CSec CRA Bibliography

Aljafari, R., Sarnikar, S. (2010). "A Risk Assessment Framework for Inter-Organizational Knowledge Sharing," . Sprouts: Working Papers on Information Systems, 10(29).

Aljafari, Ruba and Sarnikar, Surendra, "A Framework for Assessing Knowledge Sharing Risks in Interorganizational Networks" (2009). AMCIS 2009 Proceedings. Paper 572.

Bakker, Rene (2010) Taking stock of temporary organizational forms : a systematic review and research agenda. International Journal of Management Reviews, 12(4), pp. 466-486.

Bowker, Mark. Virtualization Maturity and Experience Breed Success. Enterprise Strategy Group: Policy Brief. August 27, 2012

Byres, Eric, and Justin Lowe. "The myths and facts behind cyber security risks for industrial control systems." Proceedings of the VDE Kongress. Vol. 116. 2004.

Casas, Victoriano, "An Information Security Risk Assessment Model for Public and University Administrators" (2006). Applied Research Projects, Texas State University-San Marcos.

Chris I. Cain, Erik Couture. Establishing a Security Metrics Program. Final Project. Zobel, C. W., & Khansa, L. (2012). Quantifying Cyberinfrastructure Resilience against Multi-Event Attacks. Decision Sciences, 43(4), 687-710.

Cloppert, Mike. "Security Intelligence: Attacking the Cyber Kill Chain". 2009. Blog: SANS Digital Forensics and Incident Response

El-Gayar, Omar F., and Brian D. Fritz. "A web-based multi-perspective decision support system for information security planning." Decision Support Systems 50.1 (2010): 43-54.

Feng, Nan, and Jing Xie. "A Bayesian networks-based security risk analysis model for information systems integrating the observed cases with expert experience." Scientific Research and Essays 7.10 (2012): 1103-1112.

Feng, Nan, and Jing Xie. "A Hybrid Approach of Evidence Theory and Rough Sets for ISS Risk Assessment." Journal of Networks 7.2 (2012).

Feng, Nan, and Xue Yu. "A Data-driven Assessment Model for Information Systems Security Risk Management." Journal of Computers 7.12 (2012).

Fenz, S., & Ekelhart, A. (2011). Verification, validation, and evaluation in information security risk management. IEEE Security & Privacy, 9(2), 58-65. IEEE Computer Society

Fonseca, Carlos M., and Peter J. Fleming. "An overview of evolutionary algorithms in multiobjective optimization." Evolutionary computation 3.1 (1995): 1-16.

Fukukawa, H., & Mock, T. J. (2012). Auditors' evidence evaluation and aggregation using beliefs and probabilities. International Journal of Approximate Reasoning, 53(2), 190-199.

Gammelgaard, J. (2010). Knowledge retrieval through virtual communities of practice. Behaviour & Information Technology, 29(4), 349-362.

Gao, L., Srivastava, R. P., & Mock, T. J. (2008). An Evidential Reasoning Approach to Integrating Fraud Schemes into Fraud Risk Assessment.

Gordon, A., Belik, I., & Rahimi, S. (2010). A Hybrid Expert System for IT Security Risk Assessment. In PDPTA (pp. 430-434).

Hammer, B., & Boggs, R. A. 2011, Information Systems Principles for Developing Secure Information Systems. Proc. Informing Science & IT Education Conference. ISSN 1535-07-03

Hoadley, E. D., Deibel, J., Kistner, C., Rice, P., & Sokhey, S. (2012). Seeking Best Practices In The Balancing Act Between Data Security And Operational Effectiveness. International Journal of Management & Information Systems (IJMIS), 16(2), 183-188.

James F. Broder. Summary of the book: Risk Analysis and Security Survey, 1986, National Criminal Juastice Institute Referensce Service

Jaquith, Andrew. Security Metrics: Replacing Fear, Uncertainty, and Doubt. Upper Saddle River, NJ: Addison-Wesley, 2007.

K. Charitoudi and A. Blyth, "A Socio-Technical Approach to Cyber Risk Management and Impact Assessment," Journal of Information Security, Vol. 4 No. 1, 2013, pp. 33-41.

Leon, Pedro, et al. "Why Johnny can't opt out: A usability evaluation of tools to limit online behavioral advertising." Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2012.

Lili Sun, Rajendra P. Srivastava and Theodore J. Mock.(2006) An Information Systems Security Risk Assessment Model under the Dempster-Shafer Theory of Belief Functions Journal of Management Information Systems , 22(4): 109-142.

Loai Zomlot, Sathya Chandran Sundaramurthy, Kui Luo, Xinming Ou, and S. Raj Rajagopalan : Prioritizing intrusion analysis using Dempster-Shafer theory.. 4TH ACM Workshop on Artificial Intelligence and Security (AISec), Chicago, USA, Oct. 2011.

L.S. Iliadis, A decision support system applying an integrated fuzzy model for long-term forest fire risk estimation, Environmental Modelling & Software, Volume 20, Issue 5, May 2005, Pages 613-621.

L.S. Iliadis, A decision support system applying an integrated fuzzy model for long-term forest fire risk estimation, Environmental Modelling & Software, Volume 20, Issue 5, May 2005, Pages 613-621.

Mock, T. J., Sun, L., Srivastava, R. P., & Vasarhelyi, M. (2009). An evidential reasoning approach to Sarbanes-Oxley mandated internal control risk assessment. International Journal of Accounting Information Systems, 10(2), 65-78.

Qi, Y., Wang, Y., & Li, Q. (2012). Network Security Risk Assessment Model and Method Based on Situation Awareness and CORAS. In Instrumentation, Measurement, Circuits and Systems (pp. 191-204).

Robinson , Rich. 2010. PC Security Handbook. v.2.

Srivastava, R. P. (2011). An introduction to evidential reasoning for decision making under uncertainty: Bayesian and belief function perspectives. International Journal of Accounting Information Systems, 12(2), 126-135.

Srivastava, R. P., Gao, L., & Gillett, P. R. (2009). Representation of interrelationships among binary variables under Dempster-Shafer theory of belief functions. International Journal of Intelligent Systems, 24(4), 459-475.

Srivastava, R. P., & Jones, S. (2008). A Belief-Function Perspective to Default Risk Assessments. Advances in the Modeling of Credit Risk and Corporate Bankruptcy, Cambridge University Press, Cambridge, UK.

Srivastava, R. P., Mock, T. J. and Gao, L. (2011), The Dempster-Shafer Theory: An Introduction and Fraud Risk Assessment Illustration. Australian Accounting Review, 21: 282-291.

Srivastava, R. P., Mock, T. J., & Turner, J. L. (2009). Bayesian and Belief-Functions Formulas for Auditor Independence Risk Assessment. International Journal of Auditing, 13(3), 163-183.

Tanaka, H. (2009, October). Quantitative analysis of information security interdependency between industrial sectors. In Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement (pp. 574-583).

Wang, P, Chao, K-M, Lo, C-C, Huang, C-L and Younas, M (2007) A fuzzy outranking approach in risk analysis of web service security. Cluster Computing: The Journal of Networks, Software Tools and Applications, 10 (1). pp. 47-55.

Xu, G., Feng, Z., Li, X., Wu, H., Yu, Y., Chen, S., & Rao, G. (2009). TSM-Trust: a time-cognition based computational model for trust dynamics. In Information and Communications Security (pp. 385-395). Springer Berlin Heidelberg.

Yazar, Z. (2002). A qualitative risk analysis and management tool-CRAMM. SANS InfoSec Reading Room White Paper.

Young, William, and Nancy G. Leveson. "An integrated approach to safety and security based on systems theory." Communications of the ACM 57.2 (2014): 31-35.

Zhao, Z., Hu, H., Ahn, G. J., & Wu, R. (2012). Risk-aware mitigation for manet routing attacks. Dependable and Secure Computing, IEEE Transactions on, 9(2), 250-260. Zhao, Z., Hu, H., Ahn, G. J., & Wu, R. (2010, December). Risk-aware response for mitigating MANET routing attacks. In Global Telecommunications Conference (GLOBECOM 2010), 2010 IEEE (pp. 1-6). IEEE.