A management perspective on risk of security threats to information systems

Information Technology and Management

Volumn 6, Issue 2-3, 2005, Pages 203-225

  Farahmand, Fariborz ^a   Navathe, Shamkant B ^a   Sharp, Gunter P ^b   Enslow, Philip H ^a  

^a Georgia Institute of Technology   (United States)

^b Georgia Institute of Technology   (United States)

Author keywords

Business; Cost; Information system; Management; Security; Threat

Indexed keywords

EID: 19544371722     PISSN: 1385951X     EISSN: None     Source Type: Journal    
DOI: 10.1007/s10799-005-5880-5     Document Type: Article

References (36)

1. British Security Standard, BS 7799 (British Standards, 1999).
2. V. Ahuja, Building trust in electronic commerce, IT Professional 2(3) (2000) 61-63
3. T. Bui and T.R. Sivasankaran, Cost-effectiveness modeling for a decision support system in computer security, Computers and Security 6 (1987) 139-151.
4. R.P. Campbell and G.A. Sands, A Modular Approach to Computer Security Risk Management, in: AFIPS National Computer Conference (1979) 293-303.
5. Cohen (1997) http://citeseer.nj.nec.com/lee00toward.html
6. R. Elmasri and S.B. Navathe, Fundamentals of Database Systems, ed. 4 (Addison Wesley, 2004).
7. G. Eschellbeck, Active Security A Proactive Approach for Computer Security Systems, Journal of Network and Computer Applications 23(2000) 109-130.
8. F. Farahmand, S.B. Navathe and P.H. Enslow, Electronic commerce and security - A management perspective, in: ISS/INFORMS Seventh Annual Conference on Information Systems and Technology (San Jose, 2002).
9. F. Farahmand, S.B. Navathe, Gunter P. Sharp and P.H. Enslow, Managing Vulnerabilities of Information Systems to Security Incidents, in: ACM International Conference on Electronic Commerce, ICEC 2003 (Pittsburgh, Sept. 2003) 348-354.
10. F. Farahmand, W.J. Malik, S.B. Navathe and P.H. Enslow, Security Tailored to the Needs of Business, in: ACM Workshop on Business Driven Security Engineering (BIZSEC) (2003).
11. D.F. Ferraiolo, R. Sandhu, S. Gavrila, D.R. Kuhn and R. Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security (TISSEC) 4(3) (2001) 224-274.
12. R.L. Field, Issues in the Law of Electronic Commerce, Networker (ACM Press) 1(3) (1997) 28-37.
13. A.K. Ghosh and T.M. Swaminatha, Software security and privacy risks in mobile e-commerce, Communications of the ACM 44(2) (2001) 51-57.
14. R. Henning, Security Service Level Agreements: Quantifiable Security for the Enterprise? in: ACM Proceedings of the 1999 Workshop on New Security Paradigm (Sept. 1999) 54-60.
15. ISO, Information Processing Systems-Open Systems Interconnection-Basic Reference Model, Part 2: Security Architecture, ISO 7498-2 (1989).
16. J. Joshi et al., Security Models for Web-Based Applications, Communications of the ACM 44(2) (2001) 38-44.
17. C.E. Landwehr et al., A Taxonomy of Computer Program Security Flaws, with Examples, Naval Research Laboratory (Nov. 1993).
18. C.E. Landwehr and D.M. Goldschlag, Security Issues in Networks with Internet Access, in: Proceedings of the IEEE 85(12) (1997) 2034 2034-2051 10.1109/5.650183
19. S. Lichtenstein, Internet Risks for Computers, Computers & Security 17 (1998) 143-150.
20. U. Lindqvist and E. Jonsson, How to systematically classify computer security intrusions, IEEE Symposium on Security and Privacy (1997) 154-163.
21. N. Linketscher and M. Child, Trust issues and user reactions to e-services and e-marketplaces: A customer survey, IEEE 12th International Workshop on Database and Expert Systems Applications (2001) 752-756.
22. R. Lipmann, et al., The 1999 DARPA off-line Intrusion Detection Evaluation, Computer Networks 34 (2000) 579-595. 10.1016/ S1389-1286(00)00139-0
23. D.W. Manchala, E-commerce trust metrics and models, IEEE Internet Computing 4(2) (2000) 36-44. 10.1109/4236.832944
24. D.H. McKnight, C. Choudhury and C. Kacmar, Developing and Validating Trust Measures for e-Commerce: An Integrative Typology, Information Systems Research 13(3) (2002) 334-359. 10.1287/isre.13.3.334.81
25. P.G. Neumann and D.B. Parker, A Summary of Computer Misuse Techniques, in: Proceedings of the 12th National Computer Security Conference (Oct. 1989) 396-407. National Institute of Standards and Technology/National Computer Security Center.
26. National Bureau of Standards (NBS), Data Encryption Standards (FIPS Publ. 46, Jan 1977).
27. E. Orlandi, The Cost of Security, in: IEEE International Carnahan Conference on Security Technology (1991) 192-196.
28. E. Pate-Cornell and S. Guikema, Probabilistic Modeling of Terrorist Attacks: A System Analysis Approach to Setting Priorities Among Countermeasures, Military Operation Research (Oct. 2002).
29. C.P. Pfleeger, Security in Computing (Prentice Hall, 1997).
30. R. Power, Computer Security Issues & Trends, 2002 CSI/FBI Computer Crime and Security Survey VIII(1) (2002).
31. R.L. Rivest, A. Shamir and L.M. Adleman, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, CACM 21(2) (1978) 120-126.
32. H.J. Schummacher and S. Ghosh, A fundamental framework for network security, Journal of Network and Computer Applications (1997) 305-322.
33. G. Stonebumer, A. Goguen and A. Feringa, Risk Management Guide for Information Technology Systems (NIST Special Publications 800-30, 2001).
34. M. Swanson, et al., Security Metrics Guide for Information Technology Systems (NIST Special Publications 800-55, 2002).
35. C.J. Tarr, Cost effective perimeter security, security and detection, European Convention on Security and Detection (1995) 183-187.
36. C.C. Wood, et al., Computer Security: A comprehensive Control Checklist (John Wiley & Sons, 1987).