|
Title:
|
A PRACTICAL APPROACH TO ASSSESS INFORMATION SYSTEM SECURTIY LEVEL BY ANALYZING THE PORT SCAN RECORD |
|
Author(s):
|
Vincent Cheng Siong Lee , Lin Yi Shao |
|
ISBN:
|
972-8939-03-5 |
|
Editors:
|
Pedro Isaías, Piet Kommers and Maggie McPherson |
|
Year:
|
2005 |
|
Edition:
|
Single |
|
Keywords:
|
Information system security, IT security investment, Ports scan, IT security levels measurement. |
|
Type:
|
Full Paper |
|
First Page:
|
283 |
|
Last Page:
|
290 |
|
Language:
|
English |
|
Cover:
|
|
|
Full Contents:
|
click to dowload 
|
|
Paper Abstract:
|
Every firm requires an appropriate amount of information system security investment to prevent its vulnerable information losses. Answering how much resources should be invested to protect the right level of information security? is a complex task that needs to consider the business risk of its firm. IT security investment theory suggests a nonlinear relation between IT investment level and three interacting explanatory variables: the individual organizations IT security level, the current IT security environment, and the Information asset of the organization. Estimating or measuring the three explanatory variables is subjective and dependent on the IT security classification. Nevertheless they are crucial for determining IS security decision threshold. In this paper, a practical method is presented on the measurement and analysis of individual organization IT security level from a multidimensional practical perspective using data collected at the ports scan logs. |
|
|
|
|
|
|
