Disputas: Süleyman Kondacki

Süleyman Kondacki ved Institutt for informatikk vil forsvare sin avhandling for graden dr.philos. (doctor philosophiae)

"CSAIF: A Compound Security Analysis and Implementation Framework"

Tid og sted for prøveforelesninger

9. des. 2008 09:15 (Lille auditorium, Informatikkbygningen, Gaustad) - The obscurity of information security course syllabi: challenges in information security education

9. des. 2008 10:15 (Lille auditorium, Informatikkbygningen, Gaustad) - Information Security Management; What to protect in your organization and how to do it

Bedømmelseskomité

  • Associate Professor Christian Damsgaard Jensen, Institut for Informatik og Matematisk Modellering, Danmarks Tekniske Universitet, Kgs. Lyngby, Danmark

  • Professor Svein Johan Knapskog, Institutt for telematikk, NTNU, Trondheim
    Førsteamanuensis II Naci Akkøk, Institutt for informatikk, Universitetet i Oslo

Leder av disputas

Dag Langmyhr

For mer informasjon

This dissertation presents a framework of concepts (CSAIF) for integrating management tasks in information security. CSAIF is a compound framework comprised of risk analysis, security planning, validation and improvement, and evaluation methodologies. These methodologies are intended to enable information security administrators and evaluators to easily maintain lifecycle security in a proactive manner. The research resulted in useful methodologies, models, and tools, such as determination of risk propagation and validation methods applied to security designs, evaluation of operational and newly designed security solutions, realistic worm/virus spread and extinction models, and design of a secure protocol used for security assesssments over the Internet and public networks.

As presented in a collection of publications, there are several contributions of CSAIF: primarily, it offers the development of efficient, scalable, and easily applicable methods for self-risk assessment, improved security design, and guidance for lifecycle security maintenance. It also provides complementary functions that can be used by test and evaluation facilities and institutions. The CSAIF framework builds on a compound (interrelated) concept, which contains security threat analysis, worm modeling, new approaches for quantitative risk management, design validation (assessment and improvement), and a remote security evaluation protocol called RSEP. It also provides guidelines and specifications that can be used to improve existing solutions and to develop assessment tools.

The thesis is based on a collection of research work published by the doctoral candidate, while involved in various information security projects internationally, mostly in Turkey.

Kontaktperson

For mer informasjon, kontakt Lena Korsnes.

Published Feb. 25, 2011 10:20 AM - Last modified Mar. 25, 2014 10:45 AM