1. bookVolume 14-15 (2010): Issue 2010 (December 2010)
Journal Details
License
Format
Journal
eISSN
2083-4608
ISSN
1895-8281
First Published
26 Feb 2008
Publication timeframe
4 times per year
Languages
English
access type Open Access

Use of the Utility Tree Technique in Process of Treats Analysis for Information Security in Information and Communication Systems

Published Online: 04 Aug 2010
Volume & Issue: Volume 14-15 (2010) - Issue 2010 (December 2010)
Page range: 289 - 298
Journal Details
License
Format
Journal
eISSN
2083-4608
ISSN
1895-8281
First Published
26 Feb 2008
Publication timeframe
4 times per year
Languages
English
Use of the Utility Tree Technique in Process of Treats Analysis for Information Security in Information and Communication Systems

This paper describes a technique of utility tree, which can be used in process of risk analysis for information security in information and communication systems. The technique uses connections between vulnerabilities of a system's element, a frequency of an event incidence (which exploits the vulnerability) and its the importance of such events for information security. It also describes and evaluates the influence of an event on information and communication system. The technique uses a qualitative risks assessment, which makes it simple in use.

Keywords

Białas A.: Bezpieczeństwo informacji i usług we współczesnej firmie i instytucji, WNT, Warszawa 2006.Search in Google Scholar

Hayakin S.: Systemy telekomunikacyjne t.1, Wydawnictwa Komunikacji i Łączności, Warszawa 2004.Search in Google Scholar

International Standard ISO/IEC TR 13335-1 Information technology - guidelines for management of IT security - Part 1: Concept and models for IT security - International Standard Organization, Geneva 1996.Search in Google Scholar

International Standard ISO/IEC 15408-1- Information Technology. Security techniques - Evaluation criteria for IT security. Part I. Introduction and general model, Second edition, International Standard Organization, Geneva 2005.Search in Google Scholar

Polska Norma PN-ISO/IEC 17799:2007 Technika Informatyczna. Techniki bezpieczeństwa. Praktyczne zasady zarządzania bezpieczeństwem informacji, PKN, Warszawa 2007.Search in Google Scholar

Liderman K.: Analiza ryzyka i ochrona informacji w systemach komputerowych, PWN, Warszawa 2008.Search in Google Scholar

Liderman K.: Wykorzystanie drzewa zagrożeń w analizie ryzyka, [w:] Bezpieczeństwo teleinformatyczne. Aspekty techniczne i prawne, red. K. Liderman, Wojskowa Akademia Techniczna, Warszawa 2006.Search in Google Scholar

Small and Midsized Businesses Aware of Security Risks, But Not Doing All They Can to Protect Information. While SMBs understand security risks, a high percentage have failed to enact basic safeguards [on-line access] http://www.symantec.com/about/news/release/article.jsp?prid=20090409_01Search in Google Scholar

Ustawa o ochronie informacji niejawnych, Dz.U.1999 nr 11 poz. 95 nr z dn. 22 stycznia 1999 r. z póź. ZmianamiSearch in Google Scholar

Ustawa o ochronie danych osobowych, Dz. U. 1997 nr 133 poz. 833 z dn. 29 sierpnia 1997 r. Z póź. zmianamiSearch in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo