Using case-based reasoning for the design of controls for internet-based information systems

Authors:
Sangjae Lee;Kyoung-jae Kim
Affiliations:
College of Business Administration, Sejong University, 98 Kunja-dong, Kwangjin-gu, Seoul 143-747, Republic of Korea;Department of Information Systems, Dongguk University, 3-26 Pil-Dong, Chung-Gu, Seoul 100-715, Republic of Korea
Venue:
Expert Systems with Applications: An International Journal
Year:
2009

Citing 21
Cited 2

Improving human decision making through case-based decision aiding

AI Magazine
Case-based reasoning and multiple-agent systems for accounting regulation systems with extensions

International Journal of Intelligent Systems in Accounting and Finance Management
Case-based reasoning and risk assessment in audit judgment

International Journal of Intelligent Systems in Accounting and Finance Management
Handbook of EDP Auditing

Handbook of EDP Auditing
Mining e-mail content for author identification forensics

ACM SIGMOD Record
An Empirical Examination of the Concern for Information Privacy Instrument

Information Systems Research
Taxonomy of security considerations and software quality

Communications of the ACM - E-services: a cornucopia of digital offerings ushers in the next Net-based evolution
Portfolios of Control in Outsourced Software Development Projects

Information Systems Research
An integrative model of computer abuse based on social control and general deterrence theories

Information and Management
Computer Audit, Control and Security

Computer Audit, Control and Security
Deploying Common Systems Globally: The Dynamics of Control

Information Systems Research
Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach

Decision Support Systems - Special issue: Intelligence and security informatics
Fighting cybercrime: a review and the Taiwan experience

Decision Support Systems - Special issue: Intelligence and security informatics
A hybrid system by evolving case-based reasoning with genetic algorithm in wholesaler's returning book forecasting

Decision Support Systems
Data mining approaches for intrusion detection

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
The Matrix of Control: Combining Process and Structure Approaches to Managing Software Development

Journal of Management Information Systems
Genetic programming for prevention of cyberterrorism through dynamic and evolving intrusion detection

Decision Support Systems
The Impact of Customer Trust and Perception of Security Control on the Acceptance of Electronic Commerce

International Journal of Electronic Commerce
Smokey: automatic recognition of hostile messages

AAAI'97/IAAI'97 Proceedings of the fourteenth national conference on artificial intelligence and ninth conference on Innovative applications of artificial intelligence
Trust and the unintended effects of behavior control in virtual teams

MIS Quarterly
Risks in the use of information technology within organizations

International Journal of Information Management: The Journal for Information Professionals

Using data envelopment analysis and decision trees for efficiency analysis and recommendation of B2C controls

Decision Support Systems
The hybrid model of neural networks and genetic algorithms for the design of controls for internet-based systems for business-to-consumer electronic commerce

Expert Systems with Applications: An International Journal

Quantified Score

Hi-index	12.09

Visualization

Abstract

The internal auditors and IS managers should obtain understanding of internal control structure in internet-based information systems (IIS) to be established in their organizations. This paper suggests IISCBR (The design of controls for IIS using case-based reasoning), a case-based reasoning model for generating recommendations of IIS controls. The case base of IISCBR consists of slots that include system environments and IIS controls. IIS controls which are most demanded in certain system environments can be suggested by the following two steps. First, the most probable level of controls is suggested from the cases retrieved. Second, the level of controls that have the highest values in performance among the retrieved case is determined. IIS auditors can retrieve similar cases and provide control recommendations using past cases in IISCBR. In order to evaluate the effectiveness of IISCBR, this paper compares the predictive power of the system with that of multivariate discriminant analysis (MDA). The results indicate that the case-based reasoner outperforms MDA in predictive accuracy.