Table of Contents Author Guidelines Submit a Manuscript
Journal of Computer Networks and Communications
Volume 2012 (2012), Article ID 151205, 20 pages
http://dx.doi.org/10.1155/2012/151205
Research Article

System Health Monitoring Using a Novel Method: Security Unified Process

1Départment de Genie Informatique et Génie Logiciel, École Polytechnique de Montréal, P.O. Box 6079, Succ. Downtown, Montreal, QC, Canada H3C 3A7
2Department of Computer Engineering & Information Technology, Amirkabir University of Technology, 424 Hafez Avenue, Tehran, Iran

Received 17 October 2011; Revised 12 March 2012; Accepted 16 March 2012

Academic Editor: Lixin Gao

Copyright © 2012 Alireza Shameli-Sendi et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

Iterative and incremental mechanisms are not usually considered in existing approaches for information security management System (ISMS). In this paper, we propose SUP (security unified process) as a unified process to implement a successful and high-quality ISMS. A disciplined approach can be provided by SUP to assign tasks and responsibilities within an organization. The SUP architecture comprises static and dynamic dimensions; the static dimension, or disciplines, includes business modeling, assets, security policy, implementation, configuration and change management, and project management. The dynamic dimension, or phases, contains inception, analysis and design, construction, and monitoring. Risk assessment is a major part of the ISMS process. In SUP, we present a risk assessment model, which uses a fuzzy expert system to assess risks in organization. Since, the classification of assets is an important aspect of risk management and ensures that effective protection occurs, a Security Cube is proposed to identify organization assets as an asset classification model. The proposed model leads us to have an offline system health monitoring tool that is really a critical need in any organization.