Using case-based reasoning for the design of controls for internet-based information systems

Expert Systems with Applications

Volumn 36, Issue 3 PART 1, 2009, Pages 5582-5591

  Lee, Sangjae ^a   Kim, Kyoung jae ^b  

^a Sejong University   (South Korea)

^b Dongguk University   (South Korea)

Author keywords

Case based reasoning (CBR); Controls; Internet based information systems (IIS); Recommendation of controls; Security

Indexed keywords

CONTROL ENGINEERING; DISCRIMINANT ANALYSIS; INFORMATION SYSTEMS; INFORMATION USE; MULTIVARIANT ANALYSIS;

CASE-BASED REASONER; CASEBASED REASONINGS (CBR); INTERNAL CONTROLS; INTERNET BASED; MULTIVARIATE DISCRIMINANT ANALYSIS; PREDICTIVE ACCURACY; SECURITY; SYSTEM ENVIRONMENT;

CASE BASED REASONING;

EID: 58349117665     PISSN: 09574174     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.eswa.2008.06.081     Document Type: Article

References (43)

1. Althoff, K. D., Auriol, E., Bergmann, R., Breen, S., Dittrich, S., & Johnston, R., et al. (1995). Case-based reasoning for decision support and diagnostic problem solving: The INRECA approach. In B. Bartsch-Sp rl, D. Janetzko & S. Wess (Eds.), Proceedings of the 3rd German workshop on CBR, LSA-Report 95-02, Centre for Learning and Applications, University of Kaiserlautern (pp. 63-72).
2. Chan, S., Govindan, M., Picard, J. Y., Leschiutta, E. (1993). EDI for Managers and Auditors, Electronic Data Interchange Council of Canada.
3. Chang P.C., Lai C.Y., and Lai K.R. A hybrid system by evolving case-based reasoning with genetic algorithm in wholesaler's returning book forecasting. Decision Support Systems 42 3 (2006) 1715-1729
4. Choudhury V., and Sabherwal R. Portfolios of control in outsourced software development projects. Information Systems Research 14 3 (2003) 291-314
5. Chung W., Chen H., Chang W., and Chou S. Fighting cybercrime: A review and the Taiwan experience. Decision Support Systems 41 3 (2006) 669-682
6. Computer Security Institute (2006). CSI/FBI computer crime and security survey.
7. Cronbach L.J. Coefficient alpha and the internal structure of tests. Psychometrica 16 3 (1951) 297-334 (September)
8. de Vel O., Anderson A., Corney M., and Mohay G. Mining e-mail content for author identification forensics. SIGMOD Record 30 4 (2001) 55-64
9. Denna E.L., Hansen J.V., Meservy R.D., and Wood L.E. Case-based reasoning and risk assessment in audit judgment. Intelligent Systems in Accounting, Finance and Management 1 3 (1992) 163-171
10. Dhillon G., and Backhouse J. Risks in the use of information technology within organizations. International Journal of Information Management 16 1 (1996) 65-74
11. Ezingeard J.N., McFadzean E., and Birchall D. A model of information assurance benefits. Information Systems Management Spring (2005) 20-29
12. Garfield M.J., and McKeown P.G. Planning for Internet security. Information Systems Management Winter (1997) 41-46
13. Gupta M., Rees J., Chaturvedi A., and Chi J. Matching information security vulnerabilities to organizational security profiles: A genetic algorithm approach. Decision Support Systems 41 (2006) 592-603
14. Hansen J.V., Meservy R.D., and Wood L.E. Case-based reasoning: Application techniques for decision support. International Journal of Intelligent Systems in Accounting, Finance and Management 4 (1995) 137-146
15. Hansen J.V., Lowry P.B., Meservy R.D., and McDonald D.M. Genetic programming for prevention of cyberterrorism through dynamic and evolving intrusion detection. Decision Support Systems 43 (2007) 1362-1374
16. ISACF (Information Systems Audit and Control Foundation) (1992). Control objectives, controls in an information systems environments: Controls guidelines and audit procedures (4th ed.). Rolling Meadows, IL, USA.
17. Jamieson R. EDI: An audit approach (1994), The EDP Auditors Foundation, Inc.
18. Jaworski J.B., Stathakopoulos V., and Krishnan H.S. Control combinations in marketing: Conceptual framework and empirical evidence. Journal of Marketing 57 January (1993) 57-69
19. Kirsch L.J. Deploying common systems globally: The dynamics of control. Information Systems Research 15 4 (2004) 374-395
20. Kolodner J.L. Improving human decision making through case-based decision aiding. AI Magazine 12 2 (1991) 52-68
21. Kolodner J.L. Case-based reasoning (1993), Morgan Kaufmann, San Mateo, CA
22. Lee S., and Han I. The design of EDI controls using case-based reasoning: EDICBR. International Journal of Intelligent Systems in Accounting, Finance, and Management 7 3 (1998) 135-152
23. Lee S., and Han I. The impact of organizational contexts on EDI controls. International Journal of Accounting Information Systems 1 (2000) 153-177
24. Lee S.M., Lee S.G., and Yoo S. An integrative model of computer abuse based on social control and general deterrence theories. Information & Management 41 (2004) 707-718
25. Lee, W., & Stolfo, S. J. (2000). Data mining approaches for intrusion detection. In Proceedings of the 7th USENIX security symposium, advanced computing systems association (pp. 66-72).
26. Moeller R.R. Computer audit, control, and security (1989), John Wiley & Sons, Inc.
27. Morris B.W. SCAN: A case-based reasoning model for generating information system control recommendation. International Journal of Intelligent Systems in Accounting, Finance and Management 3 1 (1994) 47-63
28. Mott S. Case-based reasoning: Market applications and fit with other technologies. Expert Systems With Applications 6 1 (1993) 97-104
29. Murphy M.A., and Parker X.L. Handbook of EDP auditing (1989), Warren, Gorham & Lamont, Inc., Boston, MA
30. Nidumolu S.R., and Subramni M.R. The matrix of control: Combining process and structure approaches to managing software development. Journal of Management Information Systems 20 3 (2003) 159-196
31. Nunnally J.C. Psychometric theory (1978), McGraw-Hill, New York
32. O'Leary D.E. Case-based reasoning and multiple-agent systems for accounting regulation systems with extensions. International Journal of Intelligent Systems in Accounting, Finance and Management 1 1 (1992) 41-52
33. Piccoli G., and Ives B. Trust and the unintended effects of behavior control in virtual teams. MIS Quarterly 27 3 (2003) 365-395
34. Riesbeck C.K., and Schank R.C. Inside case-based reasoning (1989), Lawrence Erlbaum, Hillside, NJ
35. Schultz M.G., Eskin E., Zadok E., and Stolfo S.J. Data mining methods for detection of new malicious executables. IEEE symposium on security and privacy (2001), IEEE Computer Society Press, Oakland CA, USA pp. 38-49
36. Senator T., Goldberg H., Wooton J., Cottini A., Umar A., Klinger C., et al. The FinCEN artificial intelligence system: Identifying potential money laundering from reports of large cash transactions. Proceedings of the 7th conference on innovative applications of AI (1995), AAAI, Menlo Park, CA
37. Sipior J.C., Ward B.T., and Roselli G.R. The ethical and legal concerns of spyware. Information Systems Management Spring (2005) 39-49
38. Spertus E. Smokey: Automatic recognition of hostile messages. Proceedings of Innovative Applications of Artificial Intelligence, Providence, Rhode Island (1997) 1058-1065
39. Stewart K.A., and Segars A.H. An empirical examination of the concern for information privacy instrument. Information Systems Research 13 1 (2002) 36-49
40. Suh B., and Han I. The impact of customer trust and perception of security control on the acceptance of electronic commerce. International Journal of Electronic Commerce 7 3 (2003) 135-161
41. Wang H., and Wang C. Taxonomy of security considerations and software quality. Communications of the ACM 46 6 (2003) 75-78
42. Weber R. Information systems control and audit (1999), Prentice Hall Inc., Upper Saddle River, NJ
43. Whitman M.E. In defense of the realm: Understanding the threats to information security. International Journal of Information Management 24 4 (2004) 3-57