Quantitative Model in Security Informatics Risk Assessment
This paper shows the importance of approaching in security Risk Assessment (RA) about Quantitative model in Risk Management. The RA has been calculated with qualitative method by different framework, for example: RISK IT FRAMEWORK (COBIT Component) [7], OCTAVE – ALLEGRO [8], MAGERIT V3 [9], FAIR [4]...
Guardado en:
| Autor principal: | |
|---|---|
| Formato: | info:eu-repo/semantics/article |
| Lenguaje: | spa |
| Publicado: |
UNIVERSIDAD ANTONIO NARIÑO
2016
|
| Materias: | |
| Acceso en línea: | https://revistas.uan.edu.co/index.php/ingeuan/article/view/414 https://repositorio.uan.edu.co/handle/123456789/10477 |
| Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| _version_ | 1813305975547887616 |
|---|---|
| author | Casanova, Andrés |
| author_facet | Casanova, Andrés |
| author_sort | Casanova, Andrés |
| collection | DSpace |
| description | This paper shows the importance of approaching in security Risk Assessment (RA) about Quantitative model in Risk Management. The RA has been calculated with qualitative method by different framework, for example: RISK IT FRAMEWORK (COBIT Component) [7], OCTAVE – ALLEGRO [8], MAGERIT V3 [9], FAIR [4], ISO 27005 [11], NIST800-30 [3]. All frameworks included in the scope the Risk Assessment; however this is more qualitative than quantitative. In this work, we propose a methodology to support the implementation and execution risk management, using quantitative risk assessment method. The methodology is based on three components: secure capture logs (apply networks forensic technical), likelihood risk or log analysis with logistic regression and risk assessment with influence diagrams. |
| format | info:eu-repo/semantics/article |
| id | repositorio.uan.edu.co-123456789-10477 |
| institution | Repositorio Digital UAN |
| language | spa |
| publishDate | 2016 |
| publisher | UNIVERSIDAD ANTONIO NARIÑO |
| record_format | dspace |
| spelling | repositorio.uan.edu.co-123456789-104772024-10-14T03:48:15Z Quantitative Model in Security Informatics Risk Assessment Modelo de Evaluación Cuantitativa de Riesgos en Seguridad Informática Casanova, Andrés Análisis Forense Logs Seguridad informática Evaluación de riesgos Regresión logística Diagramas de influencias Risk Assessment Information security logistic regression statistics model influence diagrams IDS Network forensic This paper shows the importance of approaching in security Risk Assessment (RA) about Quantitative model in Risk Management. The RA has been calculated with qualitative method by different framework, for example: RISK IT FRAMEWORK (COBIT Component) [7], OCTAVE – ALLEGRO [8], MAGERIT V3 [9], FAIR [4], ISO 27005 [11], NIST800-30 [3]. All frameworks included in the scope the Risk Assessment; however this is more qualitative than quantitative. In this work, we propose a methodology to support the implementation and execution risk management, using quantitative risk assessment method. The methodology is based on three components: secure capture logs (apply networks forensic technical), likelihood risk or log analysis with logistic regression and risk assessment with influence diagrams. El artículo presenta el desarrollo de un proyecto orientado hacia la evaluación de un modelado que permita a los profesionales en seguridad informática, fundamentar la evaluación de riesgos de seguridad sobre bases de estimación cuantitativas, soportándose para ello en herramientas tales como: Regresión logística, Diagramas de Influencia y Network Forensic, que permitan capturar datos de volúmenes de transacciones (archivos tipo LOG), garantizando su integridad y seguridad de dicha información, con el fin de llegar a cálculos de probabilidad numérica, sobre escenarios de riesgo detectados en los logs transaccionales y en las trazas que dejan los registros en un IDS SNORT. 2016-02-24 2024-10-10T02:25:41Z 2024-10-10T02:25:41Z info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion http://purl.org/coar/resource_type/c_6501 http://purl.org/coar/version/c_970fb48d4fbd8a85 https://revistas.uan.edu.co/index.php/ingeuan/article/view/414 https://repositorio.uan.edu.co/handle/123456789/10477 spa https://revistas.uan.edu.co/index.php/ingeuan/article/view/414/349 https://creativecommons.org/licenses/by-nc-sa/4.0 http://purl.org/coar/access_right/c_abf2 application/pdf UNIVERSIDAD ANTONIO NARIÑO INGE@UAN - TENDENCIAS EN LA INGENIERÍA; Vol. 6 Núm. 11 (2015) 2346-1446 2145-0935 |
| spellingShingle | Análisis Forense Logs Seguridad informática Evaluación de riesgos Regresión logística Diagramas de influencias Risk Assessment Information security logistic regression statistics model influence diagrams IDS Network forensic Casanova, Andrés Quantitative Model in Security Informatics Risk Assessment |
| title | Quantitative Model in Security Informatics Risk Assessment |
| title_full | Quantitative Model in Security Informatics Risk Assessment |
| title_fullStr | Quantitative Model in Security Informatics Risk Assessment |
| title_full_unstemmed | Quantitative Model in Security Informatics Risk Assessment |
| title_short | Quantitative Model in Security Informatics Risk Assessment |
| title_sort | quantitative model in security informatics risk assessment |
| topic | Análisis Forense Logs Seguridad informática Evaluación de riesgos Regresión logística Diagramas de influencias Risk Assessment Information security logistic regression statistics model influence diagrams IDS Network forensic |
| url | https://revistas.uan.edu.co/index.php/ingeuan/article/view/414 https://repositorio.uan.edu.co/handle/123456789/10477 |
| work_keys_str_mv | AT casanovaandres quantitativemodelinsecurityinformaticsriskassessment AT casanovaandres modelodeevaluacioncuantitativaderiesgosenseguridadinformatica |
