Defining the Minimum Security Baseline in a Multiple Security Standards Environment by Graph Theory Techniques-Reference-Cited by-同舟云学术

Defining the Minimum Security Baseline in a Multiple Security Standards Environment by Graph Theory Techniques

Published:2019-02-17 Issue:4 Volume:9 Page:681
ISSN:2076-3417
Container-title:Applied Sciences
language:en
Short-container-title:Applied Sciences

Author:

Olifer Dmitrij,Goranin Nikolaj,Cenys Antanas,Kaceniauskas Arnas,Janulevicius Justinas

Abstract

One of the best ways to protect an organization’s assets is to implement security requirements defined by different standards or best practices. However, such an approach is complicated and requires specific skills and knowledge. In case an organization applies multiple security standards, several problems can arise related to overlapping or conflicting security requirements, increased expenses on security requirement implementation, and convenience of security requirement monitoring. To solve these issues, we propose using graph theory techniques. Graphs allow the presentation of security requirements of a standard as graph vertexes and edges between vertexes, and would show the relations between different requirements. A vertex cover algorithm is proposed for minimum security requirement identification, while graph isomorphism is proposed for comparing existing organization controls against a set of minimum requirements identified in the previous step.

Publisher

MDPI AG

Subject

Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science

Link

http://www.mdpi.com/2076-3417/9/4/681/pdf

Reference64 articles.

1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation)http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG

2. PCI DSS: 2016. Payment Card Industry Data Security Standard,2016

3. COBIT 5: A Business Framework for the Governance and Management of Enterprise IT,2018

4. Internal Control–Integrated Framework,2013

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Countermeasures and their taxonomies for risk treatment in cybersecurity: A systematic mapping review;Computers & Security;2023-05

2. Cyber-Physical Power System (CPPS): A Review on Modeling, Simulation, and Analysis With Cyber Security Applications;IEEE Access;2020

3. Attack Graph Implementation and Visualization for Cyber Physical Systems;Processes;2019-12-20

4. Research on automated knowledge base generation methods of information security risk analysis expert systems