Information security is information risk management

Proceedings New Security Paradigms Workshop

Volumn , Issue , 2001, Pages 97-104

  Blakley, Bob ^a   McDermott, Ellen ^b   Geer, Dan ^b  

^a Tivoli Systems

^b JP MorganChase ^*

Author keywords

[No Author keywords available]

Indexed keywords

INFORMATION TECHNOLOGY; MATHEMATICAL MODELS; RISK MANAGEMENT; SECURITY SYSTEMS;

ANNUALIZED LOSS EXPECTATION; INFORMATION RISK;

SECURITY OF DATA;

EID: 0242665376     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/508185.508187     Document Type: Conference Paper

References (24)

1. Standards Australia, "AS/NZS 4360:1999 Risk Management", 1999.
2. Computer Security Institute and US FBI, "Computer Security Issues & Trends", CSI, 2000.
3. Arbaugh, W., Fithen, W., and McHugh, J., "Windows of Vulnerability, a Case Study Analysis", IEEE Computer, IEEE, December, 2000.
4. Bank for International Settlements, "The New Basel Capital Accord", Basel: Bank for International Settlements, 2001.
5. Comments on New Basel Capital Accord, http://www.bis.org/bcbs/cacomments.htm
6. CERT, CERT Annual Reports, http://www.cert.org/annual_rpts/index.html
7. TechRisk.Law, "e-Coverage", Cincinnati, OH: National Underwriter Company, 2000.
8. Lang, S., Davis, J., Jaye, D., Erwin, D., Mullarney, J., Clarke, L., and Loesch, M., "e-risk: Liabilities in a Wired World", Cincinnati, OH: National Underwriter Company, 2000.
9. US Department of Commerce/National Bureau of Standards, "Guidelines For Automatic Data Processing Physical Security and Risk Management", 1974.
10. US Department of Commerce/National Institute of Standards and Technology, "Guideline for the Analysis of Local Area Network Security", 1994.
11. US General Accounting Office, "Information Security Risk Assessment: Practices of Leading Organizations", 1999.
12. Harrington, S., and Niehaus, G., "Risk Management and Insurance", Boston, Irwin/McGraw Hill, 1999.
13. Shannon, M., Wilson, B., and Stang, C. (eds.), "Health Professional's Drug Guide", Upper Saddle River, NJ, Prentice Hall, 2002.
14. Koller, G., "Risk Assessment and Decision Making in Business and Industry", Boca Raton, Fla.: CRC Press, 1999.
15. Kolluru, R., Bartell, S., Pitblado, R., and Stricoff, S., "Risk Assessment and Management Handbook for Environmental, Health, and Safety Professionals", Boston: McGraw-Hill, 1996.
16. Leveson, N., "Safeware: System Safety and Computers", Reading, Mass.: Addison-Wesley, 1995.
17. Merck & Co., "Merck's 1899 Manual", New York, Merck & Co., 1899.
18. Beers, M., and Berkow, R. (eds.), "The Merck Manual of Diagnosis and Therapy", 17th ed., Whitehouse Station, NJ, Merck Research Laboratories, 1999.
19. US National Institute of Standards and Technology, "Special Publication 800-30: Risk Management Guide" (Draft), 2001.
20. Thomas, R. (ed.), "Old Farmer's Almanac", William Ware & Co., Boston, 1900.
21. Peltier, T., "Information Security Risk Analysis", Boca Raton, Fla: Auerbach Publications, 2001.
22. Porter, R., "The Greatest Benefit to Mankind", New York, W.W. Norton & Company, 1997.
23. Shimpi, P., "Integrating Corporate Risk Management, New York, Texere, 1999.
24. Storey, N., "Safety-Critical Computer Systems", Reading, Mass.: Addison-Wesley, 1996.