Managing vulnerabilities of information systems to security incidents

Authors:
Fariborz Farahmand;Shamkant B. Navathe;Philip H. Enslow;Gunter P. Sharp
Affiliations:
College of Computing, Georgia Institute of Technology;College of Computing, Georgia Institute of Technology;School of Industrial & Systems Engineering Georgia Institute of Technology;College of Computing, Georgia Institute of Technology
Venue:
ICEC '03 Proceedings of the 5th international conference on Electronic commerce
Year:
2003

Citing 3
Cited 11

Computer security: a comprehensive controls checklist

Computer security: a comprehensive controls checklist
Coping with systems risk: security planning models for management decision making

MIS Quarterly
Security service level agreements: quantifiable security for the enterprise?

Proceedings of the 1999 workshop on New security paradigms

A Management Perspective on Risk of Security Threats to Information Systems

Information Technology and Management
Optimal resource allocation for securing an enterprise information infrastructure

Proceedings of the 4th international IFIP/ACM Latin American conference on Networking
Assessing the risk of intercepting VoIP calls

Computer Networks: The International Journal of Computer and Telecommunications Networking
Risk assessment in practice: A real case study

Computer Communications
Towards more secure systems: how to combine expert evaluations

Proceedings of the 4th international conference on Security and privacy in communication netowrks
Understanding the Value of Countermeasure Portfolios in Information Systems Security

Journal of Management Information Systems
An audit framework to support information system security management

International Journal of Electronic Security and Digital Forensics
Reduction of interorganization web services peers incidents by deployment of asynchronous computing environment profile unification methodology (ACEPUM)

TELE-INFO'06 Proceedings of the 5th WSEAS international conference on Telecommunications and informatics
Contextual constraints in media choice: Beyond information richness

Decision Support Systems
Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements

International Journal of Information Management: The Journal for Information Professionals
Managing the investment in information security technology by use of a quantitative modeling

Information Processing and Management: an International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

Information security-conscious managers of organizations have the responsibility to advise their senior management of the level of risks faced by the information systems. This requires managers to conduct vulnerability assessment as the first step of a risk analysis approach. However, a lack of real world data classification of security threats and develops a three-axis view of the threat space. It develops a scheme for probabilistic evaluation of impact of the security threats and proposes a risk management system consisting of a five-step approach. The goal is to assess the expected damages due to attacks, and managing the risk of attacks.