An integral framework for information systems security management

Computers and Security

Volumn 22, Issue 4, 2003, Pages 337-360

  Trèek, Denis ^a  

^a JO EF STEFAN INSTITUTE   (Slovenia)

Author keywords

Information systems; Methodological framework; Security management

Indexed keywords

COMPUTER SOFTWARE MAINTENANCE; ELECTRONIC COMMERCE; INFORMATION MANAGEMENT; INFORMATION TECHNOLOGY; INTERNET; LAWS AND LEGISLATION; ONLINE SYSTEMS; SOCIETIES AND INSTITUTIONS; STANDARDS;

ELECTRONIC BUSINESS; INFORMATION SYSTEMS; SECURITY MANAGEMENT;

SECURITY OF DATA;

EID: 0038205942     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/S0167-4048(03)00413-9     Document Type: Article

References (75)

1. Aberdeen Group, 1998. Evaluating the Cost of Ownership for Digital Certificate Projects. Boston: Aberdeen Group.
2. Alhir, S. 1998. UML in a Nutshell. Cambridge: O'Reilly.
3. Anderson, R. J. 1994. Whither Cryptography. Inf. Management & Com. Security, Vol.2, No. 5, pp. 13-20.
4. Anderson, R. J., Kuhn, M. 1996. Tamper Resistance - a Cautionary Note. The 2nd USENIX Workshop on E- commerce Proceedings, pp. 1-11. Berkley: USENIX.
5. ANSI, 1998. The Elliptic Curve Digital Signature Algorithm (ECDSA). X9.62 standard. Washington, DC: ANSI.
6. Arce, I., 2002. Bug Hunting: The Seven Ways of the Security Samurai. Security & Privacy Supplement to IEEE Computer, pp. 11-15.
7. Aresenault, A. et al., 2002. Internet X.509 Public Key Infrastructure Roadmap. PKIX Draft Standard. Reston: IETF.
8. ASC X12, 2001. X12 Standard Release 4050. Washington, DC: ANSI.
9. Baker & Mc Kenzie, 2002. Global E-Commerce Law. http://www.bmck.com/ecommerce/intlegis-t.htm Chicago: Baker & Mc Kenzie.
10. Bell, D., La Padulla, L. 1973. Secure Computer Systems: Mathematical Foundations. ESD-TR-73-278. Washington, DC: MITRE Corp.
11. Broder, J.F. 2000. Risk Analysis - The Security Survey. Woburn: Butterworth - Heinemann.
12. BSI 1999, Code of practice for information security management. British Standard 7799. London: British Standards Institute.
13. Burrows, M., Abadi, M., Needham, R. 1990. Logic of Authentication. ACM Transactions on Comp. Systems, Vol. 8, No. 1, pp. 18 - 36.
14. Cheswick, W., Bellovin, S. 1994. Firewalls and Internet Security. Reading: Addison-Wesley.
15. COBIT Steering Committee 1998. Executive Overview (2nd ed.). Rolling Meadows: Information Systems Audit and Control Foundation.
16. Crocker, D.H. 1982. Standard For The Format Of Arpa Internet Text Messages. RFC 822. Reston: IETF.
17. DeMaio, H. 2002. Global Trust, Certification and (ISC)2. Computers & Security Vol. 21. No. 8, pp. 701-704.
18. Devargas M., 1999. Survival is Not Compulsory. Elsevier, Computers & Security, Vol. 18, No. 1, pp. 35-46.
19. Devetak, G. 1995. Organization of marketing and marketing information system. Organization and information systems. Aedermannsdorf: Scitec Publications.
20. Dichter, M.S., Burkhardt, M.S. 2001. Electronic Interaction in the Workplace: Monitoring, Retrieving and Storing Employee Communications. Age. Publications and Seminars. New York: Morgan & Lewis Counselors. http://www.morganlewis.com/art61499.htm.
21. Dierks, T., Allen, C. 1999. Transport Layer Security. Standard RFC 2246. Reston: IETF.
22. Dreben, R.N., Werbach, J.L. 1999. Top 10 Things to Consider in Developing an Electronic Commerce Web Site. Publications and Seminars. New York: Morgan & Lewis Counselors. http://www.morganlewis.com/art8999.htm.
23. Eastlake, D., Jones, P. 2001, Secure Hash Algorithm - 1. RFC 3174 Standard. Reston: IETF.
24. EU, 1998. Data Protection Directive. Directive 1998/46/EC Official Journal of the European Communities. Brussels: November: 1995.
25. EU, 1999. Electronic Signature Directive. Directive 1999/93/EC, Official Journal of the European Communities. Brussels: December 1999.
26. EU, 2000. Directive on Electronic Commerce. Directive 2000/31/EC, Official Journal of the European Communities. Brussels: June 2000.
27. EU, 2001. Directive on Privacy and Electronic Communications. 2001. Directive 2002/58/EC, Official Journal of the European Communities. Brussels: July 2002.
28. Foti, J. (Ed.) 2001. Advanced Encryption Standard. FIPS Draft. Washington, DC: DoC.
29. Foundation for Intelligent Physical Agents (2001). FIPA Security SIG Request For Information. F-OUT-00065 Deliverable. Concord: FIPA.
30. Freed, N. 1996. Multipurpose Internet Mail Extensions. RFC 2045 Standard. Reston: IETF.
31. Freier, A.O., et al. 1996. Secure Sockets Layer Protocol (version 3). Mountain View: Netscape Corp. http://wp.netscape.com/eng/ssl3/index.html.
32. Fumy, W., 2000. From Common Criteria to Elliptic Curves - ISO/IEC JTC 1/SC 27, IT Security Techniques. ISO Bulletin, No. 6, pp. 20-25.
33. Gong, L., Needham, R., Yahalom, R., 1990. Reasoning about Belief in Cryptographic Protocols. Proc. of the IEEE Computer Society Symposium on Research in Security and Privacy, pp. 234-248 Los Alamitos: IEEE Press.
34. Group on the Next Generation Internet Policy, 2000. e-Japan Initiative Tokyo: GNGIP.
35. Gutmann, P., 2002. PKI: It's Not Dead, Just Resting. IEEE Computer, Vol. 35, No. 8, pp. 41-49.
36. Harmon, P., 2001. Developing E-Business Systems and Architectures. San Francisco: Morgan Kaufman.
37. Hendry, M., 1997. Smart Card Security and Application. London: Artech House.
38. Holzmann, J.G., 1991. Design and validation of computer protocols. London: Prentice Hall.
39. Hunker, J., 2002. Policy challenges in building dependability in global infrastructures. Elsevier Science, Computers & Security, Vol. 21, No. 8, pp. 705-710.
40. ISO, 1994. IT - Identification Cards. IS 7816 / 1thru 10. Geneva: ISO.
41. ISO, 1995a. IT, OSI: Security Frameworks in Open Systems. IS 10181 / 1 thru 7. Geneva: ISO.
42. ISO, 1995b. Quality Systems. Standards ISO 9001 thru 9003. Geneva: ISO.
43. ISO, 1997. Quality Management and Quality System Elements. Standards ISO 9004 / 1 thru 2. Geneva: ISO.
44. ISO, 1999. Common Criteria, Security techniques - Evaluation criteria for IT security. IS 15408, parts 1 thru 3. Geneva: ISO.
45. ISO, 2000. Code of practice for inf. sec. management. ISO 17799 Standard. Geneva: ISO.
46. ISO, 2002. Z formal specification notation. FDIS 13568. Geneva: ISO.
47. ITU-T, 1997c. IT - Open Systems Interconnection - The Directory: Overview of concepts, models and services. Recommendation X.500. Geneva: ISO.
48. ITU-T, 2000. Public-key and attribute certificate frameworks. X.509 Standard. Geneva: ISO.
49. Katzenbeisser, S., Petitcolas, F.A.P., 1999. Information hiding techniques for steganography and digital watermarking. London: Artech House.
50. Kemmerer, R.A., Vigna, G., 2002. Intrusion Detection: A Brief History and Overview. IEEE Computer, Security & Privacy, Vol. 35, No. 5, pp. 27-30.
51. Kocher, P., Jaffe, J., Jun, B., 2000. Differential Power Analysis, White paper. San Francisco: Cryptography Research Inc.
52. Koops, B.J., 2001. Crypto Law Survey. http://rechten.kub.nl/koops/cryptolaw.
53. Mactaggart M., 2001. Enabling XML security. http://www-106.ibm.com/developerworks/xm. New York: IBM.
54. Likar, B., 2001. Inoviranje, Koper: College of Management.
55. Miller, S.K., 2001. Facing the Challenge of Wireless Security. IEEE Computer, Vol. 35, No. 7, pp. 16-18.
56. OECD, 1997. Guidelines for Cryptography Policy. Paris: OECD.
57. OECD, 1998. Implementing The OECD "Privacy Guidelines" In The Electronic Environment: Focus On The Internet. Paris: OECD.
58. OMG, 2001. Unified Modeling Language, v 1.4. Needham: OMG.
59. Powers, D.M. 2001. The Internet Legal Guide: Everything you need to know when doing business online. New York: John Wiley & Sons.
60. Raepple, M., 2001. Sicherheitskonzepte fuer das Internet. Heidelberg: dpunkt-Verlag.
61. Ramsdell, B., 1999. S/MIME Message Specification. Standard RFC 2633. Reston: IETF.
62. Roe, M., 1993. CA Requirements. PASSWORD Project R. 2.5 document. Cambridge: Cambridge University.
63. RSA Labs, 2002. PKCS - RSA Cryptography Standard, v 2.1. Bedford: RSA Security.
64. Sander, T., Tschudin, C.F., 1998. Protecting Mobile Agents Against Malicious Hosts. Mobile Agent Security, LNCS 1419. Heidelberg: Springer Verlag.
65. Schneier, B., 1996. Applied Cryptography. New York: John Willey & Sons.
66. Stallings, W., 1999. Cryptography and Network Security. London: Prentice Hall.
67. Syverson, P., van Oorschot, P., 1994. On Unifying Some Cryptographic Protocol Logic. Proc. of the Symposium on Security & Privacy, pp. 14-28. Oakland: IEEE.
68. Thayer, R., et al., 1998. IP Security Document Roadmap. RFC 2411. Reston: IETF.
69. Trček, D. et al., 2001. Slovene smart card and IP based health-care information system infrastructure. International journal of medical informatics. Vol. 61 pp. 33-43. Amsterdam: Elsevier.
70. UN Economic Commission for Europe. 1993. Electronic Data Interchange for Administration, Commerce and Transport - Syntax Rules. ISO 9735. Geneva: ISO.
71. UNCITRAL, 1996. Model Law on Electronic Commerce. http://www.uncitral.org/english/texts/elect-com/ecommerceindex.htm. Vienna: UNCITRAL.
72. UNCITRAL, 2001. Model Law on Digital Signatures. http://www.uncitral.org/english/texts/elect-com/ecommerceindex.htm. Vienna: UNCITRAL.
73. US Congress, 1998. Digital Millennium Copyright Act. H.R. 2281, Public Law 105-304. Washington D.C.: January 1998.
74. WIPO, 2000. Primer On E-commerce And Intellectual Property Issues. Geneva: WIPO.
75. Wysocki, R.K., DeMichiell, R.L., 1997. Managing Information Across the Enterprise. New York: John Willey & Sons.