An overview of credit report/credit score modelsand a proposal for Vietnam

Having a national credit database system would help financial institutions (FIs) reducecredit risk and reduce non-recovered bad debts. The government will feel at ease when FIs and thepeople are protected from bad debts in a sustainably developing and transparent market. On theother hand, borrowers will also receive benefit.
Nội dung trích xuất từ tài liệu:
An overview of credit report/credit score modelsand a proposal for VietnamVNU Journal of Science: Policy and Management Studies, Vol. 33, No. 2 (2017) 97-103An Assestment Model for Cyber Securityof Vietnamese OrganizationLe Quang Minh*, Doan Huu Hau, Nguyen Ngoc Tuan,Cu Kim Long, Nguyen Minh PhucInformation Technology Institute, Vietnam National University, Hanoi,144 Xuan Thuy Street, Cau Giay District, Hanoi, VietnamReceived 11 April 2017Revised 07 June 2017, Accepted 28 June 2017Abstract: This article aims to introduce the cyber security assess model (CSAM), an importantcomponent in cyber security architecture framework, especially for the developing country asVietnam. This architecture framework is built up with the Enterprise Architecture approach andbased on the ISO 2700x and NIST SP 800-53 Rev.4. From the holistic perspective based on EGIFdeveloped previously by UNDP group and the main TOGAF features, ITI-GAF is simplified tosuit the awareness, capability and improvement readiness of the developing countries. The resultof survey and applying in countries as Vietnam, Lao affirms the applicable value of ITI-GAF andthe CSAM. The comprehensive, accurate and prompt assessment when applying ITI-CSAMenables the organization to identify the cybersecurity strengths and weaknesses, thereby determinethe key parts need invested and its effects to the whole organization’s cybersecurity, then build upthe action plan for short-term and long-term.Keywords: ITI-GAF, Cyber-security architecture framework, assessment model for cyber-security,NIST SP 800-53 Rev.4.1. Introdution There must be some architecture toguideline the deployment of informationsystems while guaranteeing the security. Suchan architecture must confront the increasingnumber of attacks in a variety of forms, tools,environment, at different levels of complexityand severity. It would be a major part ofEnterprise Architecture [1-2]. However, ingeneral it is extremely difficult to achieveconsensus in Cyber Security. On the other hand,the situation of security is characteristic, asInformation System can be designed in a topdown approach, while Cyber Security must bedesigned to adapt to the existing systems. CyberSecurity issues are also sensitive to the policy,strategy, top management views andcommitments, interpersonal communication.In recent years, along with the explosivedevelopment of Internet infrastructure, smartdevices and Internet of Things, informationservices and social networks, cyber security hasbecome a global real challenge. On one hand,the systems must be flexible and use friendly.On the other hand, it must protect our asset andprivacy. In reality, the systems become moreand more complex as integrations of manysystems deployed by different vendors withdifferent views and interests to cyber security._______Corresponding author. Tel.: 84-989736464.Email: quangminh@vnu.edu.vnhttps://doi.org/10.25073/2588-1116/vnupam.41029798L.Q. Minh et al. / VNU Journal of Science: Policy and Management Studies, Vol. 33, No. 2 (2017) 97-103After all, security solutions mainly serve theinterests of the organizations, while do notbring new user functionalities, so it is not easyto gain popularity from the beginning.Thus, the popular architecture frameworkslike TOGAF, FEA, DODAF,… [3-5] would betoo complicated and expensive for CyberSecurity. While those tools are superior fromthe methodological points of view, in practice,it is not easy to implement. Therefore, mostarchitecture frameworks do not cover cybersecurity issues. To fill this gap, Viet et al [6]have proposed to apply ITI-GAF [7-9] toconstruct the Cyber Security ArchitectureFramework (CSAF) for developing countries.ITI-GAF has an advantage of being simple andeasy to adapt to cyber security.In this paper, we will address theassessment model of CSAF. In theimplementation process of cyber securityprojects, the assessment model plays animportant role. Firstly, it can be used to enforcethe cyber security standards, which areimportant in the information systems deployedby several different vendors. Secondly, theassessment model can point out the weaknessesin a prioritised order, which help theorganizations to prepare an investment andimplementation plan to address them. Thirdly,the assessment model can be used to evaluateand monitor the performance of cyber securityprojects in order to maximize it.In this paper we use the ISO and NISTstandards to work out the assessment questions.However, this procedure is extendable to adoptother standards as well. We have constructedthe assessment schemas with different depthsaccording to various needs of the organizations.Based on these schemas we have designed aweb based application to provide assessmentservices. Although CSAF is constructed for thedeveloping countries, it can be used for moreadvanced countries as well.The paper is organized as follows: InSection II., an overview of ITI-GAF and themethodology of our work will be presented. InSection III., CSAF will be presented with astrong focus on the assessment model. InSection IV., a logical design of a cyber securityassessment service based on the CSAF’sassessment model will be briefly discussed.Section V. will discuss the conclusions, learnedlessons and future perspectives.2. Methodology2.1. Overview of EA and ITI-GAFEA has been proposed by Zachmann andIBM [1-2] to ensure the interoperability of aninformation system and to align the businessprocesses, objectives with technology. In 1998,the CIO council and presidential Budget Bureauhave constructed FEA to reduce the failure rateof the US government’s IT projects [3]. Soonafter that, EA has been built in all advancedcountries and became an industrial standards,with contributions from more than 350 leadingglobal IT companies and hundreds thousands ofprojects [4].ITI-GAF [6- ...