TY  - JOUR
ID  - SisLab3991
UR  - https://eprints.uet.vnu.edu.vn/eprints/id/eprint/3991/
IS  - 6
A1  - Le, Viet Ha
A1  - Phung, Van On
A1  - Nguyen, Ngoc Hoa
Y1  - 2020/07//
N2  - Information security risk management is one of the essential tasks currently  in  ensuring  information  security.  In  particular,  for  e-Government     information     systems,     the     assessment     and management of security risks through the exploitation of software vulnerabilities, network equipment, etc., allow us to minimize the loss  of  data  and  essential  information  of  organizations  in  e-Government.  In  this  paper,  we  introduce  a  holistic  approach  to assessing information security risks based on both qualitative and quantitative  methods  for  the  Vietnamese  e-Government.  Our model  of  security  risk  management  is  built  according  to  both international   standards   (ISO   27005-2018,   NIST   SP800-30r1, SP800-39,  SP800-53r4)  and  Vietnamese  standard  (TCVN).  For the  quantitative  risk  method,  we  use  both  CVSS  and  OWASP scoring  standards  to  quantify  information  system  risks.  Besides, the information security risks of the system can also be determined through   vulnerability   scanners.   We   also   implemented   the proposed  model  in  a  Web  application,  called  SoC.UET.  The experiments  we  conducted  with  UET.SoC  allowed  proving  the ability to manage the information security risks holistically for a Ministry or a Province in the Vietnamese e-Governmen
JF  - IJCSNS International Journal of Computer Science and Network Security
VL  - 20
SN  - 1738-7906
TI  - Information Security Risk Management by a Holistic Approach: a Case Study for Vietnamese e-Government
SP  - 72
AV  - none
EP  - 82
ER  -