Information modeling for automated risk analysis

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4237 LNCS, Issue , 2006, Pages 228-239

  Olivers, Howard ^a  

^a CRANFIELD UNIVERSITY   (United Kingdom)

Author keywords

Communication; Information; Model; Risk; Security; Service oriented; Threat

Indexed keywords

COMPUTATION THEORY; COMPUTER CRIME; INFORMATION ANALYSIS; MATHEMATICAL MODELS; SECURITY OF DATA; COMMUNICATION; INFORMATION THEORY; MOBILE SECURITY; MODELS; RISK ASSESSMENT; RISKS;

FORMAL INFORMATION MODELING; SECURITY REQUIREMENTS; SYSTEMATIC SECURITY; THREAT PATHS; COMMUNICATIONS SECURITY; INFORMATION; INFORMATION MODELLING; SECURITY; SECURITY ENVIRONMENTS; SERVICE ORIENTED; THREAT;

RISK ASSESSMENT; RISK ANALYSIS;

EID: 33845197906     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11909033_21     Document Type: Conference Paper

References (14)

1. Information Security Management Part 2 Specification for information security management systems, British Standards Institution, BS 7799-2:1999.
2. Risk Management Guide for Information Technology Systems, National Institute of Standards and Technology (NIST), SP 800-30. January 2002. http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf (accessed January 2006)
3. Chivers, H. and Fletcher, M., Applying Security Design Analysis to a Service Based System. Software Practice and Experience: Special Issue on Grid Security, 2005. 35(9). 873-897.
4. Chivers, H. and Jacob, J. Specifying Information-Flow Controls, Proceedings of the Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05), Columbus, Ohio, USA. IEEE Computer Society, 2005; 114-120.
5. Chivers, H., Security Design Analysis, Thesis at Department of Computer Science, The University of York, York, UK, available on-line at http://www.cs.york.ac.uk/ftpdir/reports/YCST-2006-06.pdf, (accessed July 2006). p. 484. 2006
6. Baskerville, R., Information Systems Security Design Methods: Implications for Information Systems Development. ACM Computing Surveys, 1993.25(4). 375-414.
7. CRAMM Risk Assessment Tool Overview, Insight Consulting Limited, available at http://www.cramm.com/riskassesment.htm (accessed May 2005)
8. Dimitrakos, T., Raptis, D., Ritchie, B., and Stølen, K. Model-Based Security Risk Analysis for Web Applications: The CORAS approach, Proceedings of the EuroWeb 2002, St Anne's College, Oxford, UK. (Electronic Workshops in Computing). British Computer Society, available on-line at http://ewic.bcs.org/conferences/2002/euroweb/index.htm (accessed January 2006), 2002.
9. Swiderski, F. and Snyder, W., Threat Modelling. Microsoft Professional. 2004: Microsoft Press.
10. Jürjens, J. Towards Development of Secure Systems Using UMLsec, Proceedings of the Fundamental Approaches to Software Engineering : 4th International Conference, FASE 2001 : Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2001, Genova, Italy. (Lecture Notes in Computer Science vol 2029). Springer-Verlag, 2001.
11. Kalloniatis, C. Security Requirements Engineering for e-Govemment Applications: Analysis of Current Frameworks, Proceedings of the Electronic Government: Third International Conference, EGOV 2004, Zaragoza, Spain. (Lecture Notes in Computer Science vol 3183 / 2004), Springer-Verlag, 2004; 66-71.
12. Schaefer, M. Symbol Security Condition Considered Harmful, Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA. IEEE Computer Society, 1989; 20-46.
13. Mayfield, T., Roskos, J. E., Welke, S. R., and Boone, J. M., Integrity in Automated Information Systems, National Computer Security Center (NCSC), Technical Report 79-91. http://www.radium.ncsc.mil/tpep/library/rainbow/C-TR-79- 91.txt (accessed January 2006)
14. Jacob, J. L. On The Derivation of Secure Components, Proceedings of the 1989 IEEE Symposium on Security and Privacy. IEEE Computer Society, 1989; 242-247.