Sign In
Not register? Register Now!
Essay Available:
You are here: HomeAnnotated BibliographyTechnology
Pages:
4 pages/≈1100 words
Sources:
Level:
APA
Subject:
Technology
Type:
Annotated Bibliography
Language:
English (U.S.)
Document:
MS Word
Date:
Total cost:
$ 21.6
Topic:

The Challenges Facing Proper Implementation of Information Assurance Assessment and Evaluations in Enterprises (Annotated Bibliography Sample)

Instructions:

Annotated bibliography on the Challenges Facing Proper Implementation of Information Assurance Assessment and Evaluations in Enterprises

source..
Content:

The Challenges Facing Proper Implementation of Information Assurance Assessment and Evaluations in Enterprises
Name
Institution
The Challenges Facing Proper Implementation of Information Assurance Assessment and Evaluations in Enterprises
Beres, Y. (2009). Using security metrics coupled with predictive modelling and simulation to assess security processes. In Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement (564-573). IEEE Computer Society.
The authors discuss the various challenges faced by decision-makers and security practitioners when deciding about the level of security protection needed for their information systems. Practitioners are usually concerned about the level of protection due to their high investments in their businesses. They find it hard to protect information in environments where the threats, regulation, and security protection policies keep changing. The authors propose the measures that can be adopted to increase the level of information security in information assessment systems. They emphasize the need to implement process-based metrics instead of the symptomatic lagging indicators that are common in many organizations. They show how the process-based metrics can be combined with predictive, executable models based on sound mathematical formulas. They argue that it is important to test information protection systems by subjecting them to vulnerable situations to see how they can perform in case of future attacks. The authors present two case-studies which focus on the areas of identity and access management, and vulnerably threats to show how simulation-based models can be used to strengthen information systems. They explore potential threat situations and come up with effective solutions on how the threats can be redressed. They defend their approach to information protection because it enables organizations to apply the security metrics that are more favourable to their organizations.
Jansen, W. (2010). Directions in security metrics research. DIANE Publishing.
The authors present a comprehensive analysis of the effectiveness of security metrics in protecting information systems. They criticize the fact that there is a lot of literature on the use of security metrics but there is little literature on whether security metrics are actually successful in implementation. They emphasize the importance of information security metrics when making critical decisions about the various security aspects including the efficiency of security operations and the design of security architecture. In their book, they strive to offer an objective and quantitative basis for security assurance. They classify the importance of security metrics into three broad categories: tactical oversight; quality assurance, and strategic support. Strategic support involves assessing different security feature that aid processes such as service and product selection, resource allocation, and program planning. According to the author, the function of quality assurances comes into play as security metrics can be used in the software development lifecycle to get rid of vulnerabilities. The author emphasizes the importance of security metrics in tracking potential security flaws and vulnerabilities and measurement of adherences to coding standards. The tactical oversight role is for reporting and monitoring of the level of compliance that an IT system has with security requirements.
Ryan, J et al. (2012). Quantifying information security risks using elicitation. Computers & Operations Research, 39(4), 774-784.
The paper begins by explaining the difficulties faced in the information security industry whe...
Get the Whole Paper!
Not exactly what you need?
Do you need a custom essay? Order right now:

Other Topics:

Need a Custom Essay Written?
First time 15% Discount!