Prethodno priopćenje
INFORMATION SYSTEM SECURITY THREATS CLASSIFICATIONS
Sandro Gerić
; Faculty of organization and informatics University of Zagreb, Varaždin, Croatia
Željko Hutinski
; Faculty of organization and informatics University of Zagreb, Varaždin, Croatia
Sažetak
Information systems are exposed to different types of security risks. Theconsequences of information systems security (ISS) breaches can vary from e.g. damaging the data base integrity to physical "destruction" of entire information system facilities, and can result with minor disruptions in less important segments of information systems, or with significant interruptions in information systems functionality. The sources of security risks are different, and can origin from inside or outside of information system facility, and can be intentional or unintentional. The precise calculation of loses caused by such incidents is often not possible because a number of small scale ISS incidents are never detected, or detected with a significant time delay, a part of incidents are interpreted as an accidental mistakes, and all that results with an underestimation of ISS risks. This paper addresses the different types and criteria of information system security risks (threats) classification and gives an overview of most common classifications used in literature and in practice. We define a common set of criteria that can be used for information system security threats classification, which will enable the comparison and evaluation of different security threats from different security threats classifications.
Ključne riječi
information system security; ISS; security risk; threat; classification; criteria
Hrčak ID:
21445
URI
Datum izdavanja:
12.6.2007.
Posjeta: 5.525 *