International Journal of Networked and Distributed Computing

Volume 6, Issue 1, January 2018, Pages 1 - 10

Assessing Risk of Security Non-compliance of Banking Security Requirements Based on Attack Patterns

Authors
Krissada Rongrat1, krissada.ro@student.chula.ac.th, Twittie Senivongse2, twittie.s@chula.ac.th
1Department of Computer Engineering, Faculty of Engineering, Chulalongkorn University, 254 Phyathai Road, Wangmai, Pathumwan, Bangkok, 10330, Thailand
2Department of Computer Engineering, Faculty of Engineering, Chulalongkorn University, 254 Phyathai Road, Wangmai, Pathumwan, Bangkok, 10330, Thailand
Available Online 2 January 2018.
DOI
10.2991/ijndc.2018.6.1.1How to use a DOI?
Keywords
Security requirement; Risk assessment; Security attack pattern; Regulatory compliance; Text similarity; Banking
Abstract

Information systems such as those in the Banking sector need to comply with security regulations to assure that necessary security controls are in place. This paper presents an initial risk assessment method to assist a banking information system project in validating security requirements of the system. Dissimilarity between the textual security requirements of the system and the security regulations is determined to identify security non-compliance. A risk index model is then proposed to determine the risk level based on the severity and likelihood of exploit of any security attack patterns that could potentially affect the system if the missing regulations are not implemented. In an experiment using a case study of nine Thai commercial banks and the IT Best Practices of the Bank of Thailand as the regulations, the performance of compliance checking is evaluated in terms of F-measure and accuracy. It is also found that there is a strong positive correlation, with the coefficient of over 0.6, between the risk indices from the method and the security expert judgment.

Copyright
Copyright © 2018, the Authors. Published by Atlantis Press.
Open Access
This is an open access article under the CC BY-NC license (http://creativecommons.org/licences/by-nc/4.0/).

Download article (PDF)
View full text (HTML)

Journal
International Journal of Networked and Distributed Computing
Volume-Issue
6 - 1
Pages
1 - 10
Publication Date
2018/01/02
ISSN (Online)
2211-7946
ISSN (Print)
2211-7938
DOI
10.2991/ijndc.2018.6.1.1How to use a DOI?
Copyright
Copyright © 2018, the Authors. Published by Atlantis Press.
Open Access
This is an open access article under the CC BY-NC license (http://creativecommons.org/licences/by-nc/4.0/).

Cite this article

TY  - JOUR
AU  - Krissada Rongrat
AU  - Twittie Senivongse
PY  - 2018
DA  - 2018/01/02
TI  - Assessing Risk of Security Non-compliance of Banking Security Requirements Based on Attack Patterns
JO  - International Journal of Networked and Distributed Computing
SP  - 1
EP  - 10
VL  - 6
IS  - 1
SN  - 2211-7946
UR  - https://doi.org/10.2991/ijndc.2018.6.1.1
DO  - 10.2991/ijndc.2018.6.1.1
ID  - Rongrat2018
ER  -