Iterative and incremental mechanisms are not usually considered in existing approaches for information security management\r\nSystem (ISMS). In this paper, we propose SUP (security unified process) as a unified process to implement a successful and highquality\r\nISMS. A disciplined approach can be provided by SUP to assign tasks and responsibilities within an organization. The SUP\r\narchitecture comprises static and dynamic dimensions; the static dimension, or disciplines, includes business modeling, assets,\r\nsecurity policy, implementation, configuration and change management, and project management. The dynamic dimension, or\r\nphases, contains inception, analysis and design, construction, and monitoring. Risk assessment is a major part of the ISMS process.\r\nIn SUP, we present a risk assessment model, which uses a fuzzy expert system to assess risks in organization. Since, the classification\r\nof assets is an important aspect of risk management and ensures that effective protection occurs, a Security Cube is proposed\r\nto identify organization assets as an asset classification model. The proposed model leads us to have an offline system health\r\nmonitoring tool that is really a critical need in any organization.
Loading....