Intelligent System for Information Security Management: Architecture and Design Issues

Article excerpt

Cyber Security Overview

The exponential growth of the Internet, the convergence of Internet and wireless multimedia applications and services pose new security challenges (Miller, 2001). Security is a complex system (Volonino, 2004) and must be considered at all points and for each user. Organizations need a systematic approach for information security management that addresses security consistently at every level. They need systems that support optimal allocation of limited security resources on the basis of predicted risk rather than perceived vulnerabilities. However, the security infrastructure of most organizations came about through necessity rather than planning, a reactive-based approach such as detection of vulnerabilities and applying software updates (Cardoso & Freire, 2005) as opposed to a proactive approach (Gordon, Loeb & Lucyshyn, 2003). On the other hand, cyber security plans call for more specific requirements for computer and network security as well as emphasis on the availability of commercial automated auditing and reporting mechanisms and promotion of products for security assessments and threat management (Chan & Perrig, 2003; Hwang, Tzeng & Tsai, 2003; Leighton, 2004).

Besides technical security controls (firewalls, passwords, intrusion detection, disaster recovery plans, etc.), security of an organization includes other issues that are typically process and people issues such as policies, training, habits, awareness, procedures, and a variety of other less technical and non-technical issues (Heimerl & Voight, 2005). Security education and awareness has been lagging behind the rapid and widespread use of the new digital infrastructure (Tassabehji, 2005). All these factors make security a process which is based on interdisciplinary techniques (Maiwald, 2004; Mena, 2004). The existing challenges of information security management combined with the lack of scientific understanding of organizations' behaviors call for better computational systems that support effectiveness of using specific information technologies and new approaches based on intelligent techniques and security informatics as means for coordination and information sharing. Intelligent systems emerged as new software systems to support complex applications. In this paper, we propose the architecture for an Intelligent System for Information Security Management (ISISM) which supports the security processes and infrastructure within an organization. Among these components, intelligent systems include intelligent agents that exhibit a high level of autonomy and function successfully in situations with a high level of uncertainty. The system supports knowledge acquisition that is likely to assist the human user, particularly at deeper levels of comprehension and problem solving for the information security assurance domain.

The next section of this paper provides a summary of information security management issues and trends, a brief overview of the information security threats, followed by a review of AI techniques for cyber security applications. Then we show the architecture and main components of the intelligent system and include specific design requirements for the intelligent agents. We discuss key issues related to design and technologies by using a Systems Engineering approach. We discuss that systems relying on intelligent agent-based control provide a way of analyzing, designing, and implementing complex software systems. We conclude with a perspective on the future of information security management efficiency and effectiveness by applying a multi-paradigm approach.

Information Security Management

Issues and Trends

Information security management is a framework for ensuring the effectiveness of information security controls over information resources. It addresses monitoring and control of security issues related to security policy compliance, technologies, and actions based on decisions made by a human. …