Agile development of secure web applications
ICWE '06 Proceedings of the 6th international conference on Web engineering
Electronic Notes in Theoretical Computer Science (ENTCS)
Risk management --- visual IDS countermeasures
BT Technology Journal
Is Information Security Under Control?: Investigating Quality in Information Security Management
IEEE Security and Privacy
Security and Trust in IT Business Outsourcing: a Manifesto
Electronic Notes in Theoretical Computer Science (ENTCS)
An algorithm for the appraisal of assurance indicators for complex business processes
Proceedings of the 2007 ACM workshop on Quality of protection
Trust management for secure information flows
Proceedings of the 15th ACM conference on Computer and communications security
Economic acceptable risk assessment model
Proceedings of the 5th annual conference on Information security curriculum development
Formalizing information security knowledge
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
How to determine threat probabilities using ontologies and Bayesian networks
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Improving risk assessment methodology: a statistical design of experiments approach
Proceedings of the 2nd international conference on Security of information and networks
N±ε: Reflecting Local Risk Assessment in LoA
OTM '09 Proceedings of the Confederated International Conferences, CoopIS, DOA, IS, and ODBASE 2009 on On the Move to Meaningful Internet Systems: Part II
Scalable attack graph for risk assessment
ICOIN'09 Proceedings of the 23rd international conference on Information Networking
Quantified security is a weak hypothesis: a critical survey of results and assumptions
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
VRRM: a value-based requirements' risk management process
SE '08 Proceedings of the IASTED International Conference on Software Engineering
Strategic games on defense trees
FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
Formal approach to security metrics.: what does "more secure" mean for you?
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
Value-based argumentation for justifying compliance
DEON'10 Proceedings of the 10th international conference on Deontic logic in computer science
A cost-based analysis of intrusion detection system configuration under active or passive response
Decision Support Systems
An ontology- and Bayesian-based approach for determining threat probabilities
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Formal analysis of security metrics and risk
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Towards legal privacy risk assessment and specification
TrustBus'11 Proceedings of the 8th international conference on Trust, privacy and security in digital business
Model-based qualitative risk assessment for availability of IT infrastructures
Software and Systems Modeling (SoSyM)
Mapping between classical risk management and game theoretical approaches
CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
Influence of attribute freshness on decision making in usage control
STM'10 Proceedings of the 6th international conference on Security and trust management
Appraisal and reporting of security assurance at operational systems level
Journal of Systems and Software
An advanced generation model for a security data warehouse
OTM'11 Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems
A security risk analysis model for information systems
AsiaSim'04 Proceedings of the Third Asian simulation conference on Systems Modeling and Simulation: theory and applications
Vulnerabilities and threats in distributed systems
ICDCIT'04 Proceedings of the First international conference on Distributed Computing and Internet Technology
Using hidden markov models to evaluate the risks of intrusions
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Graceful privilege reduction in RFID security
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
A probabilistic approach to estimate the damage propagation of cyber attacks
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
CIMMACS'11/ISP'11 Proceedings of the 10th WSEAS international conference on Computational Intelligence, Man-Machine Systems and Cybernetics, and proceedings of the 10th WSEAS international conference on Information Security and Privacy
SP 800-144. Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144. Guidelines on Security and Privacy in Public Cloud Computing
A System-Aware Cyber Security architecture
Systems Engineering
Threat scenario-based security risk analysis using use case modeling in information systems
Security and Communication Networks
A two-phase quantitative methodology for enterprise information security risk analysis
Proceedings of the CUBE International Information Technology Conference
Intended actions: risk is conflicting incentives
ISC'12 Proceedings of the 15th international conference on Information Security
E-Voting Risk Assessment: A Threat Tree for Direct Recording Electronic Systems
International Journal of Information Security and Privacy
Comparing Misuse Case and Mal-Activity Diagrams for Modelling Social Engineering Attacks
International Journal of Secure Software Engineering
Understanding insiders: An analysis of risk-taking behavior
Information Systems Frontiers
On identifying proper security mechanisms
ICT-EurAsia'13 Proceedings of the 2013 international conference on Information and Communication Technology
Implementing graceful RFID privilege reduction
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
A review of research on risk analysis methods for IT systems
Proceedings of the 17th International Conference on Evaluation and Assessment in Software Engineering
Public key infrastructure for UAE: a case study
Proceedings of the 6th International Conference on Security of Information and Networks
An approach to select cost-effective risk countermeasures
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
| Hi-index | 0.00 |
Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. Organizations use risk assessment, the first step in the risk management methodology, to determine the extent of the potential threat, vulnerabilities, and the risk associated with an information technology (IT) system. The output of this process helps to identify appropriate controls for reducing or eliminating risk during the risk mitigation process, the second step of risk management, which involves prioritizing, evaluating, and implementing the appropriate risk-reducing controls recommended from the risk assessment process. This guide provides a foundation for the development of an effective risk management program, containing both the definitions and the practical guidance necessary for assessing and mitigating risks identified within IT systems throughout their system development life cycle (SDLC). The ultimate goal is to help organizations to better manage IT-related mission risks.Organizations may choose to expand or abbreviate the comprehensive processes and steps suggested in this guide and tailor them to their site environment in managing IT-related mission risks. In addition, this guide provides information on the selection of cost-effective security controls. These controls can be used to mitigate risk for the better protection of mission-critical information and the IT systems that process, store, and carry this information.The third step in the process is continual evaluation and assessment. In most organizations, IT systems will continually be expanded and updated, their components changed, and their software applications replaced or updated with newer versions. In addition, personnel changes will occur and security policies are likely to change over time. These changes mean that new risks will surface and risks previously mitigated may again become a concern. Thus, the risk management process is ongoing and evolving.