Modern heuristic techniques for combinatorial problems
Modern heuristic techniques for combinatorial problems
Communications of the ACM
IEEE Transactions on Pattern Analysis and Machine Intelligence
Learning in graphical models
The ant colony optimization meta-heuristic
New ideas in optimization
Swarm intelligence
Introduction to Bayesian Networks
Introduction to Bayesian Networks
The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
Managing Information Security Risks: The Octave Approach
Managing Information Security Risks: The Octave Approach
Searching for the best elimination sequence in Bayesian networks by using ant colony optimization
Pattern Recognition Letters
Journal of Computer Security - IFIP 2000
Metaheuristics in combinatorial optimization: Overview and conceptual comparison
ACM Computing Surveys (CSUR)
Ant Colony Optimization
BBN-based software project risk management
Journal of Systems and Software - Special issue: Applications of statistics in software engineering
Information Security Risk Analysis
Information Security Risk Analysis
Journal of Management Information Systems
International Journal of Electronic Commerce
Network externalities, layered protection and IT security risk management
Decision Support Systems
Journal of Systems and Software
A simple graphical approach for understanding probabilistic inference in Bayesian networks
Information Sciences: an International Journal
Choquet integral based aggregation approach to software development risk assessment
Information Sciences: an International Journal
Optimal Search on Clustered Structural Constraint for Learning Bayesian Network Structure
The Journal of Machine Learning Research
Bayesian Networks and Influence Diagrams: A Guide to Construction and Analysis
Bayesian Networks and Influence Diagrams: A Guide to Construction and Analysis
An information systems security risk assessment model under uncertain environment
Applied Soft Computing
An integrated risk measurement and optimization model for trustworthy software process management
Information Sciences: an International Journal
Ant system: optimization by a colony of cooperating agents
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Fuzzy risk analysis based on similarity measures of generalized fuzzy numbers
IEEE Transactions on Fuzzy Systems
Identification of stock market forces in the system adaptation framework
Information Sciences: an International Journal
Hi-index | 0.07 |
With the increasing organizational dependence on information systems, information systems security has become a very critical issue in enterprise risk management. In information systems, security risks are caused by various interrelated internal and external factors. A security vulnerability could also propagate and escalate through the causal chains of risk factors via multiple paths, leading to different system security risks. In order to identify the causal relationships among risk factors and analyze the complexity and uncertainty of vulnerability propagation, a security risk analysis model (SRAM) is proposed in this paper. In SRAM, a Bayesian network (BN) is developed to simultaneously define the risk factors and their causal relationships based on the knowledge from observed cases and domain experts. Then, the security vulnerability propagation analysis is performed to determine the propagation paths with the highest probability and the largest estimated risk value. SRAM enables organizations to establish proactive security risk management plans for information systems, which is validated via a case study.