Computer and network security risk management: Theory, challenges, and countermeasures

International Journal of Communication Systems

Volumn 18, Issue 8, 2005, Pages 763-793

  Hamdi, Mohamed ^a,c,d   Boudriga, Noureddine ^a,b  

^a UNIVERSITY OF CARTHAGE   (Tunisia)

^b UNIVERSITY OF CARTHAGE   (Tunisia)

^c Tunisian Digital Certification Agency   (Tunisia)

^d Risk Analysis Unit   (Tunisia)

Author keywords

Risk analysis; Risk management; Security countermeasures

Indexed keywords

INFORMATION SYSTEMS; INFRASTRUCTURES; RISK ANALYSIS; SECURITY COUNTERMEASURES;

COMPUTER ARCHITECTURE; INFORMATION SCIENCE; MATHEMATICAL MODELS; RISK MANAGEMENT; SECURITY OF DATA; TELECOMMUNICATION NETWORKS;

COMPUTER NETWORKS;

EID: 26644436729     PISSN: 10745351     EISSN: None     Source Type: Journal    
DOI: 10.1002/dac.729     Document Type: Article

References (25)

1. Gordon LA, Loeb MP, Lucyshyn W, Richardson R. 2004 CSI/FBI Computer Crime and Security Survey. Computer Security Institute/Federal Bureau of Investigation (CSI/FBI), available at: http://www.gocsi.com/awareness/fbi.jhtml
2. Campbell RP. A modular approach to computer security risk management. Proceedings of the AFIPS Conference, vol. 48. 1979; 293-304.
3. Summers R. Secure Computing. McGraw-Hill: New York, 1997.
4. Alberts CJ, Dorofee AJ. Managing Information Security Risks: the OCTAVE Approach. Addison Wesley Professional: Reading, MA, July 2002, ISBN: 0321118863.
5. Stolen K, den Braber F, Dimitrakos T, Fredriksen R, Gran BA, Houmb S-H, Stamatiou YC, Aagedal JO. Model-based risk assessment in a component-based software engineering process: the CORAS approach to identify security risks. In Business Component-Based Software Engineering. Franck Barbier (ed.). Kluwer Academic Publishers: Dordrecht, 2003; 189-207.
6. Hamdi M, Boudriga N, Kriche J, Tounsi M. NetRAM: a novel method for network security risk management. Nordic Workshop on Secure IT Systems (NordSec), Gjovik, Norway, 2003.
7. Ozier W. Risk analysis and assessment. Handbook of Information Security, Chapter 15 (4th edn). Auerbach Publications, October 1999; 247-285, ISBN: 0849398290.
8. Krsul I, Spafford E, Tripunitara M. Computer Vulnerability Analysis. Purdue University, COAST TR 98-07, 1998.
9. Bishop M, Dilger M. Checking for race conditions in file accesses. The Usenix Association, Computing Systems, Spring 1996; 131-152.
10. Viega J, Mutdosch T, McGraw G. Statically scanning Java code: finding security vulnerabilities. IEEE Software 2000; 17(5):68-74.
11. Ghosh AK, McGraw GE, Charron FH, Schatz MA. Towards analyzing security-critical software during development. Technical Report RSTR-96-023-01, RST Corporation, December 1996.
12. Schumacher M, Hall C, Hurler M, Buchmann A. Data mining in vulnerability databases, March 2000.
13. Schneier B. Secrets and Lies: Digital Security in a Networked World. Wiley: New York, 2001, ISBN: 0471253111.
14. Tidwell T, Larson R, Fitch K, Hale J. Modeling internet attacks. Proceedings of the IEEE Workshop on Information Assurance and Security, U.S.A., June 2001.
15. Moore AP, Ellison RJ, Linger RC. Attack modeling for information security and survivability. CMU/SEI Technical Report, CMU/SEI-2001-TN-01, March 2001, available at: http://www.sei.cmu.edu/about/website/indexes/siteIndex/ siteIndexTR.html
16. Me Dermott J. Attack net penetration testing. The 2000 New Security Paradigms Workshop, Ballycotton, Country Cork, Ireland, September 2000.
17. Steffan J, Schumacher M. Collaborative attack modeling. Proceedings of the 2002 ACM Symposium on Applied Computing, Madrid, Spain, 2002; 253-259, ISBN:1-58113-445-2.
18. Braynov S, Jadiwala M. Representation and analysis of coordinated attacks. Workshop on Formal Methods in Security Engineering, ACM CCS, Washington, DC, U.S.A., October 2003.
19. Peltier TR. Information Security Risk Analysis. Auerbach Editions, Philadelphia, PA, 2001, ISBN: 0-8493-0880-1.
20. Fessi BA, Hamdi M, Benabdallah S, Boudriga N. A decisional framework system for computer network intrusion detection. Conference on Multi-Objective Programming and Goal Programming, Hammamet, Tunisia, 2004.
21. Lee W, Miller M, Stolfo S, Jallad K, Park C, Zadok E, Prabhakar V. Toward cost-sensitive modeling for intrusion detection. Journal of Computer Security 2002; 10(1-2):5-22, ISSN: 0926-227X.
22. Wei H, Frinke D, Carter O, Ritter C. Cost benefit analysis for network intrusion detection systems. CSI 28th Annual Computer Security Conference, Washington, DC, October 2001.
23. Hamdi M, Boudriga N. Algebraic specification of network security risk management. First ACM Workshop on Formal Methods in Security Engineering, Washington, DC, 2003.
24. Stoneburner G, Goguen A, Feringa A. Risk Management Guide for Information Technology Systems. National Institute of Standards and Technology, Special Publication 800-30, 2001.
25. Hamdi M, Boudriga N. An abstract reduction model for computer security risk. IFIP World Computer Congress, WCC-SEC, Toulouse, France, 2004.