Specification for asset identification 1.1

Wunder, John R.; Halbardier, Adam; Waltermire, David

doi:10.6028/nist.ir.7693

Cited by 17 publications

(12 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many established ISRM methods center around assets, the NIST Specification for Asset identification [169] uses three main classes of information system related assets; (i) Persons, (ii) Organization, and (iii) Information Technology. In addition, it provides nine sub-classes of assets of Information technology.…”

Section: Context Establishment For Isrmmentioning

confidence: 99%

See 1 more Smart Citation

Cyber Security Risk Assessment of a DDoS Attack

Wangen¹,

Shalaginov²,

Hallstensen³

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Section: Context Establishment For Isrmmentioning

confidence: 99%

“…Knowledge is viewed as an intangible asset [147], but e.g. is not included in the asset overviews in [169] or [15]. However, loss of availability due to lack of knowledge is a plausible IS risk (e.g.…”

Section: Information and Knowledgementioning

confidence: 99%

Cyber Security Risk Assessment of a DDoS Attack

Wangen¹,

Shalaginov²,

Hallstensen³

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

“…SCAP content benefits from multiple sources, among them the National Vulnerability Database (NVD) or the MITRE Open Vulnerability and Assessment Language (OVAL) Database [30]. SCAP also defines the Asset Identification (AI) specification [31]. Its primary use is better correlation, assessment and management of every asset-related piece of information (vulnerabilities, weaknesses, alerts, system events).…”

Section: Related Workmentioning

confidence: 99%

Risk Management Processes

Chambers¹,

Rand²

2012

The Operational Auditing Handbook

View full text Add to dashboard Cite

Abstract-Asset information obtained via infrastructure analysis is essential for developing and establishing risk management. However, information about assets acquired by existing infrastructure analysis processes is often incomplete or lacking in detail, especially concerning their interconnected topology. In this paper, we present the Interconnected-asset Ontology, IO, as a step towards a standardized representation of detailed asset information. The utilization of an asset ontology as a machine-readable representation supports the automation of risk management processes and the standardization of asset information reduces redundant acquisition processes that are often found in practice.

show abstract

“…Knowledge is viewed as an intangible asset [37], but e.g. is not included in the asset overviews in [28] or [6]. However, loss of availability due to lack of knowledge is a plausible IS risk (e.g.…”

Section: B Summary Of Comparison Bpm and Isrmmentioning

confidence: 99%

“…Many established ISRM methods center around assets, the NIST Specification for Asset identification [28] uses three main classes of information system related assets; (i) Persons, (ii) Organization, and (iii) Information Technology. In addition, it provides nine sub-classes of assets of Information technology.…”

Section: Context Establishment For Isrmmentioning

confidence: 99%

A Comparison between Business Process Management and Information Security Management

Wangen¹,

Snekkenes²

2014

Annals of Computer Science and Information Systems

View full text Add to dashboard Cite

Abstract-Information Security Standards such as NIST SP 800-39 and ISO/IEC 27005:2011 are turning their scope towards business process security. And rightly so, as introducing an information security control into a business-processing environment is likely to affect business process flow, while redesigning a business process will most certainly have security implications. Hence, in this paper, we investigate the similarities and differences between Business Process Management (BPM) and Information Security Management (ISM), and explore the obstacles and opportunities for integrating the two concepts. We compare three levels of abstraction common for both approaches; top-level implementation strategies, organizational risk views & associated tasks, and domains. With some minor differences, the comparisons shows that there is a strong similarity in the implementation strategies, organizational views and tasks of both methods. The domain comparison shows that ISM maps to the BPM domains; however, some of the BPM domains have only limited support in ISM.

show abstract

Specification for asset identification 1.1

Cited by 17 publications

References 0 publications

Cyber Security Risk Assessment of a DDoS Attack

Cyber Security Risk Assessment of a DDoS Attack

Risk Management Processes

A Comparison between Business Process Management and Information Security Management

Contact Info

Product

Resources

About