Infosec-Tree Model: An Applied, In-depth, and Structured Information Security Model for Computer and Network Systems

Tipo de publicación: Journal Article

Publicado en: Journal of Internet Technology and Secured Transaction

Autores
  • Villalón, Ricardo
  • Solano, Braulio
  • Marín, Gabriela

Investigadores del CITIC asociados a la publicación
Ricardo Villalón Fonseca
Braulio Solano Rojas
Gabriela Marín Raventós

Proyecto asociado a la publicación
Creación de la Nube Académica Computacional de la UCR (NAC)

Resumen

Information security is a main concern in many fields of computer and information technologies,from software development, or network systems, to new or emerging technologies such as mobile, cloud computing, or social computing. Existing security standards and models usually focus on "what" has to be done about security, but they do not propose "how" to deal with the inherent complexity of assuring modern software systems or network infrastructures. Application of current security standards usually produce large check lists describing security countermeasures, but they lack a structured, in-depth and consistent process to define the information security requirements at different granularity levels of the system. As a consequence, security deployments may miss important security controls. We propose the Infosec-tree Model, a novel methodology with a hierarchical approach to guide that comprehensive assurance process for a computer or network system. Real use cases are presented, by applying our methodology to assure a private cloud being developed at the Universidad de Costa Rica (UCR).

BIBTEXT

Datos bibliográficos
Cita bibliográfica
Infosec-Tree Model: An Applied, In-depth, and Structured Information Security Model for Computer and Network Systems