Mission Oriented risk and Design Analysis of critical information systems

Military Operations Research

Volumn 10, Issue 2, 2005, Pages 19-38

  Buckshaw, Donald L ^a   Parnell, Gregory S ^b   Unkenholz, Willard L ^c   Parks, Donald L ^c   Wallner, James M ^d   Saydjari, O Sami ^d  

^a Innovative Decisions Inc

^b UNITED STATES MILITARY ACADEMY   (United States)

^c Department of Defense ^*

^d Cyber Defense Agency

Author keywords

[No Author keywords available]

Indexed keywords

EID: 33144462443     PISSN: 02755823     EISSN: None     Source Type: Journal    
DOI: 10.5711/morj.10.2.19     Document Type: Review

References (32)

1. Amoroso, E., 1994, Fundamentals of Computer Security Technology, Englewood Cliffs, New Jersey: Prentice-Hall.
2. Beauregard, J. E., Deckro, D. F., and Chambal, S. P., 2002, Modeling Information Assurance: An Application, Military Operations Research, 7 (4) 35-55.
3. Buckshaw, D., Buede, D., and Parnell, G., 2004, "An Analysis of Methodologies to Create a Multiple Adversary Risk Model for Information Assurance." Unpublished white paper.
4. Buckshaw, D., Parnell, G., Smith, G., Unkenholz, W. L., and Parks, D. L., "Comparison of Aggregation Techniques for Mission Oriented Risk and Design Analysis (MORDA) Attack Values," Innovative Decisions, Inc, Technical Report 2004-04, September, 2004.
5. Buede, D. M., 2000, The Engineering Design of Systems: Methods and Models, New York: Wiley.
6. th International Conference of Software Engineering, Orlando, Florida.
7. Cohen, F., 1997, "Information System Attacks: A Preliminary Classification Scheme," Computer & Security, Vol. 16, No. 1, 1997, pp. 29-46.
8. Design Analysis Working Group (DAWG), National Security Agency, 2004, "A Comparison of Risk Assessment Methodologies," unpublished white paper.
9. Decision Programming Language Fault Tree Version (DPLf) User Manual, 1998, Version 4.0.
10. Department of Defense, 1998, Joint Chiefs of Staff, Joint Publication 3-13, Joint doctrine for Information Operations, Washington: Pentagon.
11. Hamill, T. J., 2000, Modeling Information Assurance: A Value Focused Thinking Approach, MS Thesis, AFIT/GOR/ENS/00M-15, Air Force Institute of Technology, Wright-Patterson AFB, Ohio.
12. Hamill, T. J., Deckro, R. F., Kloeber, J. M., Kelso, T. S., 2002, "Risk Management and the Value of Information in A Defense Computer System," Military Operations Research, 7 (2) 61-82.
13. Information Assurance Technical Framework (ITAF) Release 3.1, September 2002, National Security Agency, Ft Meade, Maryland.
14. Keeney, R. L., 1992, Value-Focused Thinking: A Path to Creative Decisionmaking. Cambridge, Massachusetts: Harvard University Press.
15. Keeney, R. L., and Raiffa, H., 1976, Decision Making with Multiple Objectives: Preferences and Value Tradeoffs, New York: Wiley.
16. Kirkwood, C. W., 1997, Strategic Decision Making: Multiobjective Decision Analysis with Spreadsheets, Belmont, California: Duxbury Press.
17. Kuskey, K., 2000, Balance-Beam Scoring versus the Expert Choice Ratings Method: A Case Study, unpublished manuscript.
18. Lund, L., Unkenholz, W., Parks, D., Bowers, C., Brill, H., and Garner, B., 1996, "O'er the RAMparts We Watch: An Introduction to the Risk Analysis Model (RAM)," National Security Agency.
19. Maconachy, W. V., Schou, C. D., Ragsdale, D., and Welch, D., June 2001, "A Model for Information Assurance: An Integrated Approach," Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, New York.
20. McClure, S. 2003. Hacking Exposed: Network Security Secrets and Solutions, New York, McGraw Hill.
21. th National Computer Security Conference. National Institute of Standards and Technology, Baltimore, MD.
22. Moore, A. P., Ellison, R. J., and Linger, R. C., March 2001, Attack Modeling for Information Security and Survivability (CMU/SEI-2001-TN-001), Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University.
23. National Security Agency Information Assurance Solutions Technical Directors, 2002, Information Assurance Technical Framework 3.1.
24. Parnell, G., 2005, Draft Chapter 20-Value-Focused Thinking with Multiple Objective Decision Analysis, Methods for Conducting Military Operational Analysis: Best Practices in Use Throughout the Department of Defense, Military Operations Resarch Society, Forthcoming.
25. Salter, C., Saydjari, O., Schneier, B., and Wallner, J., September 1998, "Toward a Secure System Engineering Methodology," New Security Paradigms Workshop. Technical Report, Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419.
26. Schneier, B., December 1999, "Attack Trees: Modeling Security Threats," Dr. Dobbs Journal of Software Tools 24, 12, 21-29.
27. Schneier, B., 2000, Secrets & Lies: Digital Security in a Networked World, New York: Wiley & Sons.
28. Soo Hoo, K. J., June 2000, "How Much Is Enough? A Risk-Management Approach to Computer Security." Report of the Consortium for Research on Information Security and Policy, Center for International Security and Cooperation, Stanford University, California.
29. Stoneburner, G., Goguen, A. and Feringa, A., 2001. Risk Management Guide for Information Systems, Washington D.C.: National Institute for Standards and Technology.
30. Snyder, F. J., Parnell, G. S., & Klimack, W. K., "Modeling the Cost Objective in Multiple Objective Decision Analysis," United States Military Academy at West Point, November 2002.
31. Unkenholz, Willard, 1989, Vulnerability Tree Analysis Methodology, Unpublished Manuscript.
32. Watson, S. R. and Buede, D. M., 1987, Decision Synthesis: The Principles and Practice of Decision Analysis, Cambridge, England: Cambridge University Press.