سال انتشار: ۱۳۹۰

محل انتشار: پنجمین کنفرانس بین المللی پیشرفتهای علوم و تکنولوژی

تعداد صفحات: ۱۱

نویسنده(ها):

Esmat Ali Mohammad Malayeri – Islamic Azad- NorthTehran Branch, Tehran Iran
Nasser Modiri –
Sam Jabbehdari –

چکیده:

Organizations are always facing different threats related to their informational possessions; however, they are extremely dependent to these possessions. Most informational systems are not basically safe and technical solutions are only a small part of the community solutions of comprehensive informational security, so Informational gathering is a necessary task and all organizations should recognize and know the threatening areas which potentially threaten them to do so.These threatening areas are determined via systematic analysis and security risks evaluation. And by recognizing the risks areas, suitable controls will be chosen in order to reduce the identified risks effects.So far, different methods and standards have been introduced to assess security, but none of them presents a systematic framework and method for assessing security and security risk optimum reduction.In this article a framework is presented to evaluate shortcomings, holes and security risks along with an algorithm for optimum choice of risks reduction controls.In the proposed framework standards and methods such as ISO/IEC 15408 Common Criteria for Information Technology Security Evaluation, ISO/IEC 17799, ISO/IEC 27002 security standards, Microsoft threatening model process and Use Case Function Point are used