Model-based qualitative risk assessment for availability of IT infrastructures
暂无分享,去创建一个
[1] Richard P. Lippmann,et al. An Annotated Review of Past Papers on Attack Graphs , 2005 .
[2] R. Wieringa,et al. Designing Requirements Engineering Research , 2007, 2007 Fifth International Workshop on Comparative Evaluation in Requirements Engineering.
[3] Fabrizio Baiardi,et al. Assessing the Risk of an Information Infrastructure Through Security Dependencies , 2006, CRITIS.
[4] Aaron B. Brown,et al. An Active Approach to Characterizing Dynamic Dependencies for Problem Determination in a Distributed Application Environment , 2000 .
[5] Michael Jackson,et al. A Reference Model for Requirements and Specifications , 2000, IEEE Softw..
[6] Dongho Won,et al. A Study on Security Risk Modeling over Information and Communication Infrastructure , 2004, Security and Management.
[7] Gary Stoneburner,et al. SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .
[8] Richard R. Muntz,et al. Bounding Availability of Repairable Computer Systems , 1989, IEEE Trans. Computers.
[9] I. Hogganvik,et al. Model-based security analysis in seven steps — a guided tour to the CORAS method , 2007 .
[10] Susan Snedaker,et al. The Best Damn IT Security Management Book Period , 2007 .
[11] 日本規格協会. 情報セキュリティマネジメントシステム : 仕様及び利用の手引 : 英国規格 : BS7799-2:2002 = Information security management systems : specification with guidance for use : british standards : BS 7799-2:2002 , 2002 .
[12] Sandro Etalle,et al. Model-Based Mitigation of Availability Risks , 2007, 2007 2nd IEEE/IFIP International Workshop on Business-Driven IT Management.
[13] Ruth Breu,et al. Using an Enterprise Architecture for IT Risk Management , 2006, ISSA.
[14] Somesh Jha,et al. Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.
[15] Muninder P. Kailay,et al. An application of qualitative risk analysis to computer security for the commercial sector , 1992, [1992] Proceedings Eighth Annual Computer Security Application Conference.
[16] W E Vesely,et al. Fault Tree Handbook , 1987 .
[17] Alexander Keller,et al. Managing application services over service provider networks: architecture and dependency analysis , 2000, NOMS 2000. 2000 IEEE/IFIP Network Operations and Management Symposium 'The Networked Planet: Management Beyond 2000' (Cat. No.00CB37074).
[18] Mitchell Kb,et al. Web references , 2007, Ship and Mobile Offshore Unit Automation.
[19] Mark John Taylor,et al. Risk Assessment & Success Factors for e-Government in a UK Establishment , 2002, EGOV.
[20] Richard R. Muntz,et al. Bounding availability of repairable computer systems , 1989, SIGMETRICS '89.
[21] 日本規格協会. 情報技術-セキュリティ技術-情報セキュリティマネジメントシステム-要求事項 : 国際規格ISO/IEC 27001 = Information technology-Security techniques-Information security management systems-Requirements : ISO/IEC 27001 , 2005 .
[22] Sandro Etalle,et al. Extended eTVRA vs. security checklist: Experiences in a value-web , 2009, 2009 31st International Conference on Software Engineering - Companion Volume.
[23] S. M. Mousavi. Development strategies of the Information Security Management Systems (ISMS) standards for organizations , 2005 .
[24] Aaron B. Brown,et al. An active approach to characterizing dynamic dependencies for problem determination in a distributed environment , 2001, 2001 IEEE/IFIP International Symposium on Integrated Network Management Proceedings. Integrated Network Management VII. Integrated Management Strategies for the New Millennium (Cat. No.01EX470).
[25] Jan Trobitius,et al. Anwendung der "Common Criteria for Information Technology Security Evaluation" (CC) / ISO 15408 auf ein SOA Registry-Repository , 2007, Informatiktage.
[26] Scott Cadzow,et al. eTVRA, a Threat, Vulnerability and Risk Assessment Method and Tool for eEurope , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).
[27] Debra Herrmann,et al. Complete Guide to Security and Privacy Metrics , 2007 .
[28] Hany H. Ammar,et al. Architectural-Level Risk Analysis Using UML , 2003, IEEE Trans. Software Eng..
[29] Fadhel Kaboub. Realistic Evaluation , 2004 .
[30] Saurabh Bagchi,et al. Dependency Analysis in Distributed Systems using Fault Injection: Application to Problem Determination in an e-commerce Environment , 2001, DSOM.
[31] Debra Herrmann,et al. Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI , 2007 .
[32] Martin Gorrod. The risk management challenge , 2004 .
[33] Roel Wieringa,et al. Requirements engineering paper classification and evaluation criteria: a proposal and a discussion , 2005, Requirements Engineering.
[34] G. Stoneburner,et al. Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .