By Topic

An approach to assessment modeling and system designing of risk management in EIP

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Shin-Jer Yang ; Dept. of Comput. Sci. & Inf. Manage., Soochow Univ., Taipei, Taiwan ; Yung-Ming Hsieh ; Yu-Lung Lin

Today, the Internet technology development and their applications have become increasingly popular. Hence, the WWW technology brings the rising of Enterprise Information Portal (EIP). However, providing a secure Enterprise Information Portal is one of essential quality of services (QoS) in Internet applications. Focusing on the security of EIP, the purposes of this paper are to find out various risk facets based on ISO 27001 reference standards and the ISMS process and also utilize AHP model to validate the factors of each risk facet. It will refine and validate required factors of each risk facet through experts specialized in designing and implementing a secure EIP system. Then, we will establish a risk management assessment model of EIP and design its algorithm. Finally, we develop an evaluation system and also perform experiments to verify and validate the risk management of EIP. According to the risk value, it will refine the risk level to verify and validate the security of EIP. According to the experimental result, our proposed assessment model and evaluation system of EIP risk management can be served as the guidelines of implementing any a secure Web application.

Published in:

Communication Technology (ICCT), 2010 12th IEEE International Conference on

Date of Conference:

11-14 Nov. 2010