Network Risk Analysis Model for Risk Management

Article Sidebar

PDF
Published: Apr 30, 2015
Keywords:
Management Framework, Network Risk Analysis Method, Computer – aided Risk Analysis

Main Article Content

Naveen Kumar R
G. Ravindra Babu

Abstract

In this paper a risk management framework, called NetRAM (Network Risk Analysis Method) has been developed. A key characteristic of NetRAM is that it is heterogeneous, meaning that it integrates different components like software tools, architectural design methodologies and theoretical models.

Article Details

How to Cite
[1]
Naveen Kumar R and G. Ravindra Babu, “Network Risk Analysis Model for Risk Management”, Int. J. Comput. Eng. Res. Trends, vol. 2, no. 4, pp. 280–295, Apr. 2015.
Issue
Vol. 2 No. 4 (2015): April(2015) Issue
Section
Research Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

IJCERT Policy:

The published work presented in this paper is licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) license. This means that the content of this paper can be shared, copied, and redistributed in any medium or format, as long as the original author is properly attributed. Additionally, any derivative works based on this paper must also be licensed under the same terms. This licensing agreement allows for broad dissemination and use of the work while maintaining the author's rights and recognition.

By submitting this paper to IJCERT, the author(s) agree to these licensing terms and confirm that the work is original and does not infringe on any third-party copyright or intellectual property rights.

 

References

. S. Snedaker, “IT Security Project Management Handbook”. Syngress, 2006.

. J. Davis, “Information Security Management Handbook”, ch. Measuring ROI on Security, pp. 1056–1060. CRC Press LLC, 5th ed., 2004.

. R. Richardson, “2007 csi computer crime and security survey,” tech. rep., Computer Security Institute, 2007. [4]. N. Damianou, N. Dulay, E. Lupu, and M. Sloman, “The ponder policy specification language,” in Proceedings of Policy 2001: Workshop on Policies for Distributed Systems and Networks, pp. 18–39, 2001.

. N. Dulay, E. Lupu, M. Sloman, and N. Damianou, “A policy deployment model for the ponder language,” in Proceedings of IEEE/IFIP International Symposium on Integrated Network Management, (Seattle, USA), 2001.

. J. Dai and J. Alves-Foss, “Logic based authorization policy engineering,” in Proc. 6th World Multi conference on Systemics, Cybernetics, and Informatics, pp. 230– 238, July 2002.

. S. Jajodia, P. Samarati, and V. S. Subrahmanian, “A logical language for express-ing authorizations,” in Proceedings of IEEE Symposium on Security and Privacy, (Oakland, CA, USA), 1997.

. M. Hamdi, “Mathematical Aspects of Network Security Risk Analysis”. PhD thesis, SUP’COM, July 2005.

. N. Satoh and N. Komoda, “A labor time estimation model for the information security audit by quantitative analysis i and regression analysis,” in Proceedings of the 4th WSEAS International Conference on E-ACTIVITIES, (Miami, Florida, USA), pp. 136–141, November 17-19 2005.

T. Akin, “Information Security Management Handbook”, ch. Managing the Re-sponse to a Computer Security Incident, pp. 2977–2986. CRC Press LLC, 5th ed., 2004.

C. C. Center, “Csirt faq.” http://www.cert.org/csirts/csirt faq.html, April 2008. Last visited: April 2008.

M. J. West-Brown, D. Stikvoort, K.-P. Kossakowski, G. Killcrece, R. Ruefle, and M. Zajicek, “Handbook for computer security incident response teams (csirts),” Handbook CMU/SEI-2003-HB-002, CMU/SEI, April 2003. 2nd Edition.

. C. Hare, Information Security Management Handbook, ch. CIRT: Responding to Attack. CRC Press LLC, 2004.

. K. M. Shaurette and T. J. Schleppenbach, Information Security Management Handbook, ch. Incident Response Exercises. CRC Press LLC, 2004.

. R. Campbell, “A modular approach to computer security risk management,” in

. Proceedings of the AFIPS Conference, 1979.

. R. Summers, Secure Computing. McGraw Hill, 1997.

. “Risk management,” in AS/NZS 4360:1999, Standards Australia and Standards New Zealand, 1999. [19]. “Iso/iec 1799:2000 (part 1), information technologycode of practice for information security management,” 2000.

. “Bs 7799-2:2002 (part 2), information security management systems,” 2002.

. G. Stonebumer, A. Grogen, and A. Fering, Risk Management Guide for Information Technology Systems. National Institute fro Standards and Technology. special publication 800-30.

. Government of Canada, Communications Security Establishment, A Guide to Risk Management and Safeguard Selection for IT Systems, January 1996.