Abstract
Disaster prevention and recovery is an important branch of security informatics. People need to investigate the disaster prevention and recovery capacity of information systems in order to make them more robust. In this paper we propose a framework to evaluate the disaster defense ability of information systems. In the research a hierarchy of criterions is built up which covers both the disaster prevention ability and the disaster recovery ability. And a fuzzy assessment method is designed to fit the evaluating process. We also develop a software tool based on the framework to assist the information security evaluators.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adachi, Y., Obata, H.: Disaster prevention measures of NTT for telecommunications network systems. IEEE Communications Magazine 28(6), 18–24 (1990)
British Standard Institute. Information Security Management - Part 1:Code of Practice for Information Security Management (BS7799-1:1999). British Standard Institute (1999)
British Standard Institute. Information Security Management Systems-Specification with guidance for use (BS 7799-2:2002). British Standard Institute (2002)
Contigency Planning Management Group. BCP Handbook. http://www.contingencyplanning.com/tools/bcphandbook/2004A
Smith, D.J.: Business Continuity Management: Good Practice Guidelines. The Business Continuity Institute (2002)
International, D.R.I.: Professional Practices for Business Continuity Planners. http://www.chinacissp.com/download/ProfessionalPractices.pdf/2002
Piedad, F., Hawkins, M.: High availability. Prentice-Hall, Englewood Cliffs (2001)
Linstone, H.A., Turoff, M.: The Delphi Method: Techniques and Applications. Addison-Wesley, Reading (1975)
Choi, H.C., Lee, S.Y., Lee, H.H.: Design and Implementation of a Policy-Based Privacy Authorization System. In: Mehrotra, S., et al. (eds.) ISI 2006. LNCS, vol. 3975, pp. 129–140. Springer, Heidelberg (2006)
Iyer, R.K., Sarkis, J.: Disaster recovery planning in an automated manufacturing environment. IEEE Transactions on Engineering Management 45(2), 163–175 (1998)
Wang, K., et al.: A Disaster Recovery System Model in an E-government System. In: Sixth International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT (2005)
Swanson, M., et al.: Contigency Planning Guide for Information Technoloty Systems. NIST Special Publication 800-34. National Institute of Standards and Technoloty (2001), http://csrc.nist.gov/publications/nistpubs/800-34/sp800-34.pdf
Hu, P.J.H., et al.: Evaluating an Infectious Disease Information Sharing and Analysis System. In: Kantor, P., et al. (eds.) ISI 2005. LNCS, vol. 3495, pp. 412–417. Springer, Heidelberg (2005)
Sturgeon, A.: Concepts and models for IT Security (ISO/IEC TR 13335-1). ISO/IEC (1996)
Toigo, J.W.: Disaster Recovery Planning: Preparing for the Unthinkable. Pearson Education Inc, London (2004)
Zhu, W., Wang, F.-Y.: Covering Based Granular Computing for Conflict Analysis. In: Mehrotra, S., et al. (eds.) ISI 2006. LNCS, vol. 3975, pp. 566–571. Springer, Heidelberg (2006)
Xu, S.: Practical decision-making method: the theory of analytic hierarchy process. Tianjin University press, Tianjin (1988)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Zhang, B., Zhang, J., Zhou, N., Chen, M. (2007). Evaluating the Disaster Defense Ability of Information Systems. In: Yang, C.C., et al. Intelligence and Security Informatics. PAISI 2007. Lecture Notes in Computer Science, vol 4430. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71549-8_28
Download citation
DOI: https://doi.org/10.1007/978-3-540-71549-8_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71548-1
Online ISBN: 978-3-540-71549-8
eBook Packages: Computer ScienceComputer Science (R0)