A tentative proposal

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A tentative proposal: improving information assurance risk analysis models for small- and medium-sized enterprises through adoption of an open development model

Full text

Pdf (31 KB)

Source

Information security curriculum development archive
Proceedings of the 3rd annual conference on Information security curriculum development table of contents

Kennesaw, Georgia

SESSION: Practice table of contents

Pages: 194 - 196

Year of Publication: 2006

ISBN:1-59593-437-5

Authors

John C. Beachboard	Idaho State University, Pocatello, Idaho
Alma Cole	NIATEC, Pocatello, Idaho
Mike Mellor	NIATEC, Pocatello, Idaho
Steven Hernandez	NIATEC, Pocatello, Idaho
Kregg Aytes	Idaho State University, Pocatello, Idaho
Nelson Massad	Florida Atlantic University, Jupiter, Florida

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 11, Downloads (12 Months): 73, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1231047.1231073 What is a DOI?

ABSTRACT

Despite the availability of numerous methods and publications concerning the proper conduct of information security risk analyses, "there is a relative dearth of insights that help firms to understand the socio-organizational challenges of managing the deployment and use of these tools to prevent IS security compromises" [3, p. 3627]. This paper builds a case for then briefly outlines a possible approach for developing an "open development" strategy to address recognized deficiencies in the area of risk analysis. This is an abbreviated version of a longer paper that describes the identified initiatives in greater detail. For a complete version of this paper, please contact the first author.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Christopher J. Alberts , Audrey Dorofee, Managing Information Security Risks: The Octave Approach, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2002
	2	John McCumber, Assessing and Managing Security Risk in IT Systems: A Structured Methodology, Auerbach Publications, Boston, MA, 2004
	3	Mooney, J., Chun, M., Hovav, A., George, J., & Griffy-Brown, C. (2005). Are prevailing theories and practices of IS security management adequate? An evaluation and call to action. In Proceedings of the Eleventh Americas Conference on Information Systems (p. 3627). Omaha, NE: Association for Information Systems.
	4	National Institute of Standards and Technology. (2002). Special Publication Risk management guide for information technology systems. In 800-30. Washington, DC: U.S. Government Printing Office.
	5	OCTAVE methods. (2003). Available: http://www.cert.org/octave/methods.html (Accessed 9 February 2006).
	6	Thomas R. Peltier, Information Security Risk Analysis, Auerbach Publications, Boston, MA, 2005
	7	RiskWatch: Information systems & ISO 1799 2005 Product Sheet. (2005). Available: http://www.riskwatch.com/ProductSheets/RW-IS_Product_Flyer_0705.pdf (Accessed 31 January 2006).
	8	Bruce Schneier, Secrets and Lies: Digital Security in a Networked World, John Wiley & Sons, 2004
	9	Sourceforge.net FAQ. (2006). Available: http://sourceforge.net/docs/about.
	10	Michael E. Whitman , Herbert J. Mattord, Principles of Information Security, Course Technology Press, 2004