An Information Systems Security Risk Assessment Model under the Dempster-Shafer Theory of Belief Functions

This study develops an alternative methodology for the risk analysis of information systems security (ISS), an evidential reasoning approach under the Dempster-Shafer theory of belief functions. The approach has the following important dimensions. First, the evidential reasoning approach provides a...

Ausführliche Beschreibung

Bibliographische Detailangaben
Veröffentlicht in:	Journal of Management Information Systems. - Taylor & Francis, Ltd.. - 22(2006), 4, Seite 109-142
1. Verfasser:	Sun, Lili (VerfasserIn)
Weitere Verfasser:	Srivastava, Rajendra P., Mock, Theodore J.
Format:	Online-Aufsatz
Sprache:	English
Veröffentlicht:	2006
Zugriff auf das übergeordnete Werk:	Journal of Management Information Systems
Schlagworte:	belief function theory cost-benefit analysis evidential reasoning information systems security risk analysis sensitivity analysis Economics Applied sciences Business Mathematics mehr... Behavioral sciences Information science Philosophy


LEADER	01000caa a22002652 4500
001	JST04975209X
003	DE-627
005	20240621171211.0
007	cr uuu---uuuuu
008	150324s2006 xx \|\|\|\|\|o 00\| \|\|eng c
035			\|a (DE-627)JST04975209X
035			\|a (JST)40398815
040			\|a DE-627 \|b ger \|c DE-627 \|e rakwb
041			\|a eng
100	1		\|a Sun, Lili \|e verfasserin \|4 aut
245	1	3	\|a An Information Systems Security Risk Assessment Model under the Dempster-Shafer Theory of Belief Functions
264		1	\|c 2006
336			\|a Text \|b txt \|2 rdacontent
337			\|a Computermedien \|b c \|2 rdamedia
338			\|a Online-Ressource \|b cr \|2 rdacarrier
520			\|a This study develops an alternative methodology for the risk analysis of information systems security (ISS), an evidential reasoning approach under the Dempster-Shafer theory of belief functions. The approach has the following important dimensions. First, the evidential reasoning approach provides a rigorous, structured manner to incorporate relevant ISS risk factors, related countermeasures, and their interrelationships when estimating ISS risk. Second, the methodology employs the belief function definition of risk— that is, ISS risk is the plausibility of ISS failures. The proposed approach has other appealing features, such as facilitating costbenefit analyses to help promote efficient ISS risk management. The paper elaborates the theoretical concepts and provides operational guidance for implementing the method. The method is illustrated using a hypothetical example from the perspective of management and a real-world example from the perspective of external assurance providers. Sensitivity analyses are performed to evaluate the impact of important parameters on the model's results.
540			\|a Copyright 2006 M. E. Sharpe, Inc.
650		4	\|a belief function theory
650		4	\|a cost-benefit analysis
650		4	\|a evidential reasoning
650		4	\|a information systems security
650		4	\|a risk analysis
650		4	\|a sensitivity analysis
650		4	\|a Economics \|x Economic disciplines \|x Financial economics \|x Finance \|x Financial analysis \|x Risk management \|x Risk analysis
650		4	\|a Applied sciences \|x Computer science \|x Computer engineering \|x Computer software \|x Software applications \|x Information storage and retrieval systems
650		4	\|a Business \|x Accountancy \|x Auditing \|x Business audits \|x Management audits
650		4	\|a Mathematics \|x Applied mathematics \|x Mathematical modeling \|x Sensitivity analysis
650		4	\|a Behavioral sciences \|x Psychology \|x Cognitive psychology \|x Cognitive processes \|x Thought processes \|x Reasoning
650		4	\|a Applied sciences \|x Technology \|x Safety devices \|x Security systems
650		4	\|a Information science \|x Information management \|x Data management \|x Data architecture \|x Data security
650		4	\|a Applied sciences \|x Research methods \|x Modeling
650		4	\|a Business \|x Accountancy \|x Auditing \|x Financial audits
650		4	\|a Philosophy \|x Epistemology \|x Ambiguity
655		4	\|a research-article
700	1		\|a Srivastava, Rajendra P. \|e verfasserin \|4 aut
700	1		\|a Mock, Theodore J. \|e verfasserin \|4 aut
773	0	8	\|i Enthalten in \|t Journal of Management Information Systems \|d Taylor & Francis, Ltd. \|g 22(2006), 4, Seite 109-142 \|w (DE-627)32495817X \|w (DE-600)2033010-8 \|x 1557928X \|7 nnns
773	1	8	\|g volume:22 \|g year:2006 \|g number:4 \|g pages:109-142
856	4	0	\|u https://www.jstor.org/stable/40398815 \|3 Volltext
912			\|a GBV_USEFLAG_A
912			\|a SYSFLAG_A
912			\|a GBV_JST
912			\|a GBV_ILN_11
912			\|a GBV_ILN_20
912			\|a GBV_ILN_22
912			\|a GBV_ILN_23
912			\|a GBV_ILN_24
912			\|a GBV_ILN_26
912			\|a GBV_ILN_31
912			\|a GBV_ILN_32
912			\|a GBV_ILN_39
912			\|a GBV_ILN_40
912			\|a GBV_ILN_60
912			\|a GBV_ILN_62
912			\|a GBV_ILN_63
912			\|a GBV_ILN_65
912			\|a GBV_ILN_69
912			\|a GBV_ILN_70
912			\|a GBV_ILN_90
912			\|a GBV_ILN_95
912			\|a GBV_ILN_100
912			\|a GBV_ILN_110
912			\|a GBV_ILN_120
912			\|a GBV_ILN_151
912			\|a GBV_ILN_152
912			\|a GBV_ILN_187
912			\|a GBV_ILN_224
912			\|a GBV_ILN_285
912			\|a GBV_ILN_370
912			\|a GBV_ILN_374
912			\|a GBV_ILN_647
912			\|a GBV_ILN_702
912			\|a GBV_ILN_2001
912			\|a GBV_ILN_2003
912			\|a GBV_ILN_2005
912			\|a GBV_ILN_2006
912			\|a GBV_ILN_2007
912			\|a GBV_ILN_2009
912			\|a GBV_ILN_2010
912			\|a GBV_ILN_2011
912			\|a GBV_ILN_2014
912			\|a GBV_ILN_2015
912			\|a GBV_ILN_2018
912			\|a GBV_ILN_2020
912			\|a GBV_ILN_2021
912			\|a GBV_ILN_2025
912			\|a GBV_ILN_2026
912			\|a GBV_ILN_2027
912			\|a GBV_ILN_2034
912			\|a GBV_ILN_2044
912			\|a GBV_ILN_2048
912			\|a GBV_ILN_2050
912			\|a GBV_ILN_2055
912			\|a GBV_ILN_2056
912			\|a GBV_ILN_2057
912			\|a GBV_ILN_2059
912			\|a GBV_ILN_2061
912			\|a GBV_ILN_2065
912			\|a GBV_ILN_2068
912			\|a GBV_ILN_2088
912			\|a GBV_ILN_2093
912			\|a GBV_ILN_2106
912			\|a GBV_ILN_2107
912			\|a GBV_ILN_2108
912			\|a GBV_ILN_2111
912			\|a GBV_ILN_2112
912			\|a GBV_ILN_2113
912			\|a GBV_ILN_2118
912			\|a GBV_ILN_2119
912			\|a GBV_ILN_2122
912			\|a GBV_ILN_2129
912			\|a GBV_ILN_2143
912			\|a GBV_ILN_2147
912			\|a GBV_ILN_2148
912			\|a GBV_ILN_2152
912			\|a GBV_ILN_2153
912			\|a GBV_ILN_2190
912			\|a GBV_ILN_2232
912			\|a GBV_ILN_2336
912			\|a GBV_ILN_2470
912			\|a GBV_ILN_2472
912			\|a GBV_ILN_2507
912			\|a GBV_ILN_2548
912			\|a GBV_ILN_2949
912			\|a GBV_ILN_2950
912			\|a GBV_ILN_4035
912			\|a GBV_ILN_4037
912			\|a GBV_ILN_4046
912			\|a GBV_ILN_4112
912			\|a GBV_ILN_4125
912			\|a GBV_ILN_4126
912			\|a GBV_ILN_4242
912			\|a GBV_ILN_4246
912			\|a GBV_ILN_4249
912			\|a GBV_ILN_4251
912			\|a GBV_ILN_4305
912			\|a GBV_ILN_4306
912			\|a GBV_ILN_4307
912			\|a GBV_ILN_4313
912			\|a GBV_ILN_4322
912			\|a GBV_ILN_4323
912			\|a GBV_ILN_4324
912			\|a GBV_ILN_4325
912			\|a GBV_ILN_4326
912			\|a GBV_ILN_4335
912			\|a GBV_ILN_4338
912			\|a GBV_ILN_4346
912			\|a GBV_ILN_4393
912			\|a GBV_ILN_4700
951			\|a AR
952			\|d 22 \|j 2006 \|e 4 \|h 109-142