Litcius/Paper detail

GoSafe: On the practical characterization of the overall security posture of an organization information system using smart auditing and ranking

Jamal N. Al‐Karaki, Amjad Gawanmeh, Sanaa Elyassami

2020Journal of King Saud University - Computer and Information Sciences29 citationsDOIOpen Access PDF

Abstract

The lack of national security standardization bodies can have adverse impact on the adoption of international security standards and best practices. To assure security confidence among various organizations and to promote systematic adoption of standards and best standards, a practical framework that can support comparative measures is needed. . This paper presents GoSafe, a novel practical cybersecurity assessment framework that is tailored to the ISO 2700x standard requirements for the development of Information Security Management System (ISMS). GoSafe can be used for both self-assessment and auditing/scoring tool by national cybersecurity authorities. Using GoSafe, organizations can evaluate their existing information security management systems against local and international standards by utilizing built-in pre-audit tools. As such, GoSafe will help organizations evaluate and enhance their readiness for evolving risks and threats. In GoSafe framework, a novel mathematical model was also designed and implemented for the scoring/rating tool, namely, the national cyber security index (aeNCI). The aeNCI employs multiple parameters to determine the maturity of existing cybersecurity programs at national organizations and generate a classification and comparison reports. The efficacy of GoSafe proposed framework is demonstrated using a practical case study. The results enabled the stakeholder to verify the security configuration of their systems and identify potential attack/risk vectors.

Topics & Concepts

AuditStandardizationComputer scienceInformation security management systemComputer securityInformation security managementInformation securityCapability Maturity ModelInformation security auditMaturity (psychological)Information security standardsStakeholderSecurity information and event managementRanking (information retrieval)Best practiceSecurity managementProcess managementRisk analysis (engineering)Security serviceBusinessAccountingCloud computing securityNetwork security policySoftwareMachine learningDevelopmental psychologyPublic relationsOperating systemEconomicsManagementCloud computingProgramming languagePsychologyPolitical scienceInformation and Cyber SecurityNetwork Security and Intrusion DetectionInformation Technology Governance and Strategy
GoSafe: On the practical characterization of the overall security posture of an organization information system using smart auditing and ranking | Litcius