%0 Journal Article
%T System Health Monitoring Using a Novel Method: Security Unified Process
%A Alireza Shameli-Sendi
%A Masoume Jabbarifar
%A Michel Dagenais
%A Mehdi Shajari
%J Journal of Computer Networks and Communications
%D 2012
%I Hindawi Publishing Corporation
%R 10.1155/2012/151205
%X Iterative and incremental mechanisms are not usually considered in existing approaches for information security management System (ISMS). In this paper, we propose SUP (security unified process) as a unified process to implement a successful and high-quality ISMS. A disciplined approach can be provided by SUP to assign tasks and responsibilities within an organization. The SUP architecture comprises static and dynamic dimensions; the static dimension, or disciplines, includes business modeling, assets, security policy, implementation, configuration and change management, and project management. The dynamic dimension, or phases, contains inception, analysis and design, construction, and monitoring. Risk assessment is a major part of the ISMS process. In SUP, we present a risk assessment model, which uses a fuzzy expert system to assess risks in organization. Since, the classification of assets is an important aspect of risk management and ensures that effective protection occurs, a Security Cube is proposed to identify organization assets as an asset classification model. The proposed model leads us to have an offline system health monitoring tool that is really a critical need in any organization. 1. Introduction Information security is a primary requirement in today¡¯s communication world. These requirements are driven either by business need or by regulations. Many organizations find it difficult to derive a framework to define those requirements. In most cases, information has become the vital ¡°asset¡± of businesses and is called ¡°information asset¡± or ¡°intellectual asset¡± [1]. It is essential to protect this asset so as to ensure its confidentiality, integrity, and availability [2]. While preserving these essential protections, the right information should be available to the right people, at the right place and at the right time. It is expected to make the information secure to guarantee that it is correct and available. Also, it can be guaranteed that information is not jeopardized by misuse, which could lead to the loss of business and low performance of regulations. Obviously, information security management plays a very important and crucial role in each organization. The organization is expected to follow certain security compliance regulations and standards, together with the implementation of an information security management infrastructure. Therefore, an appropriate information security infrastructure, which is a vital need for most organizations, must be provided and implemented. Information security standards are helping organizations at
%U http://www.hindawi.com/journals/jcnc/2012/151205/