|
== A Reference Model of Information Assurance and Security (RMIAS) == The RMIAS.〔Cherdantseva, Y.; Hilton, J., "A Reference Model of Information Assurance & Security," Availability, Reliability and Security (ARES), 2013 Eighth International Conference on , pp.546-555, 2-6 Sept. 2013 doi: 10.1109/ARES.2013.72〕 is a comprehensive overview of the Information Assurance and Security domain. The RMIAS promotes a comprehensive approach to Information Assurance and Security. It is independent of technology and may be applied by an organisation of any size in any domain. The RMIAS has been developed on the basis of the extensive analysis of the Information Security (InfoSec) and Information Assurance (IA) literature,〔Cherdantseva Y. and Hilton J. "Information Security and Information Assurance. The Discussion about the Meaning, Scope and Goals,” F. Almeida, and I. Portela (eds.), Organizational, Legal, and Technological Dimensions of IS Administrator. IGI Global Publishing. September, 2013.〕 survey of InfoSec and IA practitioners〔Cherdantseva Y. and Hilton J. "The 2011 Survey of Information Security and Information Assurance Professionals: Findings,” F. Almeida, and I. Portela (eds.), Organizational, Legal, and Technological Dimensions of IS Administrator. IGI Global Publishing. September, 2013.〕 and a systematic analysis of the existing models of InfoSec and IA. The RMIAS is a synthesis of the existing knowledge of the IAS domain. Some of the models of InfoSec and IA that lay in the foundation of the RMIAS are the CIA-triad, McCumber's Cube and Maconachy et al. Model of IA. The RMIAS has implications for education, research and practice. The RMIAS may be used for the development of Information Security Policy Document, its structuring and omissions identification.〔 The RMIAS may be used for structuring InfoSec thinking in an organisation. It provides a framework for cataloguing the existing research in the domain. The RMIAS enables newcomers to the IAS domain to get faster appreciation of the complexity and diverse nature of the domain. The RMIAS encompasses four dimensions: Security Development Life Cycle; Information Taxonomy, Security Goals and Security Countermeasures Dimensions.〔 The interconnections between the dimensions are illustrated with arrows. The RMIAS embraces as one of its dimensions the IAS-octave - a set of eight security goals including Confidentiality, Integrity, Availability, Accountability, Non-repudiation, Auditability, Authenticity & Trustworthiness and Privacy. The IAS-octave replaces the CIA-triad as a comprehensive set of security goals.〔Salnitri, M., Dalpiaz F., and Giorgini P.. "Modeling and verifying security policies in business processes." Enterprise, Business-Process and Information Systems Modeling. Springer Berlin Heidelberg, 2014. 200-214.〕 The IAS-octave was developed based on the extensive analysis of IAS and system engineering literature, and evaluated via interviews with IAS experts. The RMIAS was adopted as basis for a security extension for BPMN.〔Salnitri, Mattia, and Paolo Giorgini. "Modeling and Verification of ATM Security Policies with SecBPMN."〕〔Salnitri, Mattia, and Paolo Giorgini. "Transforming Socio-Technical Security Requirements in SecBPMN Security Policies."〕 The aspect of security related to cloud computing were identified using the RMIAS.〔Zalazar et al.. "Aspectos Contractuales de Cloud Computing." CIIDDI 2014 http://www.ciiddi.org/congreso2014/〕 The RMIAS is published under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Reference Model of Information Assurance and Security」の詳細全文を読む スポンサード リンク
|