Show simple item record

dc.contributor.authorSun, Lili
dc.contributor.authorSrivastava, Rajendra P.
dc.contributor.authorMock, Theodore J.
dc.date.accessioned2013-04-10T17:13:22Z
dc.date.available2013-04-10T17:13:22Z
dc.date.issued2006
dc.identifier.citationSrivastava, Rajendra. (2006) An Information Systems Security Risk Assessment Model under Dempster-Shafer Theory of Belief Functions. Journal of Management Information Systems, 22 (4), 109-142.
dc.identifier.urihttp://hdl.handle.net/1808/10994
dc.descriptionThis is the author's final draft. The publisher's official version is available from:<http://www.jmis-web.org/>.
dc.description.abstractThis study develops an alternative methodology for the risk analysis of information systems security (ISS), an evidential reasoning approach under the Dempster-Shafer theory of belief functions. The approach has the following important dimensions. First, the evidential reasoning approach provides a rigorous, structured manner to incorporate relevant ISS risk factors, related counter measures and their interrelationships when estimating ISS risk. Secondly, the methodology employs the belief function definition of risk, that is, ISS risk is the plausibility of information system security failures. The proposed approach has other appealing features, such as facilitating cost-benefit analyses to help promote efficient ISS risk management. The paper both elaborates the theoretical concepts and provides operational guidance for implementing the method. The method is illustrated using a hypothetical example from the perspective of management and a real-world example from the perspective of external assurance providers. Sensitivity analyses are performed to evaluate the impact of important parameters on the model’s results.
dc.language.isoen
dc.publisherM.E. Sharpe
dc.subjectInformation systems security
dc.subjectRisk Analysis
dc.subjectEvidential reasoning
dc.subjectBelief Function Theory
dc.subjectCost Benefit Analysis
dc.subjectSensitive Analysis
dc.titleAn Information Systems Security Risk Assessment Model Under Dempster- Schafer Theory of Belief Functions
dc.typeArticle
kusw.kuauthorSrivastava, Rajendra P.
kusw.kudepartmentSchool of Business
kusw.oastatusfullparticipation
dc.identifier.doi10.2753/MIS0742-1222220405
kusw.oaversionScholarly/refereed, author accepted manuscript
kusw.oapolicyThis item meets KU Open Access policy criteria.
dc.rights.accessrightsopenAccess


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record