Sophia Faris

  • Citations Per Year
Learn More
Risk management methodologies, such as Mehari, Ebios, CRAMM and SP 800-30 (NIST) use a common step based on threat, vulnerability and probability witch are typically evaluated intuitively using verbal hazard scales such as low, medium, high. Because of their subjectivity, these categories are extremely difficult to assign to threats, vulnerabilities and(More)
The use of internet has made people and organizations vulnerable to the outside attacks. Indeed, cyber issues mainly affect information systems with different types of malicious attacks such as spyware, virus, social engineering etc. This work is motivated by the need for a more intuitive and automated systems-level approach to determine the overall(More)
Information has always been in the heart of every organization. During its exchange this information can be altered or modified. It is also considered as a key element for the development of many businesses. In this context, we have the obligation to protect it and secure it. In fact, it can’t be protected without the use of frameworks and effective tools(More)
Universities in the public and private sectors depend on information technology and information systems to successfully carry out their missions and business functions. Information systems are subject to serious threats that can have adverse effects on organizational operations and assets, and individuals by exploiting both known and unknown vulnerabilities(More)
  • 1