Design and Implementation of a Comprehensive Information Security Risk Management Tool based on Multi-agents Systems
Mohamed Ghazouani, Hicham Medromi and Laila Moussaid. Design and Implementation of a Comprehensive Information Security Risk Management Tool based on Multi-agents Systems. International Journal of Applied Information Systems 12(7):1-8, October 2017. URL, DOI BibTeX
@article{10.5120/ijais2017451711, author = "Mohamed Ghazouani and Hicham Medromi and Laila Moussaid", title = "Design and Implementation of a Comprehensive Information Security Risk Management Tool based on Multi-agents Systems", journal = "International Journal of Applied Information Systems", issue_date = "October 2017", volume = 12, number = 7, month = "October", year = 2017, issn = "2249-0868", pages = "1-8", url = "http://www.ijais.org/archives/volume12/number7/1003-2017451711", doi = "10.5120/ijais2017451711", publisher = "Foundation of Computer Science (FCS), NY, USA", address = "New York, USA" }
Abstract
While there are many framework that help users in Governance, Risk, and Compliance (GRC), we know of none which actually try to automate the process by using multi agent systems. The Team of Systems’ Architecture proposes an integrated IT GRC architecture for a high level IT GRC management. This article focuses on IT Risk topic and presents a new approach for a multi-agent expert system, where managers of IT GRC can in an intelligent manner specify the IT needs following the strategic directives through a questionnaire about specific business goals. The key element that differentiates this research from the previous ones is that none of them are based on multi-agents system. The system was verified on concrete example. Future works consists on realizing a practical example of the proposed subsystem on real company systems that are involved in the research in order to overcomes obstacles and achieve IT organization objectives.
Reference
- Information-Technology—Security techniques— Information security risk management. INTERNATIONAL STANDARD ISO/IEC 27005 First edition 2008.
- KOUNS, Jake and MINOLI, Daniel. Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams. John Wiley & Sons, 2011.
- TALABIS, Mark et MARTIN, Jason. Information Security Risk Assessment Toolkit: Practical Assessments Through Data Collection and Data Analysis. Newnes, 2012.
- DOUSH, Iyad Abu. MULTI-AGENT SYSTEMS MODELING, CONTROL, PROGRAMMING, SIMULATIONS AND APPLICATIONS. 2011.
- RUSSELL, Stuart J. et NORVIG, Peter. Artificial intelligence: a modern approach. 2009.
- WOOLDRIDGE, Michael et JENNINGS, Nicholas R. Intelligent agents: Theory and practice. The knowledge engineering review, 1995, vol. 10, no 02, p. 115-152.
- BURKEY, Roxanne and BREAKFIELD, Charles V. (ed.). Designing a Total Data Solution: Technology, Implementation, and Deployment. CRC Press, 2000.
- CARDOSO, Rui Costa et FREIRE, Mário Marques. SAPA: software agents for prevention and auditing of security faults in networked systems. In: Information Networking. Convergence in Broadband and Mobile Networking. Springer Berlin Heidelberg, 2005. p. 80-88.
- MORADIAN, Esmiralda et HÅKANSSON, Anne. Approach to solving security problems using meta-agents in multi agent system. In: Agent and Multi-Agent Systems: Technologies and Applications. Springer Berlin Heidelberg, 2008. p. 122-131.
- PRUSIEWICZ, Agnieszka. A multi-agent system for computer network security monitoring. In: Agent and Multi-Agent Systems: Technologies and Applications. Springer Berlin Heidelberg, 2008. p. 842-849.
- Automating System Security Audits. ISACA Journal, volume 1, 2004.
- http://msdn.microsoft.com/en-us/library/ff648641.aspx Improving Web Application Security: Threats and Countermeasures. J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan. Microsoft Corporation
- SAYOUTI, Adil, MEDROMI, Hicham, et MOUTAOUAKIL, Fouad. Autonomous and Intelligent Mobile Systems based on Multi-Agent Systems. In: International Conference on Computing and Control Applications (CCCA). 2011. p. 452-467.
- VASUDEVAN, Vinod. Application Security in the ISO27001 Environment. IT Governance Ltd, 2008.
- SAYOUTI, Adil, MEDROMI, Hicham. Book Chapter in the book MULTI-AGENT SYSTEMS MODELING, CONTROL, PROGRAMMING, SIMULATIONS AND APPLICATIONS. 2011
- MORADIAN, Esmiralda et HÅKANSSON, Anne. Approach to solving security problems using meta-agents in multi agent system. In: Agent and Multi-Agent Systems: Technologies and Applications. Springer Berlin Heidelberg, 2008. p. 122-131.
- CALDER, Alan and WATKINS, Steve G. Information Security Risk Management for ISO27001/ISO27002. It Governance Ltd, 2010.
- Mohamed GHAZOUANI, Hicham MEDROMI, Brahim BOULAFDOUR and Adil SAYOUTI, “A model for an Information security management system (ISMS Tool) based multi agent system.”International Conference on Intelligent Information and Network Technology (IC2INT’13)
- GHAZOUANI, Mohamed, MEDROMI, Hicham, SAYOUTI, Adil, et al. Article: An Integrated use of ISO27005, Mehari and Multi-Agents System in order to Design a Comprehensive Information Security Risk Management Tool}. International Journal of Applied, vol. 7, p. 10-15.
- GHAZOUANI, Mohamed, FARIS, Sophia, MEDROMI, Hicham, et al. Information Security Risk Assessment--A Practical Approach with a Mathematical Formulation of Risk. International Journal of Computer Applications, 2014, vol. 103, no 8.
- https://en.wikipedia.org/wiki/Expert_system last retrieved: December 13th 2015.
- NWIGBO STELLA, N. et CHUKS, Agbo Okechuku. Expert System: A Catalyst in Educational Development in Nigeria. 2011.
Keywords
IT GRC, ISO27005, ISO27001, MEHARI, Multi-agent system (MAS)