Automated risk and utility management

ITNG 2009 - 6th International Conference on Information Technology: New Generations

Volumn , Issue , 2009, Pages 393-398

  Ekelhart, Andreas ^a   Neubauer, Thomas ^a   Fenz, Stefan ^b  

^a Secure Business Austria   (Austria)

^b VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

Author keywords

[No Author keywords available]

Indexed keywords

BUSINESS VALUE; CORPORATE STRATEGIES; DECISION MAKERS; INFORMATION SECURITY; IT SECURITY; RELIABLE EXECUTION; SECURITY MEASURE; UTILITY MANAGEMENT;

RISK MANAGEMENT;

INFORMATION TECHNOLOGY;

EID: 77951146012     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ITNG.2009.23     Document Type: Conference Paper

References (14)

1. C. Alberts, A. Dorofee, J. Stevens, and C. Woody. Introduction to the OCTAVE approach. Technical report, Carnegie Mellon - Software Engineering Institute, Pittsburgh, PA 15213-23890, August 2003.
2. C. Alves and A. Finkelstein. Investigating conflicts in COTS decisionmaking. International Journal of Software Engineering and Knowledge Engineering, 13(5):473-495, 2003.
3. DCSSI. EBIOS - Section 2 - Approach. General Secretariat of National Defence Central Information Systems Security Division (DCSSI), February 2004.
4. S. Dekleva. Justifying Investments in IT. Journal of Information Technology Management, 16(3), 2005.
5. A. Ekelhart, S. Fenz, M. Klemen, and E. Weippl. Security ontologies: Improving quantitative risk analysis. In Proceedings of the 40th Hawaii International Conference on System Sciences, HICSS2007, pages 156-162, Los Alamitos, CA, USA, January 2007. IEEE Computer Society. 0-7695-2755-8.
6. A. Ekelhart, S. Fenz, T. Neubauer, and E. Weippl. Formal threat descriptions for enhancing governmental risk assessment. In Proceedings of the First ICEGOV, volume 232 of ACM International Conference Proceeding Series, pages 40-43, New York, NY, USA, January 2007. ACM. 978-1-59593-822-0.
7. B. Farquhar. One approach to risk assessment. Computers and Security, 10(10):21-23, February 1991.
8. R. Fredriksen, M. Kristiansen, B. A. Gran, K. Stolen, T. A. Opperud, and T. Dimitrakos. The coras framework for a model-based risk management process. In SAFECOMP '02: Proceedings of the 21st International Conference on Computer Safety, Reliability and Security, pages 94-105, London, UK, 2002. Springer-Verlag.
9. ISO/IEC. ISO/IEC 27005:2007, Information technology - Security techniques - Information security risk management, November 2007.
10. V. S. Lai, R. P. Trueblood, and B. K. Wong. Software selection: A case study of the application of the analytical hierarchical process to the selection of a multimedia authoring system. Information & Management, 36, 1999.
11. T. Neubauer, A. Ekelhart, and S. Fenz. Interactive selection of iso 27001 controls under multiple objectives. In Proceedings of the IFIPSec2008, volume 278/2008, pages 477-492, Boston, July 2008. Springer.
12. T. Neubauer and C. Stummer. Extending business process management to determine efficient it investments. In Proceedings of the SAC2007, pages 1250-1256, 2007.
13. M. Stallinger. IT-Governance im Kontext Risikomanagement. PhD thesis, Johannes Kepler Universitt Linz, 2007.
14. G. Stoneburner, A. Goguen, and A. Feringa. Risk management guide for information technology systems. NIST Special Publication 800-30, National Institute of Standards and Technology (NIST), Gaithersburg, MD 20899-28930, July 2002.