A Novel Approach to Design Quantitative Method for ICT Security Assessment


Abstract in English

The intent of this paper is to present a novel quantitative equation to assess information security level for enterprises, establishments and corporate generally, and financial institutions specifically in public and private sectors in Syria. This method is the result of statistical study1 which has been applied to a set of financial institutions in Syria as a sample of study to assess the gap between existing information security level and ISO 27K directives for Information and Communication Technology (ICT) security, benefiting from other international approaches and models designed for this purpose. This study aims to highlight the special requirements and the modified framework required to develop ICT security in financial institutions taking into consideration the culture and the special conditions in Syria.

References used

William Thompson, Lord Kelvin, Popular Lectures and Addresses [1891-1894], in Bartlett's Familiar Quotations, Fourteenth Edition, 1968, p. 723a
ISO/IEC 27001:2005, Information technology-Security techniques-Information Security Management Systems (ISMS)- Requirements
ISO/IEC 27002 or BS 17799:2005, Information technology-Security techniques-Code of practice for information security management

Download