CFP last date
15 July 2024
Reseach Article

Design and Implementation of a Comprehensive Information Security Risk Management Tool based on Multi-agents Systems

by Mohamed Ghazouani, Hicham Medromi, Laila Moussaid
International Journal of Applied Information Systems
Foundation of Computer Science (FCS), NY, USA
Volume 12 - Number 7
Year of Publication: 2017
Authors: Mohamed Ghazouani, Hicham Medromi, Laila Moussaid
10.5120/ijais2017451711

Mohamed Ghazouani, Hicham Medromi, Laila Moussaid . Design and Implementation of a Comprehensive Information Security Risk Management Tool based on Multi-agents Systems. International Journal of Applied Information Systems. 12, 7 ( October 2017), 1-8. DOI=10.5120/ijais2017451711

@article{ 10.5120/ijais2017451711,
author = { Mohamed Ghazouani, Hicham Medromi, Laila Moussaid },
title = { Design and Implementation of a Comprehensive Information Security Risk Management Tool based on Multi-agents Systems },
journal = { International Journal of Applied Information Systems },
issue_date = { October 2017 },
volume = { 12 },
number = { 7 },
month = { October },
year = { 2017 },
issn = { 2249-0868 },
pages = { 1-8 },
numpages = {9},
url = { https://www.ijais.org/archives/volume12/number7/1003-2017451711/ },
doi = { 10.5120/ijais2017451711 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2023-07-05T19:07:34.344196+05:30
%A Mohamed Ghazouani
%A Hicham Medromi
%A Laila Moussaid
%T Design and Implementation of a Comprehensive Information Security Risk Management Tool based on Multi-agents Systems
%J International Journal of Applied Information Systems
%@ 2249-0868
%V 12
%N 7
%P 1-8
%D 2017
%I Foundation of Computer Science (FCS), NY, USA
Abstract

While there are many framework that help users in Governance, Risk, and Compliance (GRC), we know of none which actually try to automate the process by using multi agent systems. The Team of Systems’ Architecture proposes an integrated IT GRC architecture for a high level IT GRC management. This article focuses on IT Risk topic and presents a new approach for a multi-agent expert system, where managers of IT GRC can in an intelligent manner specify the IT needs following the strategic directives through a questionnaire about specific business goals. The key element that differentiates this research from the previous ones is that none of them are based on multi-agents system. The system was verified on concrete example. Future works consists on realizing a practical example of the proposed subsystem on real company systems that are involved in the research in order to overcomes obstacles and achieve IT organization objectives.

References
  1. Information-Technology—Security techniques— Information security risk management. INTERNATIONAL STANDARD ISO/IEC 27005 First edition 2008.
  2. KOUNS, Jake and MINOLI, Daniel. Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams. John Wiley & Sons, 2011.
  3. TALABIS, Mark et MARTIN, Jason. Information Security Risk Assessment Toolkit: Practical Assessments Through Data Collection and Data Analysis. Newnes, 2012.
  4. DOUSH, Iyad Abu. MULTI-AGENT SYSTEMS MODELING, CONTROL, PROGRAMMING, SIMULATIONS AND APPLICATIONS. 2011.
  5. RUSSELL, Stuart J. et NORVIG, Peter. Artificial intelligence: a modern approach. 2009.
  6. WOOLDRIDGE, Michael et JENNINGS, Nicholas R. Intelligent agents: Theory and practice. The knowledge engineering review, 1995, vol. 10, no 02, p. 115-152.
  7. BURKEY, Roxanne and BREAKFIELD, Charles V. (ed.). Designing a Total Data Solution: Technology, Implementation, and Deployment. CRC Press, 2000.
  8. CARDOSO, Rui Costa et FREIRE, Mário Marques. SAPA: software agents for prevention and auditing of security faults in networked systems. In: Information Networking. Convergence in Broadband and Mobile Networking. Springer Berlin Heidelberg, 2005. p. 80-88.
  9. MORADIAN, Esmiralda et HÅKANSSON, Anne. Approach to solving security problems using meta-agents in multi agent system. In: Agent and Multi-Agent Systems: Technologies and Applications. Springer Berlin Heidelberg, 2008. p. 122-131.
  10. PRUSIEWICZ, Agnieszka. A multi-agent system for computer network security monitoring. In: Agent and Multi-Agent Systems: Technologies and Applications. Springer Berlin Heidelberg, 2008. p. 842-849.
  11. Automating System Security Audits. ISACA Journal, volume 1, 2004.
  12. http://msdn.microsoft.com/en-us/library/ff648641.aspx Improving Web Application Security: Threats and Countermeasures. J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan. Microsoft Corporation
  13. SAYOUTI, Adil, MEDROMI, Hicham, et MOUTAOUAKIL, Fouad. Autonomous and Intelligent Mobile Systems based on Multi-Agent Systems. In: International Conference on Computing and Control Applications (CCCA). 2011. p. 452-467.
  14. VASUDEVAN, Vinod. Application Security in the ISO27001 Environment. IT Governance Ltd, 2008.
  15. SAYOUTI, Adil, MEDROMI, Hicham. Book Chapter in the book MULTI-AGENT SYSTEMS MODELING, CONTROL, PROGRAMMING, SIMULATIONS AND APPLICATIONS. 2011
  16. MORADIAN, Esmiralda et HÅKANSSON, Anne. Approach to solving security problems using meta-agents in multi agent system. In: Agent and Multi-Agent Systems: Technologies and Applications. Springer Berlin Heidelberg, 2008. p. 122-131.
  17. CALDER, Alan and WATKINS, Steve G. Information Security Risk Management for ISO27001/ISO27002. It Governance Ltd, 2010.
  18. Mohamed GHAZOUANI, Hicham MEDROMI, Brahim BOULAFDOUR and Adil SAYOUTI, “A model for an Information security management system (ISMS Tool) based multi agent system.”International Conference on Intelligent Information and Network Technology (IC2INT’13)
  19. GHAZOUANI, Mohamed, MEDROMI, Hicham, SAYOUTI, Adil, et al. Article: An Integrated use of ISO27005, Mehari and Multi-Agents System in order to Design a Comprehensive Information Security Risk Management Tool}. International Journal of Applied, vol. 7, p. 10-15.
  20. GHAZOUANI, Mohamed, FARIS, Sophia, MEDROMI, Hicham, et al. Information Security Risk Assessment--A Practical Approach with a Mathematical Formulation of Risk. International Journal of Computer Applications, 2014, vol. 103, no 8.
  21. https://en.wikipedia.org/wiki/Expert_system last retrieved: December 13th 2015.
  22. NWIGBO STELLA, N. et CHUKS, Agbo Okechuku. Expert System: A Catalyst in Educational Development in Nigeria. 2011.
Index Terms

Computer Science
Information Sciences

Keywords

IT GRC ISO27005 ISO27001 MEHARI Multi-agent system (MAS)