Popularization of the Internet makes network-based information systems indispensable parts of our lives. Now information security accidents people faced emerge one after another increasingly. Hence, the information security management has become an important topic.
Most information security management issues were described in text, lack of more intuitive, in graph, representations. The degrees of influence of various roles in an information system under security threats represented in graph are easier than in text to be understood. That can quickly point out problems need to be solved. Different application in different situation might faces different security threats, hence drives different security requirements. The essential requirements in information security are Integrity, Confidentiality, Authentication, Accountability and Availability.
This thesis provides an open and graphic-based research framework for information security management using the information security accident stories as the starting points. We use several directed relationships construct the relationship network diagrams among various roles in application scenarios. The security issues and the resolutions can be identified in the graphs. Then a variety of management features that influence decision makings are added into the model. After reorganization, the final version information security research framework with a variety of relationship graphs is proposed. This framework can provide suggestions and policies for the information security management using degrees of association among roles.
