Wednesday, June 10, 2020

The Challenges Facing Proper Implementation - 1100 Words

The Challenges Facing Proper Implementation of Information Assurance Assessment and Evaluations in Enterprises (Annotated Bibliography Sample) Content: The Challenges Facing Proper Implementation of Information Assurance Assessment and Evaluations in EnterprisesNameInstitutionThe Challenges Facing Proper Implementation of Information Assurance Assessment and Evaluations in EnterprisesBeres, Y. (2009). Using security metrics coupled with predictive modelling and simulation to assess security processes. In Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement (564-573). IEEE Computer Society.The authors discuss the various challenges faced by decision-makers and security practitioners when deciding about the level of security protection needed for their information systems. Practitioners are usually concerned about the level of protection due to their high investments in their businesses. They find it hard to protect information in environments where the threats, regulation, and security protection policies keep changing. The authors propose the measures that can be adopt ed to increase the level of information security in information assessment systems. They emphasize the need to implement process-based metrics instead of the symptomatic lagging indicators that are common in many organizations. They show how the process-based metrics can be combined with predictive, executable models based on sound mathematical formulas. They argue that it is important to test information protection systems by subjecting them to vulnerable situations to see how they can perform in case of future attacks. The authors present two case-studies which focus on the areas of identity and access management, and vulnerably threats to show how simulation-based models can be used to strengthen information systems. They explore potential threat situations and come up with effective solutions on how the threats can be redressed. They defend their approach to information protection because it enables organizations to apply the security metrics that are more favourable to their or ganizations. Jansen, W. (2010). Directions in security metrics research. DIANE Publishing.The authors present a comprehensive analysis of the effectiveness of security metrics in protecting information systems. They criticize the fact that there is a lot of literature on the use of security metrics but there is little literature on whether security metrics are actually successful in implementation. They emphasize the importance of information security metrics when making critical decisions about the various security aspects including the efficiency of security operations and the design of security architecture. In their book, they strive to offer an objective and quantitative basis for security assurance. They classify the importance of security metrics into three broad categories: tactical oversight; quality assurance, and strategic support. Strategic support involves assessing different security feature that aid processes such as service and product selection, resource allocation, and program planning. According to the author, the function of quality assurances comes into play as security metrics can be used in the software development lifecycle to get rid of vulnerabilities. The author emphasizes the importance of security metrics in tracking potential security flaws and vulnerabilities and measurement of adherences to coding standards. The tactical oversight role is for reporting and monitoring of the level of compliance that an IT system has with security requirements. Ryan, J et al. (2012). Quantifying information security risks using elicitation. Computers Operations Research, 39(4), 774-784.The paper begins by explaining the difficulties faced in the information security industry when determining the qualitative level of vulnerabilities and risks that an enterprise faces. The authors argue that effective understanding of information protection models is needed to offer the sufficient level of security needed for each business enterprise. They stipulat e that there is no universally applicable information protection system, and that the level of information protection needed for each system should be determined on a case to case basis. They emphasize that quantitative approaches to risk management are better than qualitative approaches. They mourn the fact that sufficient quantitative data has not been collected and analyzed scientifically. Traditional quantitative methods such as observations, surveys, and experiments should not be used to determine the effectiveness of an information security system because they contain significant loopholes. They call for the need for judgement analysis specialists and security specialists to professionally explore the most efficient parameters for protection against threats and vulnerabilities. Savola, R. (2009). A Security Metrics Taxonomization Model for Software Intensive Systems. JIPS, 5(4), 197-206.The author calls for new high-level metrics to develop software intensive security metrics. They propose a model which organizes and systematizes security metrics formulation activities. Their study focuses on the security performance and security level of technical information systems while taking into consideration different management goals and the alignments of security metrics with diverse business objectives. They place emphasis on business and project management, secure system life cycle and the general security of information systems. They state that risk-based security metrics should be prioritized when determining the effectiveness of system security protection. They point out that the information security protection industry is plagued by challenges such as the connectivity and complexity of software-intensive systems. They argue that vulnerabilities and threats can be avoided by using predictable models to determine the security and cost-effectiveness of software systems during the development cycle. The main objective of their study is to introduce on objecti ve model for information protection based on adequate analysis of IT systems. The paper analyzes the role of different fundamental measurement objectives on specific areas of information security systems. The author argues that it is essential to predict the effectiveness of security metrics by simulating risk-driven information threats. They divide security metrics into organizational, operational, and technical categories. Stoll, M., Breu, R. (2013). Information security measurement roles and responsibilities. In Emerging Trends in Computing, Informatics, Systems Sciences, and Engineering (11-23). Spr...

No comments:

Post a Comment