The Information Security Risk Estimation Engine: A Tool for Possibility Based Risk Assessment
dc.contributor.author | Baskerville, Richard | |
dc.contributor.author | Kim, J. | |
dc.contributor.author | Stucke, C. | |
dc.contributor.author | Sainsbury, R. | |
dc.contributor.editor | H. Raghav Rao | |
dc.date.accessioned | 2017-01-30T10:35:43Z | |
dc.date.available | 2017-01-30T10:35:43Z | |
dc.date.created | 2015-07-16T06:22:06Z | |
dc.date.issued | 2013 | |
dc.identifier.citation | Baskerville, R. and Kim, J. and Stucke, C. and Sainsbury, R. 2013. The Information Security Risk Estimation Engine: A Tool for Possibility Based Risk Assessment, in Vance, A. (ed), Proceedings of The 2013 Dewald Roode Workshop on Information Systems Security Research, IFIP WG8.11/WG11.13, Oct 4-5 2013. Niagara Falls, NY: The State University of Buffalo. | |
dc.identifier.uri | http://hdl.handle.net/20.500.11937/3995 | |
dc.description.abstract |
Risk analysis methods help evaluate the costs of information security controls in relation to their benefits. Despite dramatic changes in the constellation of information security risks, the basic approach to these risk calculation methods remains unchanged. The fundamental mathematics underlying these methods is anchored to probability theory. Probability has the advantage of being widely known and conceptually simple. But it has a disadvantage in its grounding on expert estimates of frequency data because such data is often publicly unavailable. This paper proposes the use of possibility theory as an alternative grounding for information security risk calculations. Possibility theory assumes the data grounding will be estimations. The estimations include expert evaluations of both possibility and likelihood of risks. Using a design science research approach, we use possibility theory as the kernel theory in developing and evaluating a practical possibility-based risk estimation prototype. The results offer an expanded grounding to improve information security risk analysis through the use of a broader portfolio of distinct methodologies anchored to alternative mathematical theories of evidence. | |
dc.publisher | IFIP | |
dc.title | The Information Security Risk Estimation Engine: A Tool for Possibility Based Risk Assessment | |
dc.type | Conference Paper | |
dcterms.source.title | Proceedings of 2013 IFIP 8.11/11.13 Dewald Roode Information Security Research Workshop | |
dcterms.source.series | Proceedings of 2013 IFIP 8.11/11.13 Dewald Roode Information Security Research Workshop | |
dcterms.source.conference | The 2013 Dewald Roode Workshop on Information Systems Security Research, IFIP WG8.11/WG11.1 | |
dcterms.source.conference-start-date | Oct 4 2013 | |
dcterms.source.conferencelocation | Niagara Falls, New York, USA | |
dcterms.source.place | US | |
curtin.accessStatus | Fulltext not available |