publications

A Survey of Security Assessment Ontologies

A Survey of Security Assessment Ontologies

Comparación de dos enfoques cuantitativos para seleccionar controles de seguridad de la información

Contact Info

Product

Resources

About