期刊名称:International Journal of Computer Science and Network Security
印刷版ISSN:1738-7906
出版年度:2020
卷号:20
期号:6
页码:72-82
出版社:International Journal of Computer Science and Network Security
摘要:Information security risk management is one of the essential tasks currently in ensuring information security. In particular, for e-Government information systems, the assessment and management of security risks through the exploitation of software vulnerabilities, network equipment, etc., allow us to minimize the loss of data and essential information of organizations in e-Government. In this paper, we introduce a holistic approach to assessing information security risks based on both qualitative and quantitative methods for the Vietnamese e-Government. Our model of security risk management is built according to both international standards (ISO 27005-2018, NIST SP800-30r1, SP800-39, SP800-53r4) and Vietnamese standard (TCVN). For the quantitative risk method, we use both CVSS and OWASP scoring standards to quantify information system risks. Besides, the information security risks of the system can also be determined through vulnerability scanners. We also implemented the proposed model in a Web application, called SoC.UET. The experiments we conducted with UET.SoC allowed proving the ability to manage the information security risks holistically for a Ministry or a Province in the Vietnamese e-Government.