A comprehensive security control selection model for inter-dependent organizational assets structure
暂无分享,去创建一个
Mehdi Shajari | Hoda Ghavamipoor | Maryam Shahpasand | Seyed Alireza Hashemi Golpaygani | M. Shahpasand | M. Shajari | Hoda Ghavamipoor
[1] Loren Paul Rees,et al. IT security planning under uncertainty for high-impact events , 2012 .
[2] Carl E. Landwehr,et al. Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.
[3] Ruth Breu,et al. Quantitative Assessment of Enterprise Security System , 2008, 2008 Third International Conference on Availability, Reliability and Security.
[4] Peter Martini,et al. Graph based Metrics for Intrusion Response Measures in Computer Networks , 2007 .
[5] Wolfgang Boehmer,et al. Appraisal of the Effectiveness and Efficiency of an Information Security Management System Based on ISO 27001 , 2008, 2008 Second International Conference on Emerging Security Information, Systems and Technologies.
[6] Jeannette M. Wing,et al. Scenario graphs and attack graphs , 2004 .
[7] Ketil Stølen,et al. Model-Driven Risk Analysis - The CORAS Approach , 2010 .
[8] Xinming Ou,et al. Identifying Critical Attack Assets in Dependency Attack Graphs , 2008, ESORICS.
[9] Indrajit Ray,et al. Optimal security hardening using multi-objective optimization on attack tree models of networks , 2007, CCS '07.
[10] Emmanuel Aroms,et al. NIST Special Publication 800-30 Risk Management Guide for Information Technology Systems , 2012 .
[11] Tansu Alpcan,et al. Dynamic Control and Mitigation of Interdependent IT Security Risks , 2010, 2010 IEEE International Conference on Communications.
[12] Ruth Breu,et al. Using an Enterprise Architecture for IT Risk Management , 2006, ISSA.
[13] Somesh Jha,et al. Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.
[14] Carsten Maple,et al. A novel risk assessment and optimisation model for a multi-objective network security countermeasure selection problem , 2012, Decis. Support Syst..
[15] Loren Paul Rees,et al. Decision support for Cybersecurity risk planning , 2011, Decis. Support Syst..
[16] Eirik Albrechtsen,et al. Implementation and effectiveness of organizational information security measures , 2008, Inf. Manag. Comput. Secur..
[17] Ebenezer Paintsil. Taxonomy of security risk assessment approaches for researchers , 2012, 2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN).
[18] Indrajit Ray,et al. Towards an efficient vulnerability analysis methodology for better security risk management , 2010 .
[19] Indrajit Ray,et al. Optimal security hardening on attack tree models of networks: a cost-benefit analysis , 2012, International Journal of Information Security.
[20] Javier Santos,et al. Managing Information Systems Security: Critical Success Factors and Indicators to Measure Effectiveness , 2006, ISC.
[21] Daniel L. Moody,et al. Measuring the Value Of Information - An Asset Valuation Approach , 1999, ECIS.
[22] Youki Kadobayashi,et al. Exploring attack graph for cost-benefit security hardening: A probabilistic approach , 2013, Comput. Secur..
[23] Maryam Shahpasand,et al. Optimum Countermeasure Portfolio Selection , 2014 .
[24] Tadeusz Sawik,et al. Selection of optimal countermeasure portfolio in IT security planning , 2013, Decis. Support Syst..
[25] Ralph Spencer Poore. Valuing Information Assets for Security Risk Management , 2000, Inf. Secur. J. A Glob. Perspect..
[26] Margarida Vaz Pato,et al. A two state reduction based dynamic programming algorithm for the bi-objective 0-1 knapsack problem , 2011, Comput. Math. Appl..
[27] Hong-li Liu,et al. Measuring Effectiveness of Information Security Management , 2009, 2009 International Symposium on Computer Network and Multimedia Technology.
[28] Carol Woody,et al. Introduction to the OCTAVE ® Approach , 2003 .
[29] Stefan Fenz,et al. Interactive Selection of ISO 27001 Controls under Multiple Objectives , 2008, SEC.
[30] Sushil Jajodia,et al. An Attack Graph-Based Probabilistic Security Metric , 2008, DBSec.
[31] Tansu Alpcan,et al. Integrated security risk management for IT-intensive organizations , 2010, 2010 Sixth International Conference on Information Assurance and Security.
[32] Tansu Alpcan,et al. Modeling dependencies in security risk management , 2009, 2009 Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS 2009).
[33] Tai-Myung Chung,et al. Two-Dimensional Qualitative Asset Analysis Method based on Business Process-Oriented Asset Evaluation , 2005, J. Inf. Process. Syst..
[34] Daniel Bachlechner,et al. To Invest or Not to Invest? Assessing the Economic Viability of a Policy and Security Configuration Management Tool , 2012, WEIS.