A Management Perspective on Risk of Security Threats to Information Systems

Information Technology and Management - Tập 6 Số 2-3 - Trang 203-225 - 2005
Fariborz Farahmand1, Shamkant B. Navathe2, Gunter P. Sharp3, Philip H. Enslow3
1College of Computing, Georgia Institute of Technology, Atlanta, Georgia
2School of Industrial and Systems Engineering, Georgia Institute of Technology, Georgia
3College of Computing, Georgia Institute of Technology, Atlanta

Tóm tắt

Từ khóa


Tài liệu tham khảo

British Security Standard, BS 7799 (British Standards, 1999).

V. Ahuja, Building trust in electronic commerce, IT Professional 2(3) (2000) 61–63.

T. Bui and T.R. Sivasankaran, Cost-effectiveness modeling for a decision support system in computer security, Computers and Security 6 (1987) 139–151.

R.P. Campbell and G.A. Sands, A Modular Approach to Computer Security Risk Management, in: AFIPS National Computer Conference (1979) 293–303.

Cohen (1997) http://citeseer.nj.nec.com/lee00toward.html

R. Elmasri and S.B. Navathe, Fundamentals of Database Systems, ed. 4 (Addison Wesley, 2004).

G. Eschellbeck, Active Security A Proactive Approach for Computer Security Systems, Journal of Network and Computer Applications 23(2000) 109–130.

F. Farahmand, S.B. Navathe and P.H. Enslow, Electronic commerce and security–-A management perspective, in: ISS/INFORMS Seventh Annual Conference on Information Systems and Technology (San Jose, 2002).

F. Farahmand, S.B. Navathe, Gunter P. Sharp and P.H. Enslow, Managing Vulnerabilities of Information Systems to Security Incidents, in: ACM International Conference on Electronic Commerce, ICEC 2003 (Pittsburgh, Sept. 2003) 348–354.

F. Farahmand, W.J. Malik, S.B. Navathe and P.H. Enslow, Security Tailored to the Needs of Business, in: ACM Workshop on Business Driven Security Engineering (BIZSEC) (2003).

D.F. Ferraiolo, R. Sandhu, S. Gavrila, D.R. Kuhn and R. Chandramouli, Proposed NIST Standard for Role-Based Access Control, ACM Transactions on Information and System Security (TISSEC) 4(3) (2001) 224–274.

R.L. Field, Issues in the Law of Electronic Commerce, Networker (ACM Press) 1(3) (1997) 28–37.

A.K. Ghosh and T.M. Swaminatha, Software security and privacy risks in mobile e-commerce, Communications of the ACM 44(2) (2001) 51–57.

R. Henning, Security Service Level Agreements: Quantifiable Security for the Enterprise? in: ACM Proceedings of the 1999 Workshop on New Security Paradigm (Sept. 1999) 54–60.

ISO, Information Processing Systems–-Open Systems Interconnection-Basic Reference Model, Part 2: Security Architecture, ISO 7498-2 (1989).

J. Joshi et al., Security Models for Web-Based Applications, Communications of the ACM 44(2) (2001) 38–44.

C.E. Landwehr et al., A Taxonomy of Computer Program Security Flaws, with Examples, Naval Research Laboratory (Nov. 1993).

C.E. Landwehr and D.M. Goldschlag, Security Issues in Networks with Internet Access, in: Proceedings of the IEEE 85(12) (1997) 2034 –2051.

S. Lichtenstein, Internet Risks for Computers, Computers & Security 17 (1998) 143–150.

U. Lindqvist and E. Jonsson, How to systematically classify computer security intrusions, IEEE Symposium on Security and Privacy (1997) 154–163.

N. Linketscher and M. Child, Trust issues and user reactions to e-services and e-marketplaces: a customer survey, IEEE 12th International Workshop on Database and Expert Systems Applications (2001) 752–756.

R. Lipmann, et al., The 1999 DARPA off-line Intrusion Detection Evaluation, Computer Networks 34 (2000) 579–595.

D.W. Manchala, E-commerce trust metrics and models, IEEE Internet Computing 4(2) (2000) 36–44.

D.H. McKnight, C. Choudhury and C. Kacmar, Developing and Validating Trust Measures for e-Commerce: An Integrative Typology, Information Systems Research 13(3) (2002) 334–359.

P.G. Neumann and D.B. Parker, A Summary of Computer Misuse Techniques, in: Proceedings of the 12th National Computer Security Conference (Oct. 1989) 396–407. National Institute of Standards and Technology/National Computer Security Center.

National Bureau of Standards (NBS), Data Encryption Standards (FIPS Publ. 46, Jan 1977).

E. Orlandi, The Cost of Security, in: IEEE International Carnahan Conference on Security Technology (1991) 192–196.

E. Pate-Cornell and S. Guikema, Probabilistic Modeling of Terrorist Attacks: A System Analysis Approach to Setting Priorities Among Countermeasures, Military Operation Research (Oct. 2002).

C.P. Pfleeger, Security in Computing (Prentice Hall, 1997).

R. Power, Computer Security Issues & Trends, 2002 CSI/FBI Computer Crime and Security Survey VIII(1) (2002).

R.L. Rivest, A. Shamir and L.M. Adleman, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, CACM 21(2) (1978) 120–126.

H.J. Schummacher and S. Ghosh, A fundamental framework for network security, Journal of Network and Computer Applications (1997) 305–322.

G. Stonebumer, A. Goguen and A. Feringa, Risk Management Guide for Information Technology Systems (NIST Special Publications 800–30, 2001).

M. Swanson, et al., Security Metrics Guide for Information Technology Systems (NIST Special Publications 800-55, 2002).

C.J. Tarr, Cost effective perimeter security, security and detection, European Convention on Security and Detection (1995) 183–187.

C.C. Wood, et al., Computer Security: A comprehensive Control Checklist (John Wiley & Sons, 1987).S

Thông tin
Thông tin xuất bản

Information Technology and Management

Tập 6 Số 2-3

203-225

Thông tin tác giả