• Aug 06, 2018 News! IJIET Vol. 7, No. 1-No. 8 have been indexed by EI (Inspec).   [Click]
  • Feb 02, 2019 News!Vol. 9, No. 2 issue has been published online!   [Click]
  • Dec 28, 2018 News!Vol. 9, No. 1 has been indexed by Crossref.
General Information
    • ISSN: 2010-3689
    • Frequency: Bimonthly (2011-2014); Monthly (Since 2015)
    • DOI: 10.18178/IJIET
    • Editor-in-Chief: Prof. Dr. Steve Thatcher
    • Executive Editor: Ms. Nancy Y. Liu
    • Abstracting/ Indexing: EI (INSPEC, IET), Electronic Journals Library, Google Scholar, Crossref and ProQuest
    • E-mail: ijiet@ejournal.net
Prof. Dr. Steve Thatcher
QUniversity, Australia
It is my honor to be the editor-in-chief of IJIET. The journal publishes good-quality papers which focous on the advanced researches in the field of information and education technology. Hopefully, IJIET will become a recognized journal among the scholars in the related fields.

IJIET 2014 Vol.4(4): 323-327 ISSN: 2010-3689
DOI: 10.7763/IJIET.2014.V4.422

An Assessment Model for Security-Critical Enterprise Systems

Bandar M. Alshammari
Abstract—This paper presents a model for assessing security of enterprise systems. It focuses on the structural properties of enterprise systems’ architectures in order to quantify their overall security. The model is built on the well-known three-tier architecture model and aims to identify the ways in which security-critical data values may be transferred between various components of the system’s architecture. This paper extends the three-tier architecture model to add a fourth layer which defines a set of low-level security metrics developed based on systems’ structural characteristics, such as data accessibility, coupling, cohesion and complexity. These metrics then are linked to relevant components of the three layers in the three-tier architecture model and hence defining a single security metric for each component. By combining security metrics of each layer’s components, a single security index is defined that forms the security value of each layer. Finally, the entire system’s security is summarised as a single security value. These metrics allow different architecture of the same system, or different systems with similar functionalities, to be compared for their relative security at a number of different abstraction levels at an early stage of development for any enterprise system.

Index Terms—Security models, three-tier architecture, security metrics, enterprise systems.

B. M. Alshammari is with the Information Technology Department, University of Aljouf, Saudi Arabia (e-mail: bmshammeri@ju.edu.sa).


Cite: Bandar M. Alshammari, "An Assessment Model for Security-Critical Enterprise Systems," International Journal of Information and Education Technology vol. 4, no. 4, pp. 323-327, 2014.

Copyright © 2008-2018. International Journal of Information and Education Technology. All rights reserved.
E-mail: ijiet@ejournal.net