Reference Model of Information Assurance and Security

A Reference Model of Information Assurance and Security (RMIAS)

The Reference Model of Information Assurance and Security (RMIAS)[1] is a comprehensive overview of the Information Assurance and Security domain. The RMIAS promotes a comprehensive approach to Information Assurance and Security. It is independent of technology and may be applied by an organisation of any size in any domain.

The RMIAS has been developed on the basis of the extensive analysis of the Information Security (InfoSec) and Information Assurance (IA) literature,[2] survey of InfoSec and IA practitioners[3] and a systematic analysis of the existing models of InfoSec and IA. The RMIAS is a synthesis of the existing knowledge of the IAS domain. Some of the models of InfoSec and IA that lay in the foundation of the RMIAS are the CIA triad, McCumber's Cube and Maconachy et al. Model of IA.

The RMIAS has implications for education, research and practice. The RMIAS may be used for the development of Information Security Policy Document, its structuring and omissions identification.[1] The RMIAS may be used for structuring InfoSec thinking in an organisation. It provides a framework for cataloguing the existing research in the domain. The RMIAS enables newcomers to the IAS domain to get faster appreciation of the complexity and diverse nature of the domain.

The RMIAS encompasses four dimensions: Security Development Life Cycle; Information Taxonomy, Security Goals and Security Countermeasures Dimensions.[1] The interconnections between the dimensions are illustrated with arrows.

The RMIAS embraces as one of its dimensions the IAS-octave - a set of eight security goals including Confidentiality, Integrity, Availability, Accountability, Non-repudiation, Auditability, Authenticity & Trustworthiness and Privacy. The IAS-octave replaces the CIA-triad as a comprehensive set of security goals.[4] The IAS-octave was developed based on the extensive analysis of IAS and system engineering literature, and evaluated via interviews with IAS experts.

The RMIAS was adopted as basis for a security extension for BPMN.[5][6] The aspect of security related to cloud computing were identified using the RMIAS.[7]

The RMIAS is published under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

References

  1. 1 2 3 Cherdantseva, Y.; Hilton, J., "A Reference Model of Information Assurance & Security," Availability, Reliability and Security (ARES), 2013 Eighth International Conference on , pp.546-555, 2-6 Sept. 2013 doi: 10.1109/ARES.2013.72
  2. Cherdantseva Y. and Hilton J. "Information Security and Information Assurance. The Discussion about the Meaning, Scope and Goals,” F. Almeida, and I. Portela (eds.), Organizational, Legal, and Technological Dimensions of IS Administrator. IGI Global Publishing. September, 2013.
  3. Cherdantseva Y. and Hilton J. "The 2011 Survey of Information Security and Information Assurance Professionals: Findings,” F. Almeida, and I. Portela (eds.), Organizational, Legal, and Technological Dimensions of IS Administrator. IGI Global Publishing. September 2013.
  4. Salnitri, M., Dalpiaz F., and Giorgini P.. "Modeling and verifying security policies in business processes." Enterprise, Business-Process and Information Systems Modeling. Springer Berlin Heidelberg, 2014. 200-214.
  5. Salnitri, Mattia, and Paolo Giorgini. "Modeling and Verification of ATM Security Policies with SecBPMN."
  6. Salnitri, Mattia, and Paolo Giorgini. "Transforming Socio-Technical Security Requirements in SecBPMN Security Policies."
  7. Zalazar et al.. "Aspectos Contractuales de Cloud Computing." CIIDDI 2014 http://www.ciiddi.org/congreso2014/
This article is issued from Wikipedia - version of the 11/18/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.