[1] British Security Standard, BS 7799, British Standards, 1999.
[2] Farahmand, F., and Navathe, S. B., Enslow, P. H.,
Electronic Commerce and Security – a Management
Perspective, ISS/INFORMS Seventh Annual Conference on
Information Systems and Technology, San Jose, 2002,
http://www.sba.uconn.edu/OPIM/CIST/
[3] Farahmand, F., and Navathe, S. B., A Risk Management
Model to Support Investment Decisions on Security of
Database and Information Systems, Working paper,
Database Research Group, College of Computing, Georgia
Institute of Technology, Atlanta, GA, 2003.
[4] Henning, R. R., Security Service Level Agreements:
Quantifiable Security for the Enterprise? ACM Proceedings
of the 1999 Workshop on New Security Paradigm, Sep.
1999, pp. 54-60.
[5] Hoffman, L. J., “Inexact Risk Analysis”, Proceedings of the
IEEE 1980 International Conference on Cybernetics and
Society, Boston, Mass., October 1980.
[6] ISO, Information Processing Systems- Open Systems
Interconnection-Basic Reference Model, Part 2: Security
Architecture, ISO 7498-2, 1989.
[7] Pate-Cornell, E., and Guikema, S., Probabilistic Modeling
of Terrorist Attacks: A System Analysis Approach to
Setting Priorities Among Countermeasures, Military
Operation Research, October 2002.
[8] Schmucker, Kurt. Fuzzy Sets, Natural Language
Computations, and Risk Analysis, Computer Science Press,
1983.
[9] Stonebumer, G., Goguen, A., and Feringa, A., Risk
Management Guide for Information Technology Systems,
NIST Special Publications 800-30, 2001.
[10] Starub, D. W., and Welke, R. J., Coping with Systems Risk:
Security Planning Models for Management Decision
Making, MIS Quarterly, Vol. 23, No. 4, 441-469.
[11] Swanson, M. et al, Security Metrics Guide for Information
Technology Systems, NIST Special Publications 800-55,
2002.
[12] Tarr, C.J., Cost effective perimeter security, Security and
Detection, European Convention on Security and Detection,
1995, pp. 183 –187.
[13] Wood, Charles C., et. al. Computer Security; A
comprehensive
[2] Farahmand, F., and Navathe, S. B., Enslow, P. H.,
Electronic Commerce and Security – a Management
Perspective, ISS/INFORMS Seventh Annual Conference on
Information Systems and Technology, San Jose, 2002,
http://www.sba.uconn.edu/OPIM/CIST/
[3] Farahmand, F., and Navathe, S. B., A Risk Management
Model to Support Investment Decisions on Security of
Database and Information Systems, Working paper,
Database Research Group, College of Computing, Georgia
Institute of Technology, Atlanta, GA, 2003.
[4] Henning, R. R., Security Service Level Agreements:
Quantifiable Security for the Enterprise? ACM Proceedings
of the 1999 Workshop on New Security Paradigm, Sep.
1999, pp. 54-60.
[5] Hoffman, L. J., “Inexact Risk Analysis”, Proceedings of the
IEEE 1980 International Conference on Cybernetics and
Society, Boston, Mass., October 1980.
[6] ISO, Information Processing Systems- Open Systems
Interconnection-Basic Reference Model, Part 2: Security
Architecture, ISO 7498-2, 1989.
[7] Pate-Cornell, E., and Guikema, S., Probabilistic Modeling
of Terrorist Attacks: A System Analysis Approach to
Setting Priorities Among Countermeasures, Military
Operation Research, October 2002.
[8] Schmucker, Kurt. Fuzzy Sets, Natural Language
Computations, and Risk Analysis, Computer Science Press,
1983.
[9] Stonebumer, G., Goguen, A., and Feringa, A., Risk
Management Guide for Information Technology Systems,
NIST Special Publications 800-30, 2001.
[10] Starub, D. W., and Welke, R. J., Coping with Systems Risk:
Security Planning Models for Management Decision
Making, MIS Quarterly, Vol. 23, No. 4, 441-469.
[11] Swanson, M. et al, Security Metrics Guide for Information
Technology Systems, NIST Special Publications 800-55,
2002.
[12] Tarr, C.J., Cost effective perimeter security, Security and
Detection, European Convention on Security and Detection,
1995, pp. 183 –187.
[13] Wood, Charles C., et. al. Computer Security; A
comprehensive
No comments:
Post a Comment