NDLI: Information security metric integrating enterprise objectives

Content Provider	IEEE Xplore Digital Library
Author	Karabey, B. Baykal, N.
Copyright Year	2009
Description	Author affiliation: Informatics Institute, Middle East Technical University, Ankara, Turkey (Karabey, B.; Baykal, N.)
Abstract	Security is one of the key concerns in the domain of information technology systems. Maintaining the confidentiality, integrity and availability of such systems, mandates a rigorous prior analysis of the security risks that confront these systems. In order to analyze, mitigate and recover from these risks a metrics based approach is essential in prioritizing the response strategies against these risks. In addition to that the enterprise objectives must be focally integrated in the definition, impact calculation and prioritization phases of this analysis to come up with metrics that are useful both for the technical and managerial communities within an organization. Also the inclusion of enterprise objectives in the identification of information assets will act as a preliminary filter to overcome the real life scalability issues inherent with such threat modeling efforts. Within this study an attack tree based approach will be utilized to offer an information security risk metric that integrates the enterprise objectives with the information asset vulnerabilities within an organization. In the essential step of enterprise resource identification, the resource-based view of a company will be utilized.
Starting Page	144
Ending Page	148
File Size	627473
Page Count	5
File Format	PDF
ISBN	9781424441693
DOI	10.1109/CCST.2009.5335549
Language	English
Publisher	Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Publisher Date	2009-10-05
Publisher Place	Switzerland
Access Restriction	Subscribed
Rights Holder	Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subject Keyword	Information security Information technology Risk analysis Risk management Availability Information filtering Information filters Scalability Companies Information management resource based view risk metrics attack trees enterprise objectives
Content Type	Text
Resource Type	Article

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in