Assessing & quantifying the loss of network intrusion

Journal of Computer Information Systems

Volumn 45, Issue 2, 2004, Pages 36-43

  Kros, John R ^a   Foltz, Charles Bryan ^a   Metcalf, Cathrine L ^b  

^a EAST CAROLINA UNIVERSITY   (United States)

^b NOVA SOUTHEASTERN UNIVERSITY   (United States)

Author keywords

Bayesian influence diagram; Computer misuse; Computer security; Decision tree; Network security; Network security breach

Indexed keywords

BAYESIAN INFLUENCE DIAGRAM; COMPUTER MISUSE; DECISION TREE; NETWORK SECURITY; SECURITY BREACH;

APPROXIMATION THEORY; COMPUTER CRIME; FINANCE; INFORMATION ANALYSIS; SECURITY OF DATA; SOCIETIES AND INSTITUTIONS; TREES (MATHEMATICS);

COMPUTER NETWORKS;

EID: 13844275774     PISSN: 08874417     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (41)

1. American Bar Association. Report on Computer Crime. Pamphlet prepared by the Task force on Computer Crime, American Bar Association, Section on Criminal Justice, 1800 M Street, Washington, DC 20036, 1984.
2. Anthes, G. "Hack Attack: Cyberthieves Siphon Millions from U.S. Firms," Computerworld, 30:16, 1986, p. 81.
3. Baskerville, R. "Information Systems Security Design Methods: Implications for Information Systems Development," ACM Computing Surveys, 25:4, 1993, pp. 749-764.
4. CERT Coordination Center. CERT/CC Overview: Trends, on-line. Available: http://www.cert.org/present/certoverview-trends/.
5. th ed. Boston: Irwin/McGraw Hill, 1998, pp. 5-7, 20.
6. Dawes, R.M. Rational Choice in an Uncertain World. San Diego: Harcourt Brace Jovanovich, 1988.
7. Deloitte & Touché. "New E-commerce Study Reveals Key Management Issues," E-commerce Security: A Global Status Report, ISACA, Rolling Meadows, IL, 2000.
8. Drake, D.L. and K.L. Morse. "Applying the Eight-stage Risk Assessment Methodology to Firewalls," monograph, Science Applications International Corp., San Diego, CA, 1996.
9. Drake, D.L. and K.L. Morse. "The Security-specific Eight Stage Risk Assessment Methodology," monograph, Science Applications International Corp., San Diego, CA, 1994.
10. Edwards, W. and D.V. Winterfeldt Decision Analysis and Behavioral Research. Cambridge, MA: Cambridge University Press, 1986.
11. Forcht, K.A. and W.C. Ayers. "Developing a Computer Security Policy for Organizational Use and Implementation," Journal of Computer Information Systems, 41:2, 2001, pp. 52-57.
12. Foroughi, A. and W.C. Perkins. "Ensuring Internet Security," Journal of Computer Information Systems, 37:1, 1997, pp. 33-38.
13. Hoffer, J.A. and D.W. Straub. "The 9 to 5 Underground: Are You Policing Computer Crime?" Sloan Management Review, 30:4, Summer 1989, pp. 35-44.
14. nd. Chichester: Wiley, 1987.
15. Kahai, P., M Gibson, and K. Swinehart. "Computer Usage Characteristics and Small Service Firms: An Exploratory Study," Journal of Computer Information Systems, 33:2, Winter 1992-1993, pp. 70-76.
16. Kahane, Y., S. Neumann, and C. Tapiero. "Computer Backup Pools, Disaster Recovery, and Default Risk," Communications of the ACM, 31:1, 1988.
17. Kulczycki, G. "Information Security," Management Accounting, LXXIX:6, 1997, pp. 18-24.
18. Loch, K.D., H.H. Carr, and M.E. Warkentin. "Threats to Information Systems: Today's Reality, Yesterday's Understanding," MIS Quarterly, 16:2, 1992, pp. 173-186.
19. Lundgren, T. "User System Secrity," Journal of Computer Information Systems, 34:3, 1994, pp. 51-54.
20. Panettieri, J.C. "Security," Information Week, November 27, 1995, pp. 32-40.
21. Parker, D.B. Computer Security Management. Upper Saddle River, NJ: Prentice Hall, 1981.
22. Parker, D.B. Crime by Computer. New York: Chas. Scribners Sons, 1976.
23. Parker, D.B. Fighting Computer Crime. New York: Chas. Scribners and Sons, 1983.
24. Power, R. 1999 CSI/FBI Computer Crime and Security Survey. San Francisco: Computer Security Institute, 1999.
25. Power, R. 2000 CWI/FBI Computer Crime and Security Survey. San Francisco: Computer Security Institute, 2000.
26. Power, R. 2001 CSI/FBI Computer Crime and Security Survey. San Francisco: Computer Security Institute, 2001.
27. Power, R. 2002 CSI/FBI Computer Crime and Security Survey. San Francisco: Computer Security Institute, 2002.
28. Rapalus, P. "Financial Losses Due to Internet Intrusions Trade Secret Theft and Other Cyber Crimes Soar," On-line. Available: http://www.gocsi.com/prelea_000321.htm.
29. Sanford, C. "Computer Viruses: Symptoms, Remedies, and Preventive Measures," Journal of Computer Information Systems, 22:3, 1993, p. 67.
30. Schwartz, E. Webonomics: Nine Essential Principles for Growing Your Business on the World Wide Web. New York: Broadway Books, 1997, pp. 190-218.
31. Schwartz, K. "Hackers are Ubiquitous, Malicious and Taken Far Too Lightly, Experts Say," Government Computer News, 16:23, 1997, pp. 81-82.
32. Seymour, T.J. and E. Robinson. "International Viruses and the Computer Network," Journal of Computer Information Systems, 35:1, 1995, pp. 23-27.
33. Shipley, G. "How Secure is Your Network?" Network Computing," 2000, p. 58.
34. Steinke, G. "A Task-based Approach to Implementing Computer Security," Journal of Computer Information Systems, 38:1, 1998, pp. 47-54.
35. Straub, D. "Controlling Computer Abuse: An Empirical Study of Effective Security Countermeasures," Proceedings of the International Conference on Information Systems, Pittsburgh, PA, December 6-8, 1987, pp. 277-289.
36. Straub, D. Deterring Computer Abuse: The Effectiveness of Deterrent Countermeasures in the Computer Security Environment, Indiana University Graduate School of Business, Dissertation, Bloomington, IN, 1986.
37. Straub, D. "Effective IS Security: An Empirical Study," Information Systems Research, 1:3, 1990, pp. 255-276.
38. Straub, D.W. and R.J. Welke. "Coping with Systems Risk: Security Planning Models for Management Decision-making," MIS Quarterly, 22:4, 1998, pp. 441-469.
39. Tippett, P. "Calculating Risk," Information Security, 3, March 2001, pp. 36-38.
40. Vatis, M. Computer Security Threat on Rise. On-line. Available: http://www.desai.com/articles/security_threaton_rise.htm.
41. Whitman, M. "Enemy at the Gate: Threats to Information Security," Communications of the ACM, 46:8, 2003, pp. 91-95.