Universiti Teknologi Malaysia Institutional Repository

Development of metamodel for information security risk management

Mohammed Ba Muqabel, Mohammed Salem (2013) Development of metamodel for information security risk management. Masters thesis, Universiti Teknologi Malaysia, Faculty of Computing.

[img]
Preview
PDF
603kB

Official URL: http://dms.library.utm.my:8080/vital/access/manage...

Abstract

Nowadays, information technology and information system have been used widely in many fields such as in business, education, marketing, transportation, medical and many other fields. In information technology and system field, a security aspect plays a vital role and thus become a challenging issue. Thus security should be ready installed and resistance to various numbers of potential attacks. In Information Security and Information Technology, it is important to decide what countermeasures that could potentially harm the organization from achieving their business objectives. Reducing risk to an acceptable level is among the main target of the risk management process. On other hand, the main reasons to fail in Information Security Risk Management (ISRM) is the complexity and inflexibility of the existing models. Domain modulars usually spend a lot of times to understand the nature of the domain which they desire to model. Even though there are many existing ISRM models appears, but to find a suit model which could provide a straight guideline to the ISRM users based on their own problems are limited. To solve this issue, this project follows seven steps to create a generic metamodel which can describe the semantics of ISRM models and its solutions through one unified model. Then validates ISRM by three validation techniques; Frequency-based Selection, Face validity and Tracing technique. Through the metamodel various risk management problems faced by different levels of ISRM users can be solved based on the problem attributes such as, risk determination specific to a firewall vulnerability problems, risk assessment for an information security project management. Directly, this can help many users/newcomers to this domain to easy understand the concepts required for their own information security risk problem.

Item Type:Thesis (Masters)
Additional Information:Thesis (Sarjana Sains Komputer (Pengawalan Maklumat)) - Universiti Teknologi Malaysia, 2013; Supervisor : Dr. Siti Hajar Othman
Uncontrolled Keywords:computer security, data protection, information technology, security measures
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions:Computing
ID Code:37027
Deposited By: Fazli Masari
Deposited On:09 Mar 2014 08:20
Last Modified:17 Jul 2017 04:30

Repository Staff Only: item control page