| Development of a Failure Mode and Effects Analysis Based Risk Assessment Tool for Information Security |
|
Lai, Lotto Kim Hung
(Hong Kong Science and Technology Parks Corporation)
Chin, Kwai Sang (Department of Systems Engineering and Engineering Management, City University of Hong Kong) |
| 1 | Baker, W. H. and Wallace, L. (2007), Is information security under control? Investigating quality in information security management, IEEE Security and Privacy, 5(1), 36-44. DOI |
| 2 | Barlette, Y. and Fomin, V. V. (2008), Exploring the suitability of IS security management standards for SMEs, Proceedings of the 41st Hawaii International Conference on System Sciences, Waikoloa, HI, 1-10. |
| 3 | Baskerville, R. (1991), Risk analysis: an interpretive feasibility tool in justifying information systems security, European Journal of Information Systems, 1(2), 121-130. DOI |
| 4 | Brenner, J. (2007), ISO 27001: Risk management and compliance, Risk Management, 54(1), 24-29. |
| 5 | British Standards Institution (2008), BS 31100:2008 Risk management - Code of practice. |
| 6 | British Standards Institution (2011), BS 31100:2011 Risk management - Code of practice and guidance for the implementation of BS ISO 31000. |
| 7 | Broderick, J. S. (2006), ISMS, security standards and security regulations, Information Security Technical Report, 11(1), 26-31. DOI ScienceOn |
| 8 | Chin, K. S., Chan, A., and Yang, J. B. (2008), Development of a fuzzy FMEA based product design system, International Journal of Advanced Manufacturing Technology, 36(7-8), 633-649 DOI ScienceOn |
| 9 | Chin, K. S., Wang, Y. M., Poon, G. K. K., and Yang, J. B. (2009), Failure mode and effects analysis using a group-based evidential reasoning approach, Computers and Operations Research, 36(6), 1768-1779. DOI ScienceOn |
| 10 | Humphreys, E. (2008), Information security management standards: compliance, governance and risk management, Information Security Technical Report, 13(4), 247-255. DOI ScienceOn |
| 11 | Fomin, V. V., de Vries H. J., Barlette, Y., and Montpellier, F. (2008), ISO/IEC 27001 Information Systems Security Management Standard: exploring the reasons for low adoption, Proceedings of the 3rd European Conference on Management of Technology, Nice, France. |
| 12 | Fung, C. M. (2004), The implementation procedures for information security management (access control) in BS 7799/ISO 17799, M. S. Thesis, Department of Manufacturing Engineering and Engineering Management, City University of Hong Kong, China. |
| 13 | Halliday, S., Badenhorst, K., and Von Solms, R. (1996), A business approach to effective information technology risk analysis and management, Information Management and Computer Security, 4(1), 19-31. DOI |
| 14 | International Organization for Standardization (2009), ISO 31000:2009, Risk management - Principles and guidelines. |
| 15 | International Organization for Standardization (2000), ISO/IEC 17799:2000 Information technology - Code of practice for information security management. |
| 16 | International Organization for Standardization (2002), ISO/IEC Guide 73:2002 Risk management - Vocabulary - Guidelines for use in standards. |
| 17 | International Organization for Standardization (2005), ISO/IEC 27001:2005, Information technology - Security techniques - Information security management system-Requirements. |
| 18 | International Organization for Standardization (2011), ISO/IEC 27005:2011 Information technology - Security techniques - Information security risk management. |
| 19 | Kwok, L. F. and Longley, D. (1999), Information security management and modeling, Information Management and Computer Security, 7(1), 30-39. DOI ScienceOn |
| 20 | Lai, L. K. H., Chin, K. S., and Tsang, A. H. C. (2010), Risk management of information security: information security FMEA circle, Proceedings of the 8th Asia Network for Quality (ANQ) Congress, New Delhi, India, paper HK01. |
| 21 | Standards Association of Australia (1999), AS/NZS 4360: 1999 Risk management. |
| 22 | Misra, S. C., Kumar, V., and Kumar, U. (2007), A strategic modeling technique for information security risk assessment, Information Management and Computer Security, 15(1), 64-77. DOI |
| 23 | Segismundo, A. and Miguel P. A. C. (2008), Failure mode and effects analysis (FMEA) in the context of risk management in new product development: a case study in an automotive company, International Journal of Quality and Reliability Management, 25(9), 899-912. DOI |
| 24 | British Standards Institution (2006), BS EN 60812:2006 Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA). |
| 25 | Spinellis, D., Kokolakis, S., and Gritzalis, S. (1999), Security requirements, risks and recommendations for small enterprise and home-office environments, Information Management and Computer Security, 7(3), 121-128. DOI |
| 26 | Tsohou, A., Karyda, M., Kokolakis, S., and Kiountouzis, E. (2006), Formulating information systems risk management strategies through cultural theory, Information Management and Computer Security, 14(3), 198-217. DOI |
| 27 | Wang, Y. M., Chin, K. S., Poon, G. K. K., and Yang, J. B. (2009), Risk evaluation in failure mode and effects analysis using fuzzy weighted geometric mean, Expert Systems with Applications, 36(2), 1195-1207. DOI |
| 28 | Institute of Risk Management (2002), A Risk Management Standard, Institute of Risk Management, London. |
| 29 | von Ahsen, A. (2008), Cost-oriented failure mode and effects analysis, International Journal of Quality and Reliability Management, 25(5), 466-476. DOI |
 |
Korea Institute of Science and Technology Information
Gwahangno, Yuseong-gu, Daejeon, 305-806, Korea TEL : +82-42-869-1752
Copyright (c) 2009 KISTI. All Rights Reserved. For more information mail to
webmaster
