Towards an enhancement of organizational information security through Threat Factor Profiling (TFP) model
Information security has been identified by organizations as part of internal operations that need to be well implemented and protected. This is because each day the organizations face a high probability of increase of threats to their networks and services that will lead to information security iss...
Saved in:
| Main Authors: | , , , , , , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IOP Publishing
2017
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/63588/1/Towards%20an%20Enhancement%20of%20Organizational%20Information%20Security%20through%20Threat%20Factor%20Profiling%20%28TFP%29%20Model.pdf http://psasir.upm.edu.my/id/eprint/63588/ http://iopscience.iop.org/article/10.1088/1742-6596/892/1/012011 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Information security has been identified by organizations as part of internal operations that need to be well implemented and protected. This is because each day the organizations face a high probability of increase of threats to their networks and services that will lead to information security issues. Thus, effective information security management is required in order to protect their information assets. Threat profiling is a method that can be used by an organization to address the security challenges. Threat profiling allows analysts to understand and organize intelligent information related to threat groups. This paper presents a comparative analysis that was conducted to study the existing threat profiling models. It was found that existing threat models were constructed based on specific objectives, thus each model is limited to only certain components or factors such as assets, threat sources, countermeasures, threat agents, threat outcomes and threat actors. It is suggested that threat profiling can be improved by the combination of components found in each existing threat profiling model/framework. The proposed model can be used by an organization in executing a proactive approach to incident management. |
|---|