Perceived risk assessment

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2008, Pages 59-63

  Asnar, Yudistira ^a   Zannone, Nicola ^b  

^a UNIVERSITY OF TRENTO   (Italy)

^b UNIVERSITY OF TORONTO   (Canada)

Author keywords

Perceived risk; Risk assessment; Subjective input

Indexed keywords

CRITICAL ACTIVITIES; CRITICAL SYSTEMS; HUMAN ACTIVITIES; IT SYSTEM; PERCEIVED RISK; SUBJECTIVE INPUT;

AIR TRAFFIC CONTROL; NUCLEAR ENERGY; NUCLEAR INDUSTRY; NUCLEAR POWER PLANTS; RISK MANAGEMENT; RISK PERCEPTION;

RISK ASSESSMENT;

EID: 70349238654     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1456362.1456375     Document Type: Conference Paper

References (42)

1. CVE - Common Vulnerabilities and Exposures. http://cve.mitre.org/. accessed at 2008-05-27.
2. Y. Asnar and P. Giorgini. Analysing Risk-Countermeasure in Organizations: a Quantitative Approach. Technical Report DIT-07-047, DIT - University of Trento, July 2007.
3. Y. Asnar, P. Giorgini, F. Massacci, and N. Zannone. From Trust to Dependability through Risk Analysis. In Proceedings of the Second International Conference on Availability, Reliability and Security. IEEE Press, 2007.
4. Y. Asnar, R. Moretti, M. Sebastianis, and N. Zannone. Risk as Dependability Metrics for the Evaluation of Business Solutions: A Model-driven Approach. In Proceedings of the 3rd International Workshop on Dependability Aspects on Data WArehousing and Mining applications, 2008.
5. R. G. Bace. Intrusion Detection. Sams Publishing, 2000.
6. D. Basin, J. Doser, and T. Lodderstedt. Model Driven Security: From UML Models to Access Control Infrastructures. ACM Transactions on Software Engineering and Methodology, 15:39-91, 2006.
7. T. Bedford and R. Cooke. Probabilistic Risk Analysis: Foundations and Methods. Cambridge University Press, 2001.
8. D. Bernoulli. Exposition of a New Theory on the Measurement of Risk. Econometrica, 22:23-36, 1954. (original 1738).
9. J. R. Bettman. Perceived risk and its components: A model and empirical test. Journal of Marketing Research, 10:184-190, 1973.
10. CERT. Cert statistics. http://www.cert.org/stats/. accessed at 2008-05-27.
11. COSO. Enterprise Risk Management - Integrated Framework. Committee of Sponsoring Organizations of the Treadway Commission, September 2004.
12. F. den Braber, T. Dimitrakos, B. A. Gran, M. S. Lund, K. Stølen, and J. Ø. Aagedal. The CORAS Methodology: Model-Based Risk Assessment using UML and UP. In UML and the Unified Process, pages 332-357. Idea Group Publishing, 2003.
13. DoD. Military Standard, Procedures for Performing a Failure Mode, Effects, and Critical Analysis. MIL-STD-1629A, 1980.
14. M. S. Feather. Towards a Unified Approach to the Representation of, and Reasoning with, Probabilistic Risk Information about Software and its System Interface. In Proceedings of the 15th IEEE International Symposium on Software Software Reliability Engineering, pages 391-402. IEEE Computer Society Press, November 2004.
15. D. Geer. Risk Management is Still Where the Money is. Computer, 36:129-131, 2003.
16. P. Giorgini, F. Massacci, J. Mylopoulos, and N. Zannone. Modeling Security Requirements Through Ownership, Permission and Delegation. In Proceedings of the 13th IEEE International Requirements Engineering Conference, pages 167-176. IEEE Computer Society Press, 2005.
17. T. I. G. Institute. CoBIT - Framework Control Objectives Management Guidelines Maturity Models, 4.1 edition.
18. ISO/IEC. Risk Management-Vocabulary-Guidelines for Use in Standards. ISO/IEC Guide 73, 2002.
19. ISO/IEC. Management of Information and Communication Technology Security - Part 1: Concepts and Models for Information and Communication Technology Security Management. ISO/IEC 13335, 2004.
20. ISO/IEC. Information Technology - Security Techniques - Information Security Management Systems - Requirements. ISO/IEC 27001, 2005.
21. ISO/IEC. Information Technology - Security Techniques - Information Security Risk Management. ISO/IEC 27005, 2008.
22. A. Jaquith. Security Metrics: Replacing Fear, Uncertainty, and Doubt. Addison Wesley, 2007.
23. A. Jøsang, D. Bradley, and S. J. Knapskog. Belief-Based Risk Analysis. In Proceedings of the 2nd Workshop on Australasian Information Security, Data Mining and Web Intelligence, and Software Internationalisation, pages 63-68, Darlinghurst, Australia, Australia, 2004. Australian Computer Society, Inc.
24. A. Jøsang and S. Presti. Analysing the Relationship Between Risk and Trust. In Proceedings of the Second International Conference on Trust Management, volume 2995 of Lecture Notes in Computer Science, pages 135-145. Springer-Verlag, 2004.
25. Jürjens. Secure Systems Development With UML. Springer, 2005.
26. H. Lacoheea, A. Phippenb, and S. Furnell. Risk and Restitution: Assessing How Users Establish Online Trust. Computers & Security, 25(7):286-293, October 2006.
27. D. G. Mayo and R. D. Hollander. Acceptable Evidence: Science and Values in Risk Management. Oxford University Press US, 1991.
28. G. McGraw. Software Security: Building Security in. Addison-Wesley, 2006.
29. A. Mosleh, E. R. Hilton, and P. S. Browne. Bayesian probabilistic risk analysis. SIGMETRICS Perform. Eval. Rev., 13(1):5-12, 1985.
30. P. G. Neumann. RISKS-LIST: RISKS-FORUM Digest. http://catless.ncl.ac.uk/ Risks/. accessed at 2008-05-27.
31. B. Schneier. Beyond Fear: Thinking Sensibly about Security in an Uncertain World. Springer, 2003.
32. B. Schneier. In Praise of Security Theater. http://www.schneier.com/blog/ , January 2007. last access 04.08.2008.
33. K. Sentz and S. Ferson. Combination of Evidence in Dempster-Shafer Theory. Technical Report SAND 2002-0835, Sandia National Laboratories, 2002.
34. G. Shafer. A Mathematical Theory of Evidence. Princeton University Press, Princeton, NJ, 1976.
35. P. Slovic. Perceived Risk, Trust, and Democracy. Risk Analysis, 13(6):675-682, 1993.
36. B. Solhaug, D. Elgesem, and K. Stølen. Why Trust is not Proportional to Risk. In Proceedings of the Second International Conference on Availability, Reliability and Security. IEEE Press, 2007.
37. M. Stamatelatos, W. Vesely, J. Dugan, J. Fragola, J. Minarick, and J. Railsback. Fault Tree Handbook with Aerospace Applications. NASA, 2002.
38. U.S. NCSA - NHTSA. Fatality Analysis Reporting System General Estimates System - 2006 Data Summary. http://www-nrd.nhtsa.dot.gov/CMSWeb/, 2008. last access 04.08.2008.
39. U.S. NTSB. Aviation Accident Statistics. http://www.ntsb.gov/aviation/ Table2.htm, 2008. last access 04.08.2008.
40. D. Vose. Risk Analysis: A Quantitative Guide. Wiley, 2000.
41. P. P. Wakker. Dempster Belief Functions are based on the Principle of Complete Ignorance. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 8(3):271-284, 2000.
42. E. Weber, A. Blais, and N. Betz. A Domain-Specific Risk-Attitude Scale: Measuring Risk Perceptions and Risk Behaviors. Journal of Behavioral Decision Making, 15(4):263-290, 2002.