Managing vulnerabilities of information systems to security incidents

ACM International Conference Proceeding Series

Volumn 50, Issue , 2003, Pages 348-354

  Farahmand, Fariborz ^a   Navathe, Shamkant B ^a   Enslow, Philip H ^a   Sharp, Gunter P ^b  

^a Georgia Institute of Technology   (United States)

^b Georgia Institute of Technology   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

INFORMATION SECURITY; PROBABILISTIC EVALUATION; REAL WORLD DATA; RISK MANAGEMENT SYSTEMS; SECURITY INCIDENT; SECURITY THREATS; SENIOR MANAGEMENT; THREE-AXIS; VULNERABILITY ASSESSMENTS;

ELECTRONIC COMMERCE; INFORMATION SYSTEMS; MANAGEMENT INFORMATION SYSTEMS; MANAGERS; RISK ANALYSIS; RISK ASSESSMENT; RISK MANAGEMENT; SAFETY FACTOR; SECURITY SYSTEMS;

SECURITY OF DATA;

EID: 77954468090     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/948005.948050     Document Type: Conference Paper

References (13)

1. British Security Standard, BS 7799, British Standards, 1999.
2. Farahmand, F., and Navathe, S. B., Enslow, P. H., Electronic Commerce and Security - a Management Perspective, ISS/INFORMS Seventh Annual Conference on Information Systems and Technology, San Jose, 2002, http://www.sba.uconn.edu/ OPIM/CIST/
3. Farahmand, F., and Navathe, S. B., A Risk Management Model to Support Investment Decisions on Security of Database and Information Systems, Working paper, Database Research Group, College of Computing, Georgia Institute of Technology, Atlanta, GA, 2003.
4. Henning, R. R., Security Service Level Agreements: Quantifiable Security for the Enterprise? ACM Proceedings of the 1999 Workshop on New Security Paradigm, Sep. 1999, pp. 54-60.
5. Hoffman, L. J., "Inexact Risk Analysis", Proceedings of the IEEE 1980 International Conference on Cybernetics and Society, Boston, Mass., October 1980.
6. ISO, Information Processing Systems- Open Systems Interconnection-Basic Reference Model, Part 2: Security Architecture, ISO 7498-2, 1989.
7. Pate-Cornell, E., and Guikema, S., Probabilistic Modeling of Terrorist Attacks: A System Analysis Approach to Setting Priorities Among Countermeasures, Military Operation Research, October 2002.
8. Schmucker, Kurt. Fuzzy Sets, Natural Language Computations, and Risk Analysis, Computer Science Press, 1983.
9. Stonebumer, G., Goguen, A., and Feringa, A., Risk Management Guide for Information Technology Systems, NIST Special Publications 800-30, 2001.
10. Starub, D. W., and Welke, R. J., Coping with Systems Risk: Security Planning Models for Management Decision Making, MIS Quarterly, Vol. 23, No. 4, 441-469.
11. Swanson, M. et al, Security Metrics Guide for Information Technology Systems, NIST Special Publications 800-55, 2002.
12. Tarr, C.J., Cost effective perimeter security, Security and Detection, European Convention on Security and Detection, 1995, pp. 183-187.
13. Wood, Charles C., et. al. Computer Security; A comprehensive Control Checklist, John Wiley & Sons, 1987.1987.