期刊名称:Journal of Software Engineering and Applications
印刷版ISSN:1945-3116
电子版ISSN:1945-3124
出版年度:2016
卷号:09
期号:12
页码:601-623
DOI:10.4236/jsea.2016.912041
语种:English
出版社:Scientific Research Publishing
摘要:The integration of organisation’s information security policy into threat modeling enhances effectiveness of security strategies for information security management. These security policies are the ones which define the sets of security issues, controls and organisation’s commitment for seamless integration with knowledge based platforms in order to protect critical assets and data. Such platforms are needed to evaluate and share violations which can create security loop-hole. The lack of rules-based approaches for discovering potential threats at organisation’s context, poses a challenge for many organisations in safeguarding their critical assets. To address the challenge, this paper introduces a Platform for Organisation Security Threat Analytic and Management (POSTAM) using rule-based approach. The platform enhances strategies for combating information security threats and thus improves organisations’ commitment in protecting their critical assets. R scripting language for data visualization and java-based scripts were used to develop a prototype to run on web protocol. MySQL database management system was used as back-end for data storage during threat analytic processes.
