dc.contributor.author | Sun, Lili | |
dc.contributor.author | Srivastava, Rajendra P. | |
dc.contributor.author | Mock, Theodore J. | |
dc.date.accessioned | 2013-04-10T17:13:22Z | |
dc.date.available | 2013-04-10T17:13:22Z | |
dc.date.issued | 2006 | |
dc.identifier.citation | Srivastava, Rajendra. (2006) An Information Systems Security Risk Assessment Model under
Dempster-Shafer Theory of Belief Functions. Journal of Management Information Systems, 22
(4), 109-142. | |
dc.identifier.uri | http://hdl.handle.net/1808/10994 | |
dc.description | This is the author's final draft. The publisher's official version is available from:<http://www.jmis-web.org/>. | |
dc.description.abstract | This study develops an alternative methodology for the risk analysis of information systems
security (ISS), an evidential reasoning approach under the Dempster-Shafer theory of belief
functions. The approach has the following important dimensions. First, the evidential reasoning
approach provides a rigorous, structured manner to incorporate relevant ISS risk factors, related
counter measures and their interrelationships when estimating ISS risk. Secondly, the
methodology employs the belief function definition of risk, that is, ISS risk is the plausibility of
information system security failures. The proposed approach has other appealing features, such
as facilitating cost-benefit analyses to help promote efficient ISS risk management. The paper
both elaborates the theoretical concepts and provides operational guidance for implementing the
method. The method is illustrated using a hypothetical example from the perspective of
management and a real-world example from the perspective of external assurance providers.
Sensitivity analyses are performed to evaluate the impact of important parameters on the model’s
results. | |
dc.language.iso | en | |
dc.publisher | M.E. Sharpe | |
dc.subject | Information systems security | |
dc.subject | Risk Analysis | |
dc.subject | Evidential reasoning | |
dc.subject | Belief Function Theory | |
dc.subject | Cost Benefit Analysis | |
dc.subject | Sensitive Analysis | |
dc.title | An Information Systems Security Risk Assessment Model Under Dempster- Schafer Theory of Belief Functions | |
dc.type | Article | |
kusw.kuauthor | Srivastava, Rajendra P. | |
kusw.kudepartment | School of Business | |
kusw.oastatus | fullparticipation | |
dc.identifier.doi | 10.2753/MIS0742-1222220405 | |
kusw.oaversion | Scholarly/refereed, author accepted manuscript | |
kusw.oapolicy | This item meets KU Open Access policy criteria. | |
dc.rights.accessrights | openAccess | |