Ontology-based decision support for information security risk management

Proceedings of the 4th International Conference on Systems, ICONS 2009

Volumn , Issue , 2009, Pages 80-85

  Ekelhart, Andreas ^a   Fenz, Stefan ^b   Neubauer, Thomas ^a  

^a Secure Business Austria   (Austria)

^b VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

Author keywords

[No Author keywords available]

Indexed keywords

DECISION MAKERS; DECISION SUPPORTS; E-COMMERCE APPLICATIONS; EBUSINESS; INFORMATION SECURITY; IT SECURITY; MANAGEMENT SOFTWARE; ONTOLOGY-BASED; RISK MITIGATION; SECURITY ISSUES; SOFTWARE SOLUTION;

COMPUTER SOFTWARE; DECISION SUPPORT SYSTEMS; ELECTRONIC COMMERCE; MOBILE TELECOMMUNICATION SYSTEMS; ONTOLOGY; RISK ANALYSIS; RISK ASSESSMENT; RISK MANAGEMENT; SECURITY SYSTEMS;

DECISION MAKING;

EID: 70349102097     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICONS.2009.8     Document Type: Conference Paper

References (26)

1. L. Gordon, M. Loeb, W. Lucyshyn, and R. Richardson, "CSI/FBI Computer Crime and Security Survey," September 2006.
2. M. Bishop, "What is computer security?" IEEE Sec. Priv. Mag., vol.1, no.1, pp. 67-69, Jan.-Feb. 2003.
3. BSI, "IT Grundschutz Manual," 2004. [Online]. Available: http://www.bsi.de/english/gshb/manual/download/index.html
4. DCSSI, "Expression des Besoins et Identification des Objectifs de Scurit (EBIOS) - Section 2 - Approach," General Secretariat of National Defence Central Information Systems Security Division (DCSSI), 2004.
5. M. Vitale, "The growing risks of information systems success," MIS Quarterly, vol.10, no.4, pp. 327-334, December 1986.
6. W. Baker and L. Wallace, "Is information security under control?: Investigating quality in information security management," IEEE Security and Privacy, vol.5, no.1, pp. 36-44, 2007. (Pubitemid 46384607)
7. R. Baskerville, "Information systems security design methods: Implications for information systems development," ACM Computing Surveys, vol.25, no.4, pp. 375-414, December 1993.
8. ISO/IEC "27001:2005, Information technology - Security techniques - Information security management systems - Requirements," 2005.
9. W. Baker, L. Rees, and P. Tippett, "Necessary measures: metric-driven information security risk assessment and decision making," Communications of the ACM, vol.50, no.10, pp. 101-106, 2007. (Pubitemid 47505006)
10. C. D. Ittner and D. F. Larcker, "Coming Up Short On Financial Measurement," Havard Business Review, vol.81, no.11, 2003.
11. D. M. Lander and G. E. Pinches, "Challenges to the practical implementation of modelling and valuing real options," The Quarterly Review of Economics and Finance, vol.38, pp. 537-567, 1998. (Pubitemid 128180039)
12. M. Stallinger, "IT-Governance im Kontext Risikomanagement," Ph.D. dissertation, Johannes Kepler Universitt Linz, 2007.
13. FIPS, "Guideline for automatic data processing risk analysis," National Bureau of Standards, Federal Information Processing Standards Publications (FIPS PUB) 65, August 1975.
14. R. Rainer, C. Snyder, and H. Carr, "Risk analysis for information technology," Journal of Management Information Systems, vol.8, no.1, pp. 129-147, Summer 1991.
15. T. Finne, "A conceptual framework for information security management," Computers & Security, vol.17, pp. 303-307, 1998. (Pubitemid 128400523)
16. L. Gordon and M. Loeb, "The economics of information security investment," ACM Transactions on Information and System Security, vol.5, no.4, pp. 438-457, November 2002.
17. H. Cavusoglu, B. Mishra, and S. Raghunathan, "A model for evaluating it security investments," Communications of the ACM, vol.47, no.7, pp. 87-92, 2004.
18. L. Bodin, L. Gordon, and M. Loeb, "Information security and risk management," Communications of the ACM, vol.51, no.4, pp. 64-68, April 2008.
19. B. Farquhar, "One approach to risk assessment," Computers and Security, vol.10, no.10, pp. 21-23, February 1991.
20. G. Stoneburner, A. Goguen, and A. Feringa, "Risk management guide for information technology systems," National Institute of Standards and Technology (NIST), Gaithersburg, MD 20899-8930, NIST Special Publication 800-830, July 2002.
21. C. Alberts, A. Dorofee, J. Stevens, and C. Woody, "Introduction to the OCTAVE approach," Carnegie Mellon - Software Engineering Institute, Pittsburgh, PA 15213-23890, Tech. Rep., August 2003.
22. ISO/IEC "27005:2007, Information technology - Security techniques - Information security risk management," 2007.
23. A. Ekelhart, S. Fenz, T. Neubauer, and E. Weippl, "Formal threat descriptions for enhancing governmental risk assessment," in Proceedings of the First International Conference on Theory and Practice of Electronic Governance. ACM Press, 2007.
24. T. Neubauer, A. Ekelhart, and S. fenz, "Interactive selection of iso 27001 controls under multiple objectives," in Proceedings of the 23rd International Information Security Conference, 2008.
25. T. R. Peltier, Information Security Risk Analysis, 2nd ed. Auerbach Publications, 2005.
26. T. Neubauer and C. Stummer, "Interactive decision support for multiobjective cots selection," in Proceedings of the 40th Annual Hawaii International Conference on System Sciences, no.01, 2007.