Show simple item record

dc.contributor.authorBaskerville, Richard
dc.contributor.authorKim, J.
dc.contributor.authorStucke, C.
dc.contributor.authorSainsbury, R.
dc.contributor.editorH. Raghav Rao
dc.date.accessioned2017-01-30T10:35:43Z
dc.date.available2017-01-30T10:35:43Z
dc.date.created2015-07-16T06:22:06Z
dc.date.issued2013
dc.identifier.citationBaskerville, R. and Kim, J. and Stucke, C. and Sainsbury, R. 2013. The Information Security Risk Estimation Engine: A Tool for Possibility Based Risk Assessment, in Vance, A. (ed), Proceedings of The 2013 Dewald Roode Workshop on Information Systems Security Research, IFIP WG8.11/WG11.13, Oct 4-5 2013. Niagara Falls, NY: The State University of Buffalo.
dc.identifier.urihttp://hdl.handle.net/20.500.11937/3995
dc.description.abstract

Risk analysis methods help evaluate the costs of information security controls in relation to their benefits. Despite dramatic changes in the constellation of information security risks, the basic approach to these risk calculation methods remains unchanged. The fundamental mathematics underlying these methods is anchored to probability theory. Probability has the advantage of being widely known and conceptually simple. But it has a disadvantage in its grounding on expert estimates of frequency data because such data is often publicly unavailable. This paper proposes the use of possibility theory as an alternative grounding for information security risk calculations. Possibility theory assumes the data grounding will be estimations. The estimations include expert evaluations of both possibility and likelihood of risks. Using a design science research approach, we use possibility theory as the kernel theory in developing and evaluating a practical possibility-based risk estimation prototype. The results offer an expanded grounding to improve information security risk analysis through the use of a broader portfolio of distinct methodologies anchored to alternative mathematical theories of evidence.

dc.publisherIFIP
dc.titleThe Information Security Risk Estimation Engine: A Tool for Possibility Based Risk Assessment
dc.typeConference Paper
dcterms.source.titleProceedings of 2013 IFIP 8.11/11.13 Dewald Roode Information Security Research Workshop
dcterms.source.seriesProceedings of 2013 IFIP 8.11/11.13 Dewald Roode Information Security Research Workshop
dcterms.source.conferenceThe 2013 Dewald Roode Workshop on Information Systems Security Research, IFIP WG8.11/WG11.1
dcterms.source.conference-start-dateOct 4 2013
dcterms.source.conferencelocationNiagara Falls, New York, USA
dcterms.source.placeUS
curtin.accessStatusFulltext not available


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record