1. bookVolume 24 (2012): Issue 1 (December 2012)
Journal Details
License
Format
Journal
eISSN
2083-4608
ISSN
1895-8281
First Published
26 Feb 2008
Publication timeframe
4 times per year
Languages
English
access type Open Access

The Use of the Evaluation Method of Software System Architecture to Assess the Impacts on Information Security in Information and Communication Technology Systems / WYKORZYSTANIE METODY OCENY ARCHITEKTURY SYSTEMU INFORMATYCZNEGO DO OCENY SKUTKÓW INCYDENTÓW NA BEZPIECZEŃSTWO INFORMACJI W SYSTEMACH TELEINFORMATYCZNYCH

Published Online: 15 Nov 2013
Volume & Issue: Volume 24 (2012) - Issue 1 (December 2012)
Page range: 59 - 70
Journal Details
License
Format
Journal
eISSN
2083-4608
ISSN
1895-8281
First Published
26 Feb 2008
Publication timeframe
4 times per year
Languages
English
Abstract

In a paper an application of the architecture evaluation method used for prediction the effects of incidents for information security which is inside of Information and Communication Technology (ICT) system is described. As a base, the ATAM method is taken. During the analysis there is shown, that direct use of the ATAM technique is impossible, because it use only one set of data. Use just one view of ICT system is not adequate for measure the influence of incident on information security, which is inside ICT system. A tool which is useful for assessment effects of incidents, is an incidence matrix that presents logical connections between elements of ICT system. Knowledge of logical connections and structures of the messages being exchanged enables an assessment of operation the elements which receive modified messages.

Keywords

Słowa kluczowe

[1] Aven T., Foundation of risk analysis. A Knowledge and Decision - OrientedPerspective, John Wiley & Sons Ltd, Chichester, West Sussex 2003, England.Search in Google Scholar

[2] Bass L., Clements P., Kazman R., Software architecture, Second edition, Helion Publishing, Gliwice 2011, (polish translation).Search in Google Scholar

[3] Białas A., Bezpieczeństwo informacji i usług we współczesnej firmie, WNT, Warszawa 2006. (in polish)Search in Google Scholar

[4] Jóźwiak I.J, Szleszyński A., The specification requirements for informationsecurity collected and proceeded in the server's operation system, Pomiary, Automatyka, Kontrola, PAK Publishing, Warszawa 2011, pp.1075-1078. (in polish).Search in Google Scholar

[5] Jóźwiak I.J, Szleszyński A., Use of the Utility Tree Technique in Process ofThreats Analysis for Information Security in Information and CommunicationSystems, Journal of KONBiN No 2,3(14,15)2010, Warszawa 2010, pp. 297-306.10.2478/v10040-008-0186-4Search in Google Scholar

[6] Kazman R., Klein M., Clements P., ATAM: Method for Architecture Evaluation,Technical report, CMU/SEI-2000-TR004,ESC-TR-2000-004, Carnegie Mellon Software Engineering Institute, Pitsburgh, PA 15213-3850.10.21236/ADA382629Search in Google Scholar

[7] Kuchta D., Szleszyński A., Witkowski M., Metodyka opracowania scenariuszyprzebiegu incydentów w bezpieczeństwie systemu, wykorzystywanych wzarządzaniu bezpieczeństwem informacji w wojskowych systemachteleinformatycznych, Praca naukowo - badawcza, WSOWL, Wrocław 2012. (in polish)Search in Google Scholar

[8] Larman C., UML i wzorce projektowe. Analiza i projektowanie obiektowe oraziteracyjny model wytwarzania aplikacji. Wydanie trzecie, Helion, Gliwice 2011.Search in Google Scholar

[9] Polish Standard PN ISO/IEC 17799:2007 Information Technology. Securitytechniques. The practical guide for information security management, PKN, Warszawa 2007(in polish).Search in Google Scholar

[10] Polska norma PN-I-13335-1. Technika informatyczna. Wytyczne do zarządzaniabezpieczeństwem systemów informatycznych. Pojęcia i modele bezpieczeństwasystemów informatycznych, PKN, Warszawa 1999.Search in Google Scholar

[11] Liderman K., Risk analysis and protection of information in computer systems, PWN, Warszawa 2008. (in polish).Search in Google Scholar

[12] Wilson R. J., Introduction to Graph Theory. Fourth Edition, Pearson Education Limited, Essex 1996.Search in Google Scholar

[13] Wolaniuk L., Szleszyński A., Metodyka szacowania ryzyka bezpieczeństwainformacji wojskowego polowego systemu teleinformatycznego. Etap I:Wykorzystanie drzewa użyteczności do analizy ryzyka dla bezpieczeństwainformacji w wojskowym polowym systemie teleinformatycznym, WSOWL, Wrocław 2010. (in polish). Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo