VNU-UET Repository

Information Security Risk Management by a Holistic Approach: a Case Study for Vietnamese e-Government

Le, Viet Ha and Phung, Van On and Nguyen, Ngoc Hoa (2020) Information Security Risk Management by a Holistic Approach: a Case Study for Vietnamese e-Government. IJCSNS International Journal of Computer Science and Network Security, 20 (6). pp. 72-82. ISSN 1738-7906

Full text not available from this repository.


Information security risk management is one of the essential tasks currently in ensuring information security. In particular, for e-Government information systems, the assessment and management of security risks through the exploitation of software vulnerabilities, network equipment, etc., allow us to minimize the loss of data and essential information of organizations in e-Government. In this paper, we introduce a holistic approach to assessing information security risks based on both qualitative and quantitative methods for the Vietnamese e-Government. Our model of security risk management is built according to both international standards (ISO 27005-2018, NIST SP800-30r1, SP800-39, SP800-53r4) and Vietnamese standard (TCVN). For the quantitative risk method, we use both CVSS and OWASP scoring standards to quantify information system risks. Besides, the information security risks of the system can also be determined through vulnerability scanners. We also implemented the proposed model in a Web application, called SoC.UET. The experiments we conducted with UET.SoC allowed proving the ability to manage the information security risks holistically for a Ministry or a Province in the Vietnamese e-Governmen

Item Type: Article
Subjects: Information Technology (IT)
Divisions: Faculty of Information Technology (FIT)
Depositing User: Assoc.Prof Hoá NGUYỄN Ngọc
Date Deposited: 29 Jul 2020 08:09
Last Modified: 29 Jul 2020 08:09

Actions (login required)

View Item View Item