Curtin University Homepage
  • Library
  • Help
    • Admin

    espace - Curtin’s institutional repository

    JavaScript is disabled for your browser. Some features of this site may not work without it.
    View Item 
    • espace Home
    • espace
    • Curtin Research Publications
    • View Item
    • espace Home
    • espace
    • Curtin Research Publications
    • View Item

    The Information Security Risk Estimation Engine: A Tool for Possibility Based Risk Assessment

    Access Status
    Fulltext not available
    Authors
    Baskerville, Richard
    Kim, J.
    Stucke, C.
    Sainsbury, R.
    Date
    2013
    Type
    Conference Paper
    
    Metadata
    Show full item record
    Citation
    Baskerville, R. and Kim, J. and Stucke, C. and Sainsbury, R. 2013. The Information Security Risk Estimation Engine: A Tool for Possibility Based Risk Assessment, in Vance, A. (ed), Proceedings of The 2013 Dewald Roode Workshop on Information Systems Security Research, IFIP WG8.11/WG11.13, Oct 4-5 2013. Niagara Falls, NY: The State University of Buffalo.
    Source Title
    Proceedings of 2013 IFIP 8.11/11.13 Dewald Roode Information Security Research Workshop
    Source Conference
    The 2013 Dewald Roode Workshop on Information Systems Security Research, IFIP WG8.11/WG11.1
    URI
    http://hdl.handle.net/20.500.11937/3995
    Collection
    • Curtin Research Publications
    Abstract

    Risk analysis methods help evaluate the costs of information security controls in relation to their benefits. Despite dramatic changes in the constellation of information security risks, the basic approach to these risk calculation methods remains unchanged. The fundamental mathematics underlying these methods is anchored to probability theory. Probability has the advantage of being widely known and conceptually simple. But it has a disadvantage in its grounding on expert estimates of frequency data because such data is often publicly unavailable. This paper proposes the use of possibility theory as an alternative grounding for information security risk calculations. Possibility theory assumes the data grounding will be estimations. The estimations include expert evaluations of both possibility and likelihood of risks. Using a design science research approach, we use possibility theory as the kernel theory in developing and evaluating a practical possibility-based risk estimation prototype. The results offer an expanded grounding to improve information security risk analysis through the use of a broader portfolio of distinct methodologies anchored to alternative mathematical theories of evidence.

    Related items

    Showing items related by title, author, creator and subject.

    • An analysis of Australian mutual fund performance and market relationships
      Pojanavatee, Sasipa (2013)
      Mutual funds are emerging as an opportunity for investors to automatically diversify their investments in such a way that all their money is pooled and the investment decisions are left to a professional manager. There ...
    • Entries and exits from homelessness: A dynamic analysis of the relationship between structural conditions and individual characteristics
      Johnson, G.; Scutella, R.; Tseng, Y.; Wood, Gavin; Guy, J.; Rosanna, S.; Yi-Ping, T.; Gavin, W. (2015)
      This report examines the relationship between structural factors, individual characteristics and homelessness. Our interest in the interaction of structural conditions and individual characteristics gives rise to two ...
    • Generative Control Theory for Information Security
      Raymond, B.; Baskerville, Richard (2014)
      Increasing information security losses, coupled with more closely regulated security risk disclosure, are raising the importance of information security standards for identifying control gaps and for implementing appropriate ...
    Advanced search

    Browse

    Communities & CollectionsIssue DateAuthorTitleSubjectDocument TypeThis CollectionIssue DateAuthorTitleSubjectDocument Type

    My Account

    Admin

    Statistics

    Most Popular ItemsStatistics by CountryMost Popular Authors

    Follow Curtin

    • 
    • 
    • 
    • 
    • 

    CRICOS Provider Code: 00301JABN: 99 143 842 569TEQSA: PRV12158

    Copyright | Disclaimer | Privacy statement | Accessibility

    Curtin would like to pay respect to the Aboriginal and Torres Strait Islander members of our community by acknowledging the traditional owners of the land on which the Perth campus is located, the Whadjuk people of the Nyungar Nation; and on our Kalgoorlie campus, the Wongutha people of the North-Eastern Goldfields.