A security risk analysis model for information systems

Lecture Notes in Artificial Intelligence (Subseries of Lecture Notes in Computer Science)

Volumn 3398, Issue , 2005, Pages 505-513

  In, Hoh Peter ^a   Kim, Young Gab ^a   Lee, Taek ^a   Moon, Chang Joo ^a   Jung, Yoonjung ^b   Kim, Injung ^b  

^a Korea University   (South Korea)

^b National Security Research Institute (NSRI)   (South Korea)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER SIMULATION; COMPUTER SOFTWARE; DATA PRIVACY; OPTIMIZATION; RISK MANAGEMENT;

SECURITY RISKS; SOFTWARE RISK MANAGEMENT TECHNIQUES;

SECURITY OF DATA;

EID: 26844539351     PISSN: 03029743     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1007/978-3-540-30585-9_56     Document Type: Conference Paper

References (11)

1. GAO, "Information Security Risk Assessment - Practices of Leading Organizations," Case Study 3, GAO/AIMD-00-33, 1999. 11.
2. NIST, "Guide for Selecting Automated Risk Analysis Tools", NIST-SP-500-174, Oct. 1989.
3. FIPS-191, "Specifications for Guideline for The Analysis Local Area Network Security," NIST, Nov. 1994.
4. NIST, "Risk Management Guide for Information Technology Systems," NIST-SP-800-30, 2001.10.
5. FIPS-65, "Guidelines for Automatic Data Processing Risk Analysis, NIST, 1975
6. GAO, Information Security Risk Assessment - Practices of Leading Organizations, Exposure Draft, U.S. General Accounting Office, August 1999.
7. BSI, BS7799 - Code of Practice for Information Security Management, British Standards Institute, 1999.
8. CRAMM, "A Practitioner's View of GRAMM," http://www.gammassl. co.uk/.
9. ISO/IEC JTC 1/SC27, Information technology - Security technique - Guidelines for the management of IT security (GMITS) - Part 3: Techniques for the management of IT security, ISO/IEC JTC1/SC27 N1845, 1997. 12. 1.
10. R.S. Arnold, S. A. Bohner, "Impact Analysis - Towards a Framework for Comparison," Proceedings of Conference on Software Maintenance, IEEE CS Press, Los Alamitos, CA, pp. 292-301 1993.
11. G. Stoneburner, A. Goguen, A. Feringa, "Risk Management Guide for Information Technology Systems," Special Publication 800-30, National Institute of Standards and Technology, October 2001.