A novel security risk evaluation for information systems

Proceedings - 2007 Japan-China Joint Workshop on Frontier of Computer Science and Technology, FCST 2007

Volumn , Issue , 2007, Pages 67-73

  Gan, Zaobin ^a   Tang, Jiufei ^a   Wu, Ping ^a   Varadharajan, Vijay ^b  

^a HUAZHONG UNIVERSITY OF SCIENCE AND TECHNOLOGY   (China)

^b MACQUARIE UNIVERSITY   (Australia)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER SCIENCE; INFORMATION SCIENCE; INFORMATION SYSTEMS;

AUTOMATIC EVALUATION; EVALUATION METHODS; LEAF NODE; MULTI ATTRIBUTE UTILITY THEORY (MAUT); NOVEL METHODS; QUANTITATIVE RISK; RISK VALUES; SECURITY RISKS;

COMPUTERS;

EID: 47349092109     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/FCST.2007.9     Document Type: Conference Paper

References (20)

1. F. Harmantzis, M. Malek. Security risk analysis and evaluation. In: proceedings of the IEEE International Conference on Communications, 20-24 June 2004, IEEE Computer Society Press, Vol. 4:1897-1901
2. K. Soo Hoo. How much is enough? A risk management approach to computer security, working paper. http://cisac.stanford.edu/docs/
3. B. Schneier. Attack trees: Modeling security threats. DrDobbs Journal, Dec., 1999
4. Jerald Dawkins, John Hale. A Systematic Approach to Multi-Stage Network Attack Analysis. In: Proceedings of the Second IEEE International Information Assurance Workshop (IWIA04), 8-8 April 2004 IEEE Computer Society Press: 48 C 56
5. Shelby Evans, James Waller. Risk-based Security Engineering through the Eyes of the Adversary. In: Proceedings of the sixth IEEE Systems, Man and Cybernetics Information Assurance Workshop. 15-17 June 2005. West Point, NewYork. IEEE Computer Society Press, 2005: 158- 165
6. Buckshaw, et al. Mission Oriented Risk and Design Analysis for Critical Information Systems, Innovative Decisions, Inc, Technical Report 2004-02, September, 2004.
7. ISO. ISO/IEC 17799: Information Technology - Security Techniques - Code of Practice for Information Security Management, 2005
8. Gary Stoneburner, Alice Goguen, andAlexis Feringa. Risk Management Guide for Information Technology Systems. NIST Special Publication 800-30. July 2002
9. BSI. BS7799 C Code of Practice for Information Security Management, British Standards Institute, 1999
10. SSE-CMM Model Description Document Version 3.0. Carnegie Mellon University. June 15, 2003
11. Microsoft Corporation. The Microsoft Security Risk Management Guide v 1.1. October 25, 2004
12. CRAMMV5C http://www.cramm.com/
13. COBRA C http://www.riskworld.net/
14. RiskWatch Chttp://www.riskwatch.com/
15. Callio Secura C http://www.callio.com/
16. Proteus Professional: http://www.patronglobal.com/
17. InfoGuard AG. Information Security Management System and Risk Analysis / Risk Management ToolsSoftware Evaluation Report. 01.03.2004.
18. Mehmet Sahinoglu. Security Meter: A Practical Decision-Tree Model to Quantify Risk. IEEE Security & Privacy, pp. 14-24, May/June 2005 Vol. 32, no. 8/9, pp. 365-376, 2004
19. Stuart E. Schechter. Toward Econometric Models of the Security Risk from Remote Attacks. IEEE Security & Privacy, January/February 2005: 40 - 44
20. Hong Xu, J.B. Dugan. Combining Dynamic Fault Trees and Event Trees for Probabilistic Risk Assessment. In: Proceedings of the 2004 Annual Symposium Reliability and Maintainability. 2004: 214-219