Access the full text.
Sign up today, get DeepDyve free for 14 days.
(1991)
S6curite et qualit¢ des systCmes d'information -Approche systemiqueLa part de I'homme
(1990)
Bibliography CLUSIF
(1992)
Questionnaire MARION-CC 92, V. 1.0
MARION is a method developed by APSAD/CLUSIF. MacMARION TM is a mark from OSIA ® available on Macintosh, a mark from Apple Computers
Acknowledgement : I wish to thank Vincent Gruber who programmed the first implementation
Information systems (IS) need permanent attention. Auditors must have effective tools to estimate their level of security and make recommendations to the management, according coherence and optimisation of the resources affected to maintain confidentiality, integrity and availability.Most of the time, risks have various and complex origins. A methodology is needed to analyse the coherence of the factors applied to the security and to suggest appropriate countermeasures, making part of a security policy regarding the objectives of the organization. There is a high demand for improved methodologies supported by software. A methodology for IS risk analysis and optimisation per level named MARION is presented. It has been developed in France from 1984 by APSAD, an association grouping together French insurance companies, and CLUSIF, an association in the area of computer security, MARION works in different contexts: mainframe mono-sites, networks and distributed systems, industrial computing, small and middle sized companies or systems, and microcomputing: involving technical tables, actualized and delivered by APSAD every year. The audit part of the methodology has been implemented in MacMARION , an object-oriented software working on a Macintosh platform, under MacOS operating system and programmed in the C++ language, making adaptation and reusability very easy. Input represents a personal appreciation provided by answer to questions. Output is quantitative and graphical, in the form of tables, roses and differential diagrams, which suggest coherence and relative seriousness with effort to accomplish regarding factors, categories of risks and losses. MacMARION offers an opportunity for self-assessment and a better productivity for auditors who can spend more time for details investigation and higher tasks, detailed investigation of higher or hidden risks.
ACM SIGSAC Review – Association for Computing Machinery
Published: Oct 15, 1992
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.