首页    期刊浏览 2024年11月24日 星期日
登录注册

文章基本信息

  • 标题:Information Security Risk Management by a Holistic Approach: a Case Study for Vietnamese e-Government
  • 本地全文:下载
  • 作者:Ha LE Viet ; On PHUNG Van ; Hoa NGUYEN Ngoc
  • 期刊名称:International Journal of Computer Science and Network Security
  • 印刷版ISSN:1738-7906
  • 出版年度:2020
  • 卷号:20
  • 期号:6
  • 页码:72-82
  • 出版社:International Journal of Computer Science and Network Security
  • 摘要:Information security risk management is one of the essential tasks currently in ensuring information security. In particular, for e-Government information systems, the assessment and management of security risks through the exploitation of software vulnerabilities, network equipment, etc., allow us to minimize the loss of data and essential information of organizations in e-Government. In this paper, we introduce a holistic approach to assessing information security risks based on both qualitative and quantitative methods for the Vietnamese e-Government. Our model of security risk management is built according to both international standards (ISO 27005-2018, NIST SP800-30r1, SP800-39, SP800-53r4) and Vietnamese standard (TCVN). For the quantitative risk method, we use both CVSS and OWASP scoring standards to quantify information system risks. Besides, the information security risks of the system can also be determined through vulnerability scanners. We also implemented the proposed model in a Web application, called SoC.UET. The experiments we conducted with UET.SoC allowed proving the ability to manage the information security risks holistically for a Ministry or a Province in the Vietnamese e-Government.
  • 关键词:Information Security Risks;Security Risk Assessment;Security Risk Control;Security Risk Management.
国家哲学社会科学文献中心版权所有