Free PDF Ebooks Files @AcrobatPlanet.Com

The limitations of each security technology combined with the growth of cyber attacks impact the efficiency of information security management and increase the activities to be performed by network administrators and security staff. Therefore, there is a need for the increase of automated auditing and intelligent reporting mechanisms for the cyber trust. Intelligent systems are emerging computing systems based on intelligent techniques that support continuous monitoring and controlling plant activities. Intelligence improves an individual’s ability to make better decisions. This paper presents a proposed architecture of an Intelligent System for Information Security Management (ISISM).

The objective of this system is to improve security management processes such as monitoring, controlling, and decision making with an effect size that is higher than an expert in security by providing mechanisms to enhance the active construction of knowledge about threats, policies, procedures, and risks. We focus on requirements and design issues for the basic components of the intelligent system.

The exponential growth of the Internet, the convergence of Internet and wireless multimedia applications and services pose new security challenges (Miller, 2001). Security is a complex system (Volonino, 2004) and must be considered at all points and for each user. Organizations need a systematic approach for information security management that addresses security consistently at every level. They need systems that support optimal allocation of limited security resources on the basis of predicted risk rather than perceived vulnerabilities. However, the security infrastructure of most organizations came about through necessity rather than planning, a reactive-based approach such as detection of vulnerabilities and applying software updates (Cardoso & Freire, 2005) as opposed to a proactive approach (Gordon, Loeb & Lucyshyn, 2003). On the other hand, cyber security plans call for more specific requirements for computer and network security as well as emphasis on the availability of
commercial automated auditing and reporting mechanisms and promotion of products for security assessments and threat management (Chan & Perrig,
2003; Hwang, Tzeng & Tsai, 2003; Leighton, 2004).

Besides technical security controls
(firewalls, passwords, intrusion detection, disaster recovery plans, etc.), security of an organization includes other issues that are typically process and people issues such as policies, training, habits, awareness, procedures, and a variety of other less technical and non-technical issues (Heimerl & Voight,
2005). Security education and awareness has been lagging behind the rapid and widespread use of the new digital infrastructure (Tassabehji, 2005). All these factors make security a process which is based on interdisciplinary techniques (Maiwald, 2004; Mena, 2004). The existing challenges of information security management combined with the lack of scientific understanding of organizations’ behaviors call for better computational systems that support effectiveness of using specific information technologies and new approaches based on intelligent techniques and security informatics as means for coordination and information sharing. Intelligent systems emerged as new software systems to support complex applications. In this paper, we propose the architecture for an Intelligent System for Information Security Management (ISISM) which supports the security processes and infrastructure within an organization. Among these components,intelligent systems include intelligent agents that exhibit a high level of autonomy and function successfully in situations with a high level of uncertainty. The system supports knowledge acquisition that is likely to assist the human user, particularly at deeper levels of comprehension and problem solving for the information security assurance domain.

Download
PDF Ebook Intelligent System for Information Security Management: Architecture and Design Issues