Security analysis of Internet technology components enabling globally distributed workplaces - A framework

ACM Transactions on Internet Technology

Volumn 8, Issue 4, 2008, Pages

  Gupta, Manish ^a   Banerjee, Shamik ^b,e   Agrawal, Manish ^c   Rao, H Raghav ^d,f  

^a M and T Bank   (United States)

^b Conagra Foods Inc ^*  (Canada)

^c UNIVERSITY OF SOUTH FLORIDA   (United States)

^d UNIVERSITY AT BUFFALO   (United States)

^e Conagra Foods Incorporated ^*  (United States)

^f State University of New York   (United States)

Author keywords

Globally distributed workforce; Internet applications; Risk management; Security analysis

Indexed keywords

GLOBALLY DISTRIBUTED WORKFORCE; INTERNET APPLICATIONS; RISK MANAGEMENT; SECURITY ANALYSIS;

INDUSTRIAL ENGINEERING; INTERNET; SENSITIVITY ANALYSIS; SOCIETIES AND INSTITUTIONS; THREE DIMENSIONAL;

ARSENIC;

EID: 53949123562     PISSN: 15335399     EISSN: 15576051     Source Type: Journal    
DOI: 10.1145/1391949.1391951     Document Type: Article

References (43)

1. AGRAWAL, M., KUO, C.-J., NAM, K., AND RAO, H. R. 2003. Electronic commerce infrastructure. Encyclopedia of Information Systems, H. Bidgoli, ed. Academic Press, 29-46.
2. AHITUV, N. 1980. A systematic approach toward assessing the value of an information system. MIS Q. 4, 61-75.
3. ALBERTS, C. AND DOROFEE, A. 2002. Managing Information Security Risks, The OCTAVE Approach. Addison Wesley Longman.
4. AXELROD, W. 2007. Analyzing risks to determine a new return on security investment. Managing Information Assurance in Financial Services, H.R. Rao et al. eds., Idea Group, Hershey, PA, 6-36.
5. BASS, L., CLEMENTS, P., AND KAZMAN, R. 2003. Software Architecture in Practice. Addison Wesley Longman.
6. BROADBENT, M., WEILL, P., AND CLAIR, D. S. 1999. The implications of information technology infrastructure for business process redesign. MIS Q. 23, 159-182.
7. AMPBELL, H. 1998. Risk assessment: Subjective or objective? Eng. Sei. Edu. J. 7, 57-63.
8. EPARTMENT OF DEFENSE. 1984. Procedures for performing failure mode effects and criticality analysis, http://www.fmeainfocentre.com/ handbooks/milstd1629.pdf.
9. EPARTMENT OF HOMELAND SECURITY. 2006. Homeland Security Advisory System.
10. EARL, M. J. 2002. The risks of outsourcing IT. Sloan Manag. Rev. 37, 26-32.
11. EKANAYAKA, Y., CURRIE, W., AND SELTSIKAS, P. 2002. Delivering enterprise resource planning systems through ASPs. J. Logistics Inf. Manag. 15, 192-203.
12. ELKY, S. 2006. An introduction to information system risk management. SANS Institute, 16.
13. EMMERICH, W 2002. Distributed component technologies and their software engineering implications. In Proceedings of the International Conference on Software Engineering, Orlando, FL, ACM, 537-546.
14. FELLER, W. 1950. An Introduction to Probability Theory and its Applications. John Wiley and Sons, New York.
15. FELTEN, E. W., BALFANZ, D., DEAN, D., AND WALLACH, D. S. 1997. Web spoofing: An Internet con game. In Proceedings of the 20th National Information Systems Security Conference, Baltimore, MD.
16. FREEMAN, J. W., DARR, T. C., AND NEELY, R. B. 1997. Risk assessment for large heterogeneous systems. In Proceedings of the Computer Security Applications Conference, 44-53.
17. GOKHALE, S. AND TRIVEDI, K. S. 2002. Reliability prediction and sensitivity analysis based on software architecture. In Proceedings of the International Symposium on Software Reliability Engineering (ISSRE'02), Annapolis, MD.
18. GOSEVA-POPSTOJANOVA, K., MATHUR, A. P., AND TRIVEDI, K. S. 2001. Comparison of architecture-based software reliability models. In Proceedings of the 12th IEEE International Symposium on Software Reliability Engineering (ISSRE'01), Hong Kong.
19. GOSEVA-POPSTOJANOVA, K. AND TRIVEDI, K. S. 2001. Architecture based approach to reliability assessment of software systems. Perform. Eval. 45.
20. GUPTA, M., RAO, H. R., AND UPADHYAYA, S. 2004. Electronic banking and information assurance issues: Survey and synthesis. J. Organiz. End User Comput. 16, 1-21.
21. HAGEL III, J. AND BROWN, J. S. 2001. Your next IT strategy. Harvard Bus. Rev., 105-113.
22. M, G. P. AND BASKERVILLE, R. L. 2005. A longitudinal study of information system threat categories: The enduring problem of human error. ACM SIGMIS Database 36, 68-79.
23. NTERNATIONAL SECURITY TECHNOLOGY (IST INC) 2000. Managing risks using CORA.
24. JARVENPAA, S. AND LEIDNER, D. Communication and trust in global virtual teams. Organiz. Sci. 10, 791-815.
25. KARABACAK, B. AND SOGUKPINAR, I. ISRAM: Information security risk analysis method. Comput. Secur. 24, 147-159.
26. KUMAMOTO, H. AND HENLEY, E., 1996. Probabilistic Risk Assessment for Engineers and Scientists. IEEE.
27. KUZMANOVIC, A., DUMITRIU, D., KNIGHTLY, E., STOICA, I., AND ZWAENEPOEL, W. 2005. Denial-of-service resilience in peer-to-peer file sharing systems. In Proceedings of the ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems.
28. AO, G. AND WANG, L. 2007. Security risk management strategy of financial services institutions. Managing Information Assurance in Financial Services, In H. R. Rao et al. eds. Idea Group, Hershey, PA.
29. ARKOWITZ, H. M. 1991. Portfolio Selection: Efficient Diversification of Investments. Blackwell.
30. CILROY, M. D. 1968. Mass-Produced software components. In Proceedings of the North Atlantic Treaty Organisation (NATO) Conference on Software Engineering, Garmisch-Partenkirchen, NATO Science Commitee, 138-150.
31. ICROSOFT. 2006. Security Risk Management Guide. Microsoft, Redmond, WA.
32. NEUMANN, P. G. 1995. Computer-Related Risks. ACM, New York.
33. PAWLOWSKI, S., ROBEY, D., AND RAVEN, A. 2000. Supporting shared information systems: Boundary objects, communities, and brokering. In Proceedings of the 21st International Conference on Information Systems (ICIS), Brisbane, Australia, 329-338.
34. SAHAJPAL, G., AGRAWAL, M., KISHORE, R., AND RAO, H. R. 2006. Business process offshoring to India: An overview. Outsourcing, In A. Heinzl et al. eds.
35. SESHASAI, S., MALTER, A. J., AND GUPTA, A. 2006. The use of information systems in collocated and distributed teams: A test of the 24-hour knowledge factory. In Proceedings of the SSRN eLibrary, SSRN.
36. SHARMA, V. S. AND TRIVEDI, K. S. 2005. Architecture based analysis of performance, reliability and security of software systems, In Proceedings of the 5th ACM International Workshop on Software and Performance (WOSP), Palma de Mallorca, Spain.
37. SHAW, M. AND GARLAN, D. 1996. Software Architecture: Perspectives on an Emerging Discipline. Prentice-Hall, Upper Saddle River, NJ.
38. SITKLN, S. B. AND PABLO, A. L. Reconceptualizing the determinants of risk behavior. Academ. Manag. Rev. 17, 9-38.
39. STOLEN, K., BRABER, D., F, L., AND AAGEDAL, J. 2002. Model-Based risk assessment-The CORAS approach.
40. STONEBURNER, G., GOGUEN, A., AND FERINGA, A. 2002. Risk management guide for information technology systems, National Institute for Standards and Technology, Gaithersburg, MD, 55.
41. TANNA, G., GUPTA, M., RAO, H. R., AND UPADHYAYA, S. 2005. Information assurance metric development framework for electronic bill presentment and payment systems using transaction and workflow analysis. Decision Support Syst. 41, 242-261.
42. TYGAR, J. D. AND WHITTEN, A. 1996. WWW electronic commerce and Java trojan horses. In Proceedings of the Second USENLX Workshop on Electronic Commerce.
43. WEIDENHAUPT, K., POHL, K., JARKE, M., AND HAUMER, P. 1998. Scenarios in system development: Current practice. IEEE Softw. 34-45.