메뉴 건너뛰기




Volumn 256, Issue , 2014, Pages 57-73

A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis

Author keywords

Ant colony optimization; Bayesian networks; Information systems; Security risk; Vulnerability propagation

Indexed keywords

CAUSAL RELATIONSHIPS; ENTERPRISE RISK MANAGEMENT; INFORMATION SYSTEMS SECURITY; INTERNAL AND EXTERNAL FACTORS; PROPAGATION ANALYSIS; SECURITY RISK ANALYSIS; SECURITY RISKS; SECURITY VULNERABILITIES;

EID: 84887227513     PISSN: 00200255     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ins.2013.02.036     Document Type: Article
Times cited : (158)

References (47)
  • 2
    • 33748597348 scopus 로고    scopus 로고
    • A general, but readily adaptable model of information system risk
    • S. Alter, and S. Sherer A general, but readily adaptable model of information system risk Communications of the AIS 14 1 2004 1 28
    • (2004) Communications of the AIS , vol.14 , Issue.1 , pp. 1-28
    • Alter, S.1    Sherer, S.2
  • 3
    • 79959771557 scopus 로고    scopus 로고
    • A fuzzy reasoning and fuzzy-analytical hierarchy process based approach to the process of railway risk information: A railway risk management system
    • M. An, Y. Chen, and C.J. Baker A fuzzy reasoning and fuzzy-analytical hierarchy process based approach to the process of railway risk information: a railway risk management system Information Sciences 181 18 2011 3946 3966
    • (2011) Information Sciences , vol.181 , Issue.18 , pp. 3946-3966
    • An, M.1    Chen, Y.2    Baker, C.J.3
  • 4
    • 0344236266 scopus 로고    scopus 로고
    • Metaheuristics in combinatorial optimization: Overview and conceptual comparison
    • C. Blum, and A. Roli Metaheuristics in combinatorial optimization: overview and conceptual comparison ACM Computing Surveys 35 3 2003 268 308
    • (2003) ACM Computing Surveys , vol.35 , Issue.3 , pp. 268-308
    • Blum, C.1    Roli, A.2
  • 5
    • 58049119197 scopus 로고    scopus 로고
    • A simple graphical approach for understanding probabilistic inference in Bayesian networks
    • C. Butz, S. Hua, J. Chen, and H. Yao A simple graphical approach for understanding probabilistic inference in Bayesian networks Information Sciences 179 6 2009 699 716
    • (2009) Information Sciences , vol.179 , Issue.6 , pp. 699-716
    • Butz, C.1    Hua, S.2    Chen, J.3    Yao, H.4
  • 6
    • 70449091784 scopus 로고    scopus 로고
    • Choquet integral based aggregation approach to software development risk assessment
    • G. Büyüközkan, and D. Ruan Choquet integral based aggregation approach to software development risk assessment Information Sciences 180 3 2010 441 451
    • (2010) Information Sciences , vol.180 , Issue.3 , pp. 441-451
    • Büyüközkan, G.1    Ruan, D.2
  • 7
    • 84877648554 scopus 로고    scopus 로고
    • The economic cost of publicly announced information security breaches: Empirical evidence from the stock market
    • K. Campbell, L.A. Gordon, M.P. Loeb, and L. Zhou The economic cost of publicly announced information security breaches: empirical evidence from the stock market Journal of Computer Security 17 3 2009 431 448
    • (2009) Journal of Computer Security , vol.17 , Issue.3 , pp. 431-448
    • Campbell, K.1    Gordon, L.A.2    Loeb, M.P.3    Zhou, L.4
  • 8
    • 84887220715 scopus 로고    scopus 로고
    • The effect of Internet security breach announcements on market value: Capital market reactions for breached firms and Internet security developers
    • H. Cavusoglu, B. Mishra, and S. Raghunathan The effect of Internet security breach announcements on market value: capital market reactions for breached firms and Internet security developers International Journal of Electronic Commerce 14 3 2009 69 104
    • (2009) International Journal of Electronic Commerce , vol.14 , Issue.3 , pp. 69-104
    • Cavusoglu, H.1    Mishra, B.2    Raghunathan, S.3
  • 9
    • 0037331465 scopus 로고    scopus 로고
    • Fuzzy risk analysis based on similarity measures of generalized fuzzy numbers
    • S.J. Chen, and S.M. Chen Fuzzy risk analysis based on similarity measures of generalized fuzzy numbers IEEE Transactions on Fuzzy Systems 11 1 2003 45 56
    • (2003) IEEE Transactions on Fuzzy Systems , vol.11 , Issue.1 , pp. 45-56
    • Chen, S.J.1    Chen, S.M.2
  • 10
    • 34249832377 scopus 로고
    • A Bayesian method for the induction of probabilistic networks from data
    • G.F. Cooper, and E.A. Herskovits A Bayesian method for the induction of probabilistic networks from data Machine Learning 9 1992 309 347
    • (1992) Machine Learning , vol.9 , pp. 309-347
    • Cooper, G.F.1    Herskovits, E.A.2
  • 12
    • 0002012598 scopus 로고    scopus 로고
    • The ant colony optimization meta-heuristic
    • D. Corne, M. Dorigo, F. Glover, McGraw-Hill
    • M. Dorigo, and G.D. Caro The ant colony optimization meta-heuristic D. Corne, M. Dorigo, F. Glover, New Ideas in Optimization 1999 McGraw-Hill 11 33
    • (1999) New Ideas in Optimization , pp. 11-33
    • Dorigo, M.1    Caro, G.D.2
  • 16
    • 3242704207 scopus 로고    scopus 로고
    • BBN-based software project risk management
    • C. Fan, and Y. Yu BBN-based software project risk management Journal of Systems and Software 73 2 2004 193 203
    • (2004) Journal of Systems and Software , vol.73 , Issue.2 , pp. 193-203
    • Fan, C.1    Yu, Y.2
  • 17
    • 79960556391 scopus 로고    scopus 로고
    • An information systems security risk assessment model under uncertain environment
    • N. Feng, and M. Li An information systems security risk assessment model under uncertain environment Applied Soft Computing 11 7 2011 4332 4340
    • (2011) Applied Soft Computing , vol.11 , Issue.7 , pp. 4332-4340
    • Feng, N.1    Li, M.2
  • 18
    • 0036132536 scopus 로고    scopus 로고
    • Searching the best elimination sequence in Bayesian networks by using ant-colony optimization
    • J.A. Gámez, and J.M. Puerta Searching the best elimination sequence in Bayesian networks by using ant-colony optimization Pattern Recognition Letters 23 1-3 2002 261 277
    • (2002) Pattern Recognition Letters , vol.23 , Issue.13 , pp. 261-277
    • Gámez, J.A.1    Puerta, J.M.2
  • 21
    • 50049117473 scopus 로고    scopus 로고
    • Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles
    • L. Grunske, and D. Joyce Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles Journal of Systems and Software 81 8 2008 1327 1345
    • (2008) Journal of Systems and Software , vol.81 , Issue.8 , pp. 1327-1345
    • Grunske, L.1    Joyce, D.2
  • 22
    • 69249161367 scopus 로고    scopus 로고
    • Online optimization of a color sorting assembly buffer using ant colony optimization
    • S.A. Hartmann, T.A. Runkler, Online optimization of a color sorting assembly buffer using ant colony optimization, in: Proceedings of Operations Research, 2007, pp. 415-420.
    • (2007) Proceedings of Operations Research , pp. 415-420
    • Hartmann, S.A.1    Runkler, T.A.2
  • 24
    • 34249761849 scopus 로고
    • Learning BNs: The combination of knowledge and statistical data
    • D. Heckerman, D. Geiger, and D.M. Chickering Learning BNs: the combination of knowledge and statistical data Machine Learning 20 3 1995 197 243
    • (1995) Machine Learning , vol.20 , Issue.3 , pp. 197-243
    • Heckerman, D.1    Geiger, D.2    Chickering, D.M.3
  • 28
    • 17844381878 scopus 로고    scopus 로고
    • ISRAM: Information security risk analysis method
    • B. Karabacak, and I. Sogukpinar ISRAM: information security risk analysis method Computers & Security 24 2 2005 147 159
    • (2005) Computers & Security , vol.24 , Issue.2 , pp. 147-159
    • Karabacak, B.1    Sogukpinar, I.2
  • 31
    • 76749103392 scopus 로고    scopus 로고
    • Optimal search on clustered structural constraint for learning Bayesian network structure
    • K. Kojima, E. Perrier, and S. Imoto Optimal search on clustered structural constraint for learning Bayesian network structure Journal of Machine Learning Research 11 2010 285 310
    • (2010) Journal of Machine Learning Research , vol.11 , pp. 285-310
    • Kojima, K.1    Perrier, E.2    Imoto, S.3
  • 32
    • 0028482006 scopus 로고    scopus 로고
    • Learning Bayesian belief networks: An approach based on the MDL principle
    • W. Lam, and F. Bacchus Learning Bayesian belief networks: an approach based on the MDL principle Computational Intelligence 20 2004 269 293
    • (2004) Computational Intelligence , vol.20 , pp. 269-293
    • Lam, W.1    Bacchus, F.2
  • 34
    • 84857564432 scopus 로고    scopus 로고
    • An integrated risk measurement and optimization model for trustworthy software process management
    • J. Li, M. Li, D. Wu, and H. Song An integrated risk measurement and optimization model for trustworthy software process management Information Sciences 191 15 2012 47 60
    • (2012) Information Sciences , vol.191 , Issue.15 , pp. 47-60
    • Li, J.1    Li, M.2    Wu, D.3    Song, H.4
  • 38
    • 49749086940 scopus 로고    scopus 로고
    • Analysing business losses caused by information systems risk: A business process analysis approach
    • H. Salmela Analysing business losses caused by information systems risk: a business process analysis approach Journal of Information Technology 23 3 2008 185 202
    • (2008) Journal of Information Technology , vol.23 , Issue.3 , pp. 185-202
    • Salmela, H.1
  • 39
    • 33745714157 scopus 로고    scopus 로고
    • Distributed optimization of logistic systems and its suppliers using ant colony optimization
    • C.A. Silva, J.M.C. Sousa, and T.A. Runkler Distributed optimization of logistic systems and its suppliers using ant colony optimization International Journal of Systems Science 37 8 2006 503 512
    • (2006) International Journal of Systems Science , vol.37 , Issue.8 , pp. 503-512
    • Silva, C.A.1    Sousa, J.M.C.2    Runkler, T.A.3
  • 42
    • 33746035971 scopus 로고    scopus 로고
    • The max-min hill-climbing Bayesian network structure learning algorithm
    • I. Tsamardinos, L.E. Brown, and C.F. Aliferis The max-min hill-climbing Bayesian network structure learning algorithm Machine Learning 65 1 2006 31 78
    • (2006) Machine Learning , vol.65 , Issue.1 , pp. 31-78
    • Tsamardinos, I.1    Brown, L.E.2    Aliferis, C.F.3
  • 43
    • 33748594201 scopus 로고    scopus 로고
    • An information systems security risk assessment model under the Dempster-Shafer theory of belief functions
    • L. Sun, R.P. Srivastava, and T.J. Mock An information systems security risk assessment model under the Dempster-Shafer theory of belief functions Journal of Management Information Systems 22 4 2006 109 142
    • (2006) Journal of Management Information Systems , vol.22 , Issue.4 , pp. 109-142
    • Sun, L.1    Srivastava, R.P.2    Mock, T.J.3
  • 44
    • 33745097420 scopus 로고    scopus 로고
    • Mining time series data for segmentation by using ant colony optimization
    • S. Weng, and Y. Liu Mining time series data for segmentation by using ant colony optimization European Journal of Operational Research 173 3 2006 921 937
    • (2006) European Journal of Operational Research , vol.173 , Issue.3 , pp. 921-937
    • Weng, S.1    Liu, Y.2
  • 45
    • 73549093599 scopus 로고    scopus 로고
    • Enterprise risk management: Coping with model risk in a large bank
    • D. Wu, and D.L. Olson Enterprise risk management: coping with model risk in a large bank Journal of the Operational Research Society 61 2 2010 179 190
    • (2010) Journal of the Operational Research Society , vol.61 , Issue.2 , pp. 179-190
    • Wu, D.1    Olson, D.L.2
  • 46
    • 77956637948 scopus 로고    scopus 로고
    • A risk analysis model in concurrent engineering product development
    • D.D. Wu, K. Xie, G. Chen, and P. Gui A risk analysis model in concurrent engineering product development Risk Analysis 30 9 2010 1440 1453
    • (2010) Risk Analysis , vol.30 , Issue.9 , pp. 1440-1453
    • Wu, D.D.1    Xie, K.2    Chen, G.3    Gui, P.4
  • 47
    • 34548477450 scopus 로고    scopus 로고
    • Network externalities, layered protection and IT security risk management
    • W.T. Yue, M. Çakanyildirim, Y.U. Ryu, and D. Liu Network externalities, layered protection and IT security risk management Decision Support Systems 44 1 2007 1 16
    • (2007) Decision Support Systems , vol.44 , Issue.1 , pp. 1-16
    • Yue, W.T.1    Çakanyildirim, M.2    Ryu, Y.U.3    Liu, D.4


* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.