بررسی طراحی و معماری در سیستم هوشمند مدیریت امنیت اطلاعات Intelligent System for Information Security Management: Architecture and Design Issues

The limitations of each security technology combined with the growth of cyber attacks impact the efficiency of information security management and increase the activities to be performed by network administrators and security staff. Therefore, there is a need for the increase of automated auditing and intelligent reporting mechanisms for the cyber trust. Intelligent systems are emerging computing systems based on intelligent techniques that support continuous monitoring and controlling plant activities. Intelligence improves an individual’s ability to make better decisions. This paper presents a proposed architecture of an Intelligent System for Information Security Management (ISISM). The objective of this system is to improve security management processes such as monitoring, controlling, and decision making with an effect size that is higher than an expert in security by providing mechanisms to enhance the active construction of knowledge about threats, policies, procedures, and risks. We focus on requirements and design issues for the basic components of the intelligent system. Keywords: information security management, cyber security, intelligent system, architecture, agent-based control. Cyber Security Overview The exponential growth of the Internet, the convergence of Internet and wireless multimedia applications and services pose new security challenges (Miller, 2001). Security is a complex system (Volonino, 2004) and must be considered at all points and for each user. Organizations need a systematic approach for information security management that addresses security consistently at every level. They need systems that support optimal allocation of limited security resources on the basis of predicted risk rather than perceived vulnerabilities. However, the security infrastructure of most organizations came about through necessity rather than planning, a reactive-based approach such as detection of vulnerabilities and applying software updates (Cardoso & Freire, 2005) as opposed to a proactive approach (Gordon, Loeb & Lucyshyn, 2003). On the other hand, cyber security plans call for more specific requirements for computer and network security as well as emphasis on the availability of commercial automated auditing and reporting mechanisms and promotion of products for security assessments and threat management (Chan & Perrig, 2003; Hwang, Tzeng & Tsai, 2003; Leighton, 2004). Besides technical security controls (firewalls, passwords, intrusion detection, disaster recovery plans, etc.), security of an organization includes other Material published as part of this publication, either on-line or in print, is copyrighted by the Informing Science Institute. Permission to make digital or paper copy of part or all of these works for personal or classroom use is granted without fee provided that the copies are not made or distributed for profit or commercial advantage AND that copies 1) bear this notice in full and 2) give the full citation on the first page. It is permissible to abstract these works so long as credit is given. To copy in all other cases or to republish or to post on a server or to redistribute to lists requires specific permission and payment of a fee. Contact Publisher@InformingScience.org to request redistribution permission. Intelligent System for Information Security Management 30 issues that are typically process and people issues such as policies, training, habits, awareness, procedures, and a variety of other less technical and non-technical issues (Heimerl & Voight, 2005). Security education and awareness has been lagging behind the rapid and widespread use of the new digital infrastructure (Tassabehji, 2005). All these factors make security a process which is based on interdisciplinary techniques (Maiwald, 2004; Mena, 2004). The existing challenges of information security management combined with the lack of scientific understanding of organizations’ behaviors call for better computational systems that support effectiveness of using specific information technologies and new approaches based on intelligent techniques and security informatics as means for coordination and information sharing. Intelligent systems emerged as new software systems to support complex applications. In this paper, we propose the architecture for an Intelligent System for Information Security Management (ISISM) which supports the security processes and infrastructure within an organization. Among these components, intelligent systems include intelligent agents that exhibit a high level of autonomy and function successfully in situations with a high level of uncertainty. The system supports knowledge acquisition that is likely to assist the human user, particularly at deeper levels of comprehension and problem solving for the information security assurance domain. The next section of this paper provides a summary of information security management issues and trends, a brief overview of the information security threats, followed by a review of AI techniques for cyber security applications. Then we show the architecture and main components of the intelligent system and include specific design requirements for the intelligent agents. We discuss key issues related to design and technologies by using a Systems Engineering approach. We discuss that systems relying on intelligent agent-based control provide a way of analyzing, designing, and implementing complex software systems. We conclude with a perspective on the future of information security management efficiency and effectiveness by applying a multiparadigm approach. Information Security Management Issues and Trends Information security management is a framework for ensuring the effectiveness of information security controls over information resources. It addresses monitoring and control of security issues related to security policy compliance, technologies, and actions based on decisions made by a human. Information security management objective is to ensure no repudiation, authenticity, confidentiality, integrity, and availability of the information within an organization. Although different security technologies support specific security functions, there are many issues that impact the efficient management of information security. These technologies are not efficient and scalable because they rely on human expertise to periodically analyze the data. Many devices and systems generate hundreds of events and report various problems or symptoms. Also, these devices may all come at different times and from different vendors with different reporting and management capabilities and, perhaps worst of all, different update schedules. The security technologies are not integrated and each technology provides the information in its own format and meaning. These systems operating across versions, product lines, and vendors may provide little or no consistent characterization of events that represent the same symptom. These technologies lack features of aggregation and analysis of the data collected. In security management, analysts must choose how best to select observations, isolating aspects of interest. A static snapshot provided by one security technology (safeguard) does not provide the type of understanding needed for predictive analysis.