مشخصات مقاله:
عنوان فارسی مقاله:
بهبود تحلیل ریسک امنیتی اطلاعات از جمله مدلهای پیش بینی کننده وقوع تهدید
عنوان انگلیسی مقاله:
Improving information security risk analysis by including threat-occurrence predictive models
کلمات کلیدی مقاله:
امنیت اطلاعات، تحلیل ریسک، رگرسیون SVM، رگرسیون لجستیک، مدل های پیش بینی کننده، مگریت، مقصر
کلمات کلیدی انگلیسی:
Information security – Risk analysis – SVM regression – Logistic regression – Predictive models – Magerit – Secitor
مناسب برای رشته های دانشگاهی زیر:
مهندسی کامپیوتر
مناسب برای گرایش های دانشگاهی زیر:
امنیت اطلاعات
وضعیت مقاله انگلیسی و ترجمه:
مقاله انگلیسی را میتوانید به صورت رایگان با فرمت PDF با کلیک بر روی دکمه آبی، دانلود نمایید. برای ثبت سفارش ترجمه نیز روی دکلمه قرمز رنگ کلیک نمایید. سفارش ترجمه نیازمند زمان بوده و ترجمه این مقاله آماده نمیباشد و پس از اتمام ترجمه، فایل ورد تایپ شده قابل دانلود خواهد بود.
فهرست مطالب:
Abstract
Keywords
1. Introduction
2. Related works
3. Proposed information security risk analysis model
3.1. Magerit computational model
3.2. Proposed computational model
4. Results
4.1. Case description
4.2. Obtaining threat models
4.2.1. Logistic regression
4.2.2. SVM regression
4.3. Validating threat models
4.3.1. Logistic regression validation
4.3.2. SVM regression validation
4.4. Probabilities and frequency computing
4.5. Discussion
5. Conclusions
Declaration of Competing Interest
Acknowledgment
References
قسمتی از مقاله انگلیسی:
1. Introduction
The information and communication technologies (ICTs) are essential resources for our society nowadays, and, with vast amounts of data saved or sent through the Internet daily, protection becomes a priority. This issue concerns all kinds of organizations, including the home and work environments, where information is crucial to the proper development of business activities. Files with confidential information, and the media where they are stored or through which they are sent are critical points for the safeguarding of assets. Different information security risk analysis methodologies have been developed to study and evaluate the security measures used to protect data and how different events could affect information assurance (Fredriksen et al., 2002; Peltier, 2010; Shameli-Sendi et al., 2016; Suh and Han, 2003; Yazar, 2002). Traditional methodologies base their risk calculations on historical data, using threatoccurrence frequency as one of the input parameters. However, as new safeguards are implemented and the vulnerability potential changes, previously frequent threats may cease to be so. Hence, an interesting approach would be to explore the use of predictive algorithms to estimate threats’ frequency (and, hence, risk levels), i.e., to focus on what could happen in the future rather than review what has happened in the past. The main goal of this work is to include a threat-occurrence predictive module in the risk analysis process that takes into account the current state of the system- in particular, the current state of vulnerabilities affecting the system- in order to improve risk computation, and so identify the most critical risks. The aim is to develop better and more efficient safeguards that can reduce losses to businesses by improving information security, once the most risky assets are identified.