Defining the Minimum Security Baseline in a Multiple Security Standards Environment by Graph Theory Techniques

Dmitrij Olifer; Nikolaj Goranin; Antanas Cenys; Arnas Kaceniauskas; Justinas Janulevicius

doi:10.3390/app9040681

Applied Sciences (Feb 2019)

Defining the Minimum Security Baseline in a Multiple Security Standards Environment by Graph Theory Techniques

Dmitrij Olifer,
Nikolaj Goranin,
Antanas Cenys,
Arnas Kaceniauskas,
Justinas Janulevicius

Affiliations

Dmitrij Olifer: Vilnius Gediminas Technical University, Saulėtekio al. 11, Vilnius LT-10223, Lithuania
Nikolaj Goranin: Vilnius Gediminas Technical University, Saulėtekio al. 11, Vilnius LT-10223, Lithuania
Antanas Cenys: Vilnius Gediminas Technical University, Saulėtekio al. 11, Vilnius LT-10223, Lithuania
Arnas Kaceniauskas: Vilnius Gediminas Technical University, Saulėtekio al. 11, Vilnius LT-10223, Lithuania
Justinas Janulevicius: Vilnius Gediminas Technical University, Saulėtekio al. 11, Vilnius LT-10223, Lithuania

DOI: https://doi.org/10.3390/app9040681
Journal volume & issue: Vol. 9, no. 4
p. 681

Abstract

Read online

One of the best ways to protect an organization’s assets is to implement security requirements defined by different standards or best practices. However, such an approach is complicated and requires specific skills and knowledge. In case an organization applies multiple security standards, several problems can arise related to overlapping or conflicting security requirements, increased expenses on security requirement implementation, and convenience of security requirement monitoring. To solve these issues, we propose using graph theory techniques. Graphs allow the presentation of security requirements of a standard as graph vertexes and edges between vertexes, and would show the relations between different requirements. A vertex cover algorithm is proposed for minimum security requirement identification, while graph isomorphism is proposed for comparing existing organization controls against a set of minimum requirements identified in the previous step.

Published in Applied Sciences

ISSN: 2076-3417 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Technology: Engineering (General). Civil engineering (General); Science: Biology (General); Science: Physics; Science: Chemistry
Website: http://www.mdpi.com/journal/applsci

About the journal

Abstract

Keywords