The IS risk analysis based on a business model

Information and Management

Volumn 41, Issue 2, 2003, Pages 149-158

  Suh, Bomil ^a,b   Han, Ingoo ^a  

^a Korea Advanced Institute of Science and Technology (KAIST)   (South Korea)

^b Entrue Consulting Partners   (South Korea)

Author keywords

Analytic Hierarchy Process (AHP); Asset valuation; Asset function assignment; Business model; Paired comparison; Risk analysis

Indexed keywords

COSTS; DECISION MAKING; RISK ASSESSMENT; VALUE ENGINEERING;

BUSINESS MODELS;

INFORMATION MANAGEMENT;

EID: 0141919268     PISSN: 03787206     EISSN: None     Source Type: Journal    
DOI: 10.1016/S0378-7206(03)00044-2     Document Type: Article

References (30)

1. Baskerville R. Information systems security design methods: implications for information systems development. ACM Computing Surveys. 25(4):1993;375-414.
2. S.P. Bennett, M.P. Kailay, An application of qualitative risk analysis to computer security for the commercial sector, in: Proceedings of Eighth IEEE Annual Computer Security Applications Conference, San Antonio, TX, USA, 1992, pp. 64-73.
3. CCTA, The CCTA Risk Analysis and Management Method (CRAMM) User Guide, UK Government Central Computer and Telecommunications Agency (CCTA), IT Security and Privacy Group, London, UK, 1993.
4. Cerullo M.J., Cerullo V. EDP risk analysis. Computer Audit Journal. 1994(2):1994;9-30.
5. Cerullo M.J., Shelton F.A. Analyzing the cost-effectiveness of computer controls and security. The Internal Auditor. 38(5):1981;30-37.
6. Ciechanowicz Z. Risk analysis: requirements, conflicts and problems. Computers & Security. 16(3):1997;223-232.
7. Finne T. A conceptual framework for information security management. Computers & Security. 17(4):1998;303-307.
8. Finne T. Information systems risk management: key concepts and business processes. Computers & Security. 19(3):2000;234-242.
9. GAO, Executive Guide Information Security Management: Learning from Leading Organizations, United States General Accounting Office (GAO), Accounting and Information Management Division, Washington, DC, USA, 1998.
10. Hicks M.J., Snell M.S., Sandoval J.S., Potter C.S. Physical protection systems - cost and performance analysis: a case study. IEEE AES Systems Magazine. 14(4):1999;9-13.
11. J.A. Hoffer, J.F. George, J.S. Valacich, Modern Systems Analysis & Design, Addison-Wesley-Longman, New York, NY, USA, 1999.
12. I. Jacobson, M. Ericsson, A. Jacobson, The Object Advantage: Business Process Reengineering with Object Technology, Addison-Wesley, New York, NY, USA, 1995.
13. Jung C., Han I., Suh B. Risk analysis for electronic commerce using case-based reasoning. International Journal of Intelligent Systems in Accounting, Finance & Management. 8(1):1999;61-73.
14. Kailay M.P., Jarratt P. RAMeX: a prototype expert system for computer security risk analysis and management. Computers & Security. 14(5):1995;449-463.
15. K.C. Laudon, J.P. Laudon, Management Information Systems: Organization and Technology, third ed., Macmillan, New York, NY, USA, 1994.
16. Loch K.D., Carr H.H., Warkentin M.E. Threats to information systems: today's reality, yesterday's understanding. MIS Quarterly. 16(2):1992;173-186.
17. J. Martin, Strategic Data-Planning Methodologies, Prentice-Hall, Englewood Cliffs, NJ, USA, 1982.
18. McNamee D. Developing an IS risk assessment process. IS Audit & Control Journal. 1996(3):1996;14-18.
19. R.R. Moeller, Computer Audit, Control, and Security, Wiley, New York, NY, USA, 1989.
20. Nosworthy J.D. A practical risk analysis approach: managing BCM risk. Computers & Security. 19(7):2000;596-614.
21. Post G.V., Diltz J.D. A stochastic dominance approach to risk analysis of computer systems. MIS Quarterly. 10(4):1986;363-375.
22. Rainer R.K. Jr., Snyder C.A., Carr H.H. Risk analysis for information technology. Journal of Management Information Systems. 8(1):1991;129-147.
23. Saaty T.L. How to make a decision: the analytic hierarchy process. European Journal of Operational Research. 48(1):1990;9-26.
24. T.L. Saaty, The Analytic Hierarchy Process: Planning, Priority Setting, Resource Allocation, McGraw-Hill, New York, NY, USA, 1980.
25. M.R. Smith, Commonsense Computer Security, McGraw-Hill, London, UK, 1993.
26. Solms R.V., Haar H.V.D., Solms S.H.V., Caelli W.J. A framework for information security evaluation. Information & Management. 26(3):1994;143-153.
27. D.A. Stolovitch, L.D. Robertson, Whose Risk Is It Anyway? in: Proceedings of the 10th Annual Canadian Information Technology Security Symposium, Ottawa, Canada, 1998, pp. 123-148.
28. Texas Instruments Incorporated, A Guide to Information Engineering Using the IEF™: Computer-Aided Planning, Analysis, and Design, second ed., Texas Instruments Incorporated, USA, 1990.
29. R. Weber, Information Systems Control and Audit, Prentice-Hall, Englewood Cliffs, NJ, USA, 1999.
30. Wright M. Third generation risk management practices. Computer Fraud & Security. 1999(2):1999;9-12.