Study on sensitive information leakage vulnerability modeling-Reference-Cited by-同舟云学术

Study on sensitive information leakage vulnerability modeling

Published:2015-01-12 Issue:1 Volume:44 Page:77-88
ISSN:0368-492X
Container-title:Kybernetes
language:en
Short-container-title:

Author:

Kim Sung-Hwan,Kim Nam-Uk,Chung Tai-Myoung

Abstract

Purpose – The purpose of this paper is to provide a model for quantitatively analyzing the security profile of an organization’s IT environment. The model considers the security risks associated with stored data, as well as services and devices that can act as channels for data leakages. The authors propose a sensitive information (SI) leakage vulnerability model. Design/methodology/approach – Factors identified as having an impact on the security profile are identified, and scores are assigned based on detailed criteria. These scores are utilized by mathematical models that produce a vulnerability index, which indicates the overall security vulnerability of the organization. In this chapter, the authors verify the model result extracted from SI leakage vulnerability weak index by applying the proposed model to an actual incident that occurred in South Korea in January 2014. Findings – The paper provides vulnerability result and vulnerability index. They are depends on SI state in information systems. Originality/value – The authors identify and define four core variables related to SI leakage: SI, security policy, and leakage channel and value of SI. The authors simplify the SI leakage problem. The authors propose a SI leakage vulnerability model.

Publisher

Emerald

Subject

Computer Science (miscellaneous),Social Sciences (miscellaneous),Theoretical Computer Science,Control and Systems Engineering,Engineering (miscellaneous)

Reference18 articles.

1. Alberts, C. , Dorofee, A. , Stevens, J. and Woody, C. (2003), Introduction to the OCTAVE Approach , Carnegie Mellon University, Pittsburgh, PA.

2. Alberts, C.J. and Dorofee, A. (2002), Managing Information Security Risks: The OCTAVE Approach , Addison-Wesley Longman Publishing Co. Inc., Boston, MA.

3. Anderson, R. (2001), “Why information security is hard-an economic perspective”, Computer Security Applications Conference, ACSAC 2001. Proceedings 17th Annual 2001, IEEE, pp. 358-365.

4. Beigi, M. , Devarakonda, M. , Jain, R. , Kaplan, M. , Pease, D. , Rubas, J. , Sharma, U. and Verma, A. (2005), “Policy-based information lifecycle management in a large-scale file system, Policies for Distributed Systems and Networks”, Sixth IEEE International Workshop on 2005, IEEE, pp. 139-148.

5. Blakley, B. , Mcdermott, E. and Geer, D. (2001), Information Security is Information Risk Management, Proceedings of the 2001 Workshop on New Security Paradigms , ACM, Cloudcroft, New Mexico, pp. 97-104.