Journal of Engineering and Applied Sciences
Year:
2017
Volume:
12
Issue:
3
Page No.
548 - 554
References
Alberts, C. and A. Dorofee, 2001. OCTAVE SM threat profiles. Pittsburgh Softw Eng. Inst., 2001: 1-14.
Alberts, C., A. Dorofee, J. Stevens and C. Woody, 2003. Introduction to the OCTAVE Approach. Carnegie Mellon University, Pittsburgh, Pennsylvania,.
Chandrashekhar, A.M., Y. Huded and S.H.S. Kumar, 2015. Advances in information security risk practices. Int. J. Adv. Res. Data Mining Cloud Comput., 3: 47-51.
Direct Link | Ekelhart, A., S. Fenz and T. Neubauer, 2009. Aurum: A framework for information security risk management. Proceedings of the 42nd Hawaii International Conference on System Sciences, January 5-8, 2009, IEEE, Austria, Vienna, ISBN: 978-0-7695-3450-3, pp: 1-10.
Feng, N., H.J. Wang and M. Li, 2014. A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis. Inform. Sci., 256: 57-73.
CrossRef | Direct Link | Fisk, G., C. Ardi, N. Pickett, J. Heidemann and M. Fisk
et al., 2015. Privacy principles for sharing cyber security data. Proceedings of the Workshops on 2015 IEEE Security and Privacy, May 21-22, 2015, IEEE, Los Alamos, New Mexico, ISBN: 978-1-4799-9933-0, pp: 193-197.
Gallon, L. and J.J. Bascou, 2011. CVSS attack graphs. Proceedings of the 2011 7th International Conference on Signal-Image Technology and Internet-Based Systems, November 28-December 1, 2011, IEEE, Mont-de-Marsan, France, ISBN: 978-1-4673-0431-3, pp: 24-31.
Gallon, L., 2011. Vulnerability discrimination using cvss framework. Proceedings of the 2011 4th IFIP International Conference on New Technologies, Mobility and Security, February 7-10, 2011, IEEE, Mont-de-Marsan, France, ISBN: 978-1-4244-8704-2, pp: 1-6.
Hussain, S., A. Kamal, S. Ahmad, G. Rasool and S. Iqbal, 2014. Threat modelling methodologies: A survey. Sci. Int., 26: 1607-1609.
Hussain, S., H. Erwin and P. Dunne, 2011. Threat modeling using formal methods: A new approach to develop secure web applications. Proceedings of the 2011 7th International Conference on Emerging Technologies, September 5-6, 2011, IEEE, Sunderland, England, ISBN:978-1-4577-0768-1, pp: 1-5.
Ibidapo, A.O., P. Zavarsky, D. Lindskog and R. Ruhl, 2011. An analysis of CVSS v2 environmental scoring. Proceedings of the 2011 IEEE 3rd International Conference on Privacy, Security, Risk and Trust (PASSAT) and Social Computing, October 9-11, 2011, IEEE, Edmonton, Alberta, ISBN: 978-1-4577-1931-8, pp: 1125-1130.
Jiang, L., H. Chen and F. Deng, 2010. A security evaluation method based on STRIDE model for web service. Proceedings of the 2010 2nd International Workshop on Intelligent Systems and Applications, May 22-23, 2010, IEEE, Changsha, China, ISBN: 978-1-4244-5874-5, pp: 1-5.
Jouini, M., L.B.A. Rabai and A.B. Aissa, 2014. Classification of security threats in information systems. Procedia Comput. Sci., 32: 489-496.
CrossRef | Direct Link | Lalanne, V., M. Munier and A. Gabillon, 2013. Information security risk management in a world of services. Proceedings of the 2013 International Conference on Social Computing, September 8-14, 2013, IEEE, Pau, Pyrénées-Atlantiques,France, ISBN:978-0-7695-5137-1, pp: 586-593.
Leitner, A. and B.I. Schaumuller, 2009. ARIMA-A new approach to implement ISO/IEC 27005. Proceedings of the 2nd International Conference on Logistics and Industrial Informatics, September 10-12, 2009, IEEE, Hagenberg, Algeria, ISBN:978-1-4244-3958-4, pp: 1-6.
Mayer, J. and L.L. Fagundes, 2009. A model to assess the maturity level of the risk management process in information security. Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management-Workshops, June 1-5, 2009, IEEE, São Leopoldo, Brazil, ISBN:978-1-4244-3923-2, pp: 61-70.
Padyab, A.M., T. Paivarinta and D. Harnesk, 2014. Genre-based assessment of information and knowledge security risks. Proceedings of the 2014 47th Hawaii International Conference on System Sciences, January 6-9, 2014, IEEE, Luleå, Sweden, ISBN:978-1-4799-2504-9, pp: 3442-3451.
Rao, K.R.M. and D. Pant, 2010. A threat risk modeling framework for Geospatial Weather Information System (GWIS): A DREAD based study. Int. J. Adv. Comput. Sci. Appl., 1: 20-28.
Direct Link | Saripalli, P. and B. Walters, 2010. Quirc: A quantitative impact and risk assessment framework for cloud security. Proceedings of the 3rd International Conference on Cloud Computing (CLOUD), July 5-10, 2010, IEEE, Coral Springs, Florida, ISBN:978-1-4244-8207-8, pp: 280-288.
Scandariato, R., K. Wuyts and W. Joosen, 2015. A descriptive study of Microsoft’s threat modeling technique. Requirements Eng., 20: 163-180.
CrossRef | Direct Link | Shedden, P., T. Ruighaver and A. Ahmad, 2006. Risk Management Standards of the Perception of Ease of Use. University of Melbourne, Melbourne, Victoria,.
Sherief, N.H., A.A.A. Hamid and K.M. Mahar, 2010. Threat-driven modeling framework for secure software using aspect-oriented Stochastic Petri nets. Proceedings of the 7th International Conference on Informatics and Systems, March 28-30, 2010, IEEE, Alexandria, Egypt, ISBN: 978-1-4244-5828-8, pp: 1-8.
Sultan, R. and S.Q. Abbas, 2015. Web services threats, vulnerabilities and countermeasures. Int. J. Adv. Res. Comput. Sci. Manage. Stud., 3: 243-252.
Direct Link | Syalim, A., Y. Hori and K. Sakurai, 2009. Comparison of risk analysis methods: Mehari, magerit, NIST800-30 and microsoft's security management guide. Proceedings of the International Conference on Availability, Reliability and Security, March 16-19, 2009, Fukuoka, Japan, pp: 726-731.
Thompson, D.R., J. Di and M.K. Daugherty, 2014. Teaching RFID information systems security. IEEE. Trans. Educ., 57: 42-47.
CrossRef | Direct Link | Torr, P., 2005. Demystifying the threat modeling process. IEEE. Secur. Privacy, 3: 66-70.
CrossRef | Direct Link | Tripathi, A. and U.K. Singh, 2011. Analyzing trends in vulnerability classes across CVSS metrics. Int. J. Comput. Appl., 36: 38-44.
Direct Link | Xin, T. and B. Xiaofang, 2014. Online banking security analysis based on STRIDE threat model. Int. J. Secur. Appl., 8: 271-282.
Direct Link | Zhang, X., N. Wuwong, H. Li and X. Zhang, 2010. Information security risk management framework for the cloud computing environments. Proceedings of the 10th International Conference on Computer and Information Technology, June 29-July 1, 2010, Bradford, UK., pp: 1328-1334.
Zulkernine, M. and S.I. Ahamed, 2006. Software Security Engineering: Toward Unifying Software. In: Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues; Managerial and Technical Issues, Merrill, W. (Ed.). Mississippi State University, Starkville, Mississippi, pp: 215-232.