{"title":"IT风险评估和渗透测试:IT控制验证技术的比较分析","authors":"Marcin Jekot, M. Niemiec","doi":"10.1109/DT.2016.7557160","DOIUrl":null,"url":null,"abstract":"The ongoing digitalization in the business world has led to a situation where information technology security forms an integral part of all enterprises. The need for comparable and measurable methods has resulted in the development of numerous standardized activities that can be undertaken in order to estimate the exposure to existing threats. In this paper, we present various approaches to the verification, evaluation and confirmation of the operational effectiveness of security controls implemented in complex IT systems. Individual techniques are represented by IT risk assessments and penetration tests. We analyze them from a theoretical perspective, and present records of case studies conducted. As a result, we are able to verify how these activities can be applied in real-world IT environments. The results of our work mean we can conduct further investigation into finding the optimal approach to the problem of ensuring sufficient security whilst preserving an acceptable risk-business trade off.","PeriodicalId":281446,"journal":{"name":"2016 International Conference on Information and Digital Technologies (IDT)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2016-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"IT risk assessment and penetration test: Comparative analysis of IT controls verification techniques\",\"authors\":\"Marcin Jekot, M. Niemiec\",\"doi\":\"10.1109/DT.2016.7557160\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The ongoing digitalization in the business world has led to a situation where information technology security forms an integral part of all enterprises. The need for comparable and measurable methods has resulted in the development of numerous standardized activities that can be undertaken in order to estimate the exposure to existing threats. In this paper, we present various approaches to the verification, evaluation and confirmation of the operational effectiveness of security controls implemented in complex IT systems. Individual techniques are represented by IT risk assessments and penetration tests. We analyze them from a theoretical perspective, and present records of case studies conducted. As a result, we are able to verify how these activities can be applied in real-world IT environments. The results of our work mean we can conduct further investigation into finding the optimal approach to the problem of ensuring sufficient security whilst preserving an acceptable risk-business trade off.\",\"PeriodicalId\":281446,\"journal\":{\"name\":\"2016 International Conference on Information and Digital Technologies (IDT)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-07-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 International Conference on Information and Digital Technologies (IDT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DT.2016.7557160\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 International Conference on Information and Digital Technologies (IDT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DT.2016.7557160","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
IT risk assessment and penetration test: Comparative analysis of IT controls verification techniques
The ongoing digitalization in the business world has led to a situation where information technology security forms an integral part of all enterprises. The need for comparable and measurable methods has resulted in the development of numerous standardized activities that can be undertaken in order to estimate the exposure to existing threats. In this paper, we present various approaches to the verification, evaluation and confirmation of the operational effectiveness of security controls implemented in complex IT systems. Individual techniques are represented by IT risk assessments and penetration tests. We analyze them from a theoretical perspective, and present records of case studies conducted. As a result, we are able to verify how these activities can be applied in real-world IT environments. The results of our work mean we can conduct further investigation into finding the optimal approach to the problem of ensuring sufficient security whilst preserving an acceptable risk-business trade off.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
