A mathematical framework for risk assessment

New Technologies, Mobility and Security

Volumn , Issue , 2007, Pages 459-469

  Benini, Marco ^a   Sicari, Sabrina ^a  

^a UNIVERSITY OF INSUBRIA   (Italy)

Author keywords

[No Author keywords available]

Indexed keywords

MATHEMATICAL FRAMEWORKS; QUANTITATIVE EVALUATION; RISK ASSESSMENT METHODOLOGIES; SECURE SYSTEM; SUBJECTIVE ASPECTS; SUBJECTIVE JUDGEMENT;

RISK ASSESSMENT;

EID: 50849089642     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1007/978-1-4020-6270-4_38     Document Type: Conference Paper

References (21)

1. Redmill, F.: Risk analysis: A subjective process. Engineering Management Journal 12(2) (April 2002) 91-96
2. Sicari, S., Balzarotti, D., Monga, M.: Assessing the risk of using vulnerable components. In Gollmann, D., Massacci, F., Yautsiukhin, A., eds.: Quality of Protection. Security Measurements and Metrics, New York, NY, USA, Springer-Verlag (June 2006) 65-78
3. Howard, M., Leblanc, D.: Writing Secure Code. Microsoft Press (2003)
4. Moore, A., Ellison, R.: Survivability through intrusion-aware design. Technical Report 2001-TN- 001, CERT Coordination Center (2001)
5. Schneier, B.: Modelling security threats. Dr. Dobb's Journal (December 1999)
6. Alberts, C., Dorofee, A., Stevens, J., Woody, C.: Introduction to the Octave approach (October 2003)
7. den Braber, F., Dimitrakos, T., Gran, B., Lund, M., Stølen, K., Aagedal, J.: The CORAS methodology: Model-based risk management using UML and UP. In Favre, L., ed.: UML and the Unified Process. IRM Press (2003) 332-357
8. Jenkins, B.: Risk analysis helps establish a good security posture; risk management keeps it that way (1998) White paper.
9. Siu, T.: Risk-eye for the IT security guy (February 2004)
10. Sharp, G., Enslow, P., Navathe, S., Farahmand, F.: Managing vulnerabilities of information system to security incidents. In: ICEC '03: Proceedings of the 5th International Conference on Electronic Commerce, New York, NY, USA, ACM Press (2003) 348-354
11. Baskerville, R.: Information system security design methods: Implications for information systems development. ACM Computing Survey 25(4) (1993) 375-412
12. Evans, S., Heinbuch, D., E.Kyle, Piorkowski, J., J.Wallener: Risk-based system security engineering: Stopping attacks with intention. IEEE Security &Privacy Magazine 2(6) (2004) 59-62
13. Moskowitz, I., Kang, M.: An insecurity flow model. In: NSPW '97: Proceedings of the 1997 Workshop on New Security Paradigms, New York, NY, USA, ACM Press (1997) 61-74
14. Noel, S., Jajoidia, S., O'Berry, B., Jacobs, M.: Efficient minimum-cost network hardening via exploit dependency graphs. In: ACSAC '03: Proceedings of 19th Annual Computer Security Applications Conference, IEEE Computer Society (2003) 86-95
15. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: SP'02: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Washington, DC, USA, IEEE Computer Society (2002) 273-284
16. Benini, M., Sicari, S.: Risk assessment: Intercepting VoIP calls. In: Proceedings of the VIPSI 2007 Venice Conference. (March 2007) To appear.
17. Arshad, S., Shoaib, M., Shah, A.: Web metrics: The way of improvement of quality of non web-based systems. In Arabnia, H.R., Reza, H., eds.: SERP'06: Proceedings of the International Conference on Software Engineering Research and Practice. Volume 2., CSREA Press (2006) 489-495
18. Fenton, N.: Software measurement: A necessary scientific basis. IEEE Transactions on Software Engineering 20(3) (1994) 199-206
19. Fenton, N., Neil, M.: Making decisions: Bayesian nets and mcda. Knowledge-Based Systems 14(7) (November 2001) 307-325
20. Biswas, G., Debelak, K., Kawamura, K.: Application of qualitative modelling to knowledgebased risk assessment studies. In Ali, M., ed.: IEA/AIE'89: Proceedings of the Second International Conference on Industrial and Engineering Applications of Artificial Intelligence and Expert Systems. Volume 1., New York, NY, USA, ACM Press (1989) 92-101
21. Sahinoglu, M.: Security meter: A practical decision-tree model to quantify risk. IEEE Security &Privacy 3(3) (May/June 2005) 18-24