Quantitative Model in Security Informatics Risk Assessment

This paper shows the importance of approaching in security Risk Assessment (RA) about Quantitative model in Risk Management. The RA has been calculated with qualitative method by different framework, for example: RISK IT FRAMEWORK (COBIT Component) [7], OCTAVE – ALLEGRO [8], MAGERIT V3 [9], FAIR [4]...

Full description

Autores:: Casanova, Andrés

Tipo de recurso:: Article of journal

Fecha de publicación:: 2016

Institución:: Universidad Antonio Nariño

Repositorio:: Repositorio UAN

Idioma:: spa

id	UAntonioN2_2eed93513ac0c4e1a6a6d33915b8eeb7
oai_identifier_str	oai:repositorio.uan.edu.co:123456789/3972
network_acronym_str	UAntonioN2
network_name_str	Repositorio UAN
repository_id_str
spelling	Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)Acceso abiertohttps://creativecommons.org/licenses/by-nc-sa/4.0/info:eu-repo/semantics/openAccesshttp://purl.org/coar/access_right/c_abf2Casanova, Andrés2021-06-16T13:53:19Z2021-06-16T13:53:19Z2016-02-24http://revistas.uan.edu.co/index.php/ingeuan/article/view/414http://repositorio.uan.edu.co/handle/123456789/3972This paper shows the importance of approaching in security Risk Assessment (RA) about Quantitative model in Risk Management. The RA has been calculated with qualitative method by different framework, for example: RISK IT FRAMEWORK (COBIT Component) [7], OCTAVE – ALLEGRO [8], MAGERIT V3 [9], FAIR [4], ISO 27005 [11], NIST800-30 [3]. All frameworks included in the scope the Risk Assessment; however this is more qualitative than quantitative. In this work, we propose a methodology to support the implementation and execution risk management, using quantitative risk assessment method. The methodology is based on three components: secure capture logs (apply networks forensic technical), likelihood risk or log analysis with logistic regression and risk assessment with influence diagrams.El artículo presenta el desarrollo de un proyecto orientado hacia la evaluación de un modelado que permita a los profesionales en seguridad informática, fundamentar la evaluación de riesgos de seguridad sobre bases de estimación cuantitativas, soportándose para ello en herramientas tales como: Regresión logística, Diagramas de Influencia y Network Forensic, que permitan capturar datos de volúmenes de transacciones (archivos tipo LOG), garantizando su integridad y seguridad de dicha información, con el fin de  llegar a cálculos de probabilidad numérica, sobre escenarios de riesgo detectados en los logs transaccionales y en las trazas que dejan los registros en un IDS SNORT.application/pdfspaUniversidad Antonio Nariñohttp://revistas.uan.edu.co/index.php/ingeuan/article/view/414/3492346-14462145-0935INGE@UAN - TENDENCIAS EN LA INGENIERÍA; Vol. 6 Núm. 11 (2015)Risk AssessmentInformation securitylogistic regression statistics modelinfluence diagramsIDSNetwork forensicAnálisis Forense LogsSeguridad informáticaEvaluación de riesgosRegresión logísticaDiagramas de influenciasQuantitative Model in Security Informatics Risk AssessmentModelo de Evaluación Cuantitativa de Riesgos en Seguridad Informáticainfo:eu-repo/semantics/publishedVersionhttp://purl.org/coar/resource_type/c_6501http://purl.org/coar/resource_type/c_2df8fbb1info:eu-repo/semantics/articlehttp://purl.org/coar/version/c_970fb48d4fbd8a85123456789/3972oai:repositorio.uan.edu.co:123456789/39722024-10-09 22:43:50.336https://creativecommons.org/licenses/by-nc-sa/4.0/Acceso abiertometadata.onlyhttps://repositorio.uan.edu.coRepositorio Institucional UANalertas.repositorio@uan.edu.co
dc.title.en-US.fl_str_mv	Quantitative Model in Security Informatics Risk Assessment
dc.title.es-ES.fl_str_mv	Modelo de Evaluación Cuantitativa de Riesgos en Seguridad Informática
title	Quantitative Model in Security Informatics Risk Assessment
spellingShingle	Quantitative Model in Security Informatics Risk Assessment Risk Assessment Information security logistic regression statistics model influence diagrams IDS Network forensic Análisis Forense Logs Seguridad informática Evaluación de riesgos Regresión logística Diagramas de influencias
title_short	Quantitative Model in Security Informatics Risk Assessment
title_full	Quantitative Model in Security Informatics Risk Assessment
title_fullStr	Quantitative Model in Security Informatics Risk Assessment
title_full_unstemmed	Quantitative Model in Security Informatics Risk Assessment
title_sort	Quantitative Model in Security Informatics Risk Assessment
dc.creator.fl_str_mv	Casanova, Andrés
dc.contributor.author.spa.fl_str_mv	Casanova, Andrés
dc.subject.en-US.fl_str_mv	Risk Assessment Information security logistic regression statistics model influence diagrams IDS Network forensic
topic	Risk Assessment Information security logistic regression statistics model influence diagrams IDS Network forensic Análisis Forense Logs Seguridad informática Evaluación de riesgos Regresión logística Diagramas de influencias
dc.subject.es-ES.fl_str_mv	Análisis Forense Logs Seguridad informática Evaluación de riesgos Regresión logística Diagramas de influencias
description	This paper shows the importance of approaching in security Risk Assessment (RA) about Quantitative model in Risk Management. The RA has been calculated with qualitative method by different framework, for example: RISK IT FRAMEWORK (COBIT Component) [7], OCTAVE – ALLEGRO [8], MAGERIT V3 [9], FAIR [4], ISO 27005 [11], NIST800-30 [3]. All frameworks included in the scope the Risk Assessment; however this is more qualitative than quantitative. In this work, we propose a methodology to support the implementation and execution risk management, using quantitative risk assessment method. The methodology is based on three components: secure capture logs (apply networks forensic technical), likelihood risk or log analysis with logistic regression and risk assessment with influence diagrams.
publishDate	2016
dc.date.issued.spa.fl_str_mv	2016-02-24
dc.date.accessioned.none.fl_str_mv	2021-06-16T13:53:19Z
dc.date.available.none.fl_str_mv	2021-06-16T13:53:19Z
dc.type.coar.fl_str_mv	http://purl.org/coar/resource_type/c_2df8fbb1
dc.type.version.spa.fl_str_mv	info:eu-repo/semantics/publishedVersion
dc.type.coar.spa.fl_str_mv	http://purl.org/coar/resource_type/c_6501
dc.type.driver.spa.fl_str_mv	info:eu-repo/semantics/article
dc.type.coarversion.none.fl_str_mv	http://purl.org/coar/version/c_970fb48d4fbd8a85
format	http://purl.org/coar/resource_type/c_6501
status_str	publishedVersion
dc.identifier.none.fl_str_mv	http://revistas.uan.edu.co/index.php/ingeuan/article/view/414
dc.identifier.uri.none.fl_str_mv	http://repositorio.uan.edu.co/handle/123456789/3972
url	http://revistas.uan.edu.co/index.php/ingeuan/article/view/414 http://repositorio.uan.edu.co/handle/123456789/3972
dc.language.iso.spa.fl_str_mv	spa
language	spa
dc.relation.none.fl_str_mv	http://revistas.uan.edu.co/index.php/ingeuan/article/view/414/349
dc.rights.none.fl_str_mv	Acceso abierto
dc.rights.license.spa.fl_str_mv	Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)
dc.rights.uri.spa.fl_str_mv	https://creativecommons.org/licenses/by-nc-sa/4.0/
dc.rights.accessrights.spa.fl_str_mv	info:eu-repo/semantics/openAccess
dc.rights.coar.spa.fl_str_mv	http://purl.org/coar/access_right/c_abf2
rights_invalid_str_mv	Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) Acceso abierto https://creativecommons.org/licenses/by-nc-sa/4.0/ http://purl.org/coar/access_right/c_abf2
eu_rights_str_mv	openAccess
dc.format.none.fl_str_mv	application/pdf
dc.publisher.spa.fl_str_mv	Universidad Antonio Nariño
dc.source.none.fl_str_mv	2346-1446 2145-0935
dc.source.es-ES.fl_str_mv	INGE@UAN - TENDENCIAS EN LA INGENIERÍA; Vol. 6 Núm. 11 (2015)
institution	Universidad Antonio Nariño
repository.name.fl_str_mv	Repositorio Institucional UAN
repository.mail.fl_str_mv	alertas.repositorio@uan.edu.co
_version_	1812928311742955520

Quantitative Model in Security Informatics Risk Assessment

Publicaciones similares