Advanced search
Publication Cover
Journal of Management Information Systems Volume 22, 2006 - Issue 4
Journal homepage
632
Views
121
CrossRef citations to date
0
Altmetric
Original Article

An Information Systems Security Risk Assessment Model Under the Dempster-Shafer Theory of Belief Functions

LILI SUN Rutgers Business School
,
RAJENDRA P. SRIVASTAVA University of Kansas
&
THEODORE J. MOCK University of Southern California (USC) and Maastricht University, the Netherlands
Pages 109-142 | Published online: 08 Dec 2014
 
Sample our Information Science journals, sign in here to start your FREE access for 14 days

Abstract

This study develops an alternative methodology for the risk analysis of information systems security (ISS), an evidential reasoning approach under the Dempster-Shafer theory of belief functions. The approach has the following important dimensions. First, the evidential reasoning approach provides a rigorous, structured manner to incorporate relevant ISS risk factors, related countermeasures, and their interrelationships when estimating ISS risk. Second, the methodology employs the belief function definition of risk--that is, ISS risk is the plausibility of ISS failures. The proposed approach has other appealing features, such as facilitating cost- benefit analyses to help promote efficient ISS risk management. The paper elaborates the theoretical concepts and provides operational guidance for implementing the method. The method is illustrated using a hypothetical example from the perspective of management and a real-world example from the perspective of external assurance providers. Sensitivity analyses are performed to evaluate the impact of important parameters on the model's results.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related Research Data

The combination of evidence
Source: Wiley
Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments
Source: Springer Science and Business Media LLC
Big Data and Analytics in the Modern Audit Engagement: Research Needs
Source: American Accounting Association
Hacker Behavior, Network Effects, and the Security Software Market
Source: Informa UK Limited
An Exposure to Risk Perspective
Source: Association for Computing Machinery (ACM)
Which phish get caught? An exploratory study of individuals′ susceptibility to phishing
Source: Informa UK Limited
A. Dutta and R. Roy: Dynamics of Organizational Information Security
Source: Wiley
Belief functions in business decisions
Source: Physica-Verlag HD
The economic cost of publicly announced information security breaches: empirical evidence from the stock market
Source: IOS Press
Using Belief Functions to Forecast Demand for Mobile Satellite Services
Source: Physica-Verlag HD
Belief Functions and the Possible Worlds Paradigm
Source: Oxford University Press (OUP)
Incorporating FAIR into Bayesian Network for Numerical Assessment of Loss Event Frequencies of Smart Grid Cyber Threats
Source: Springer
Retail Bank Services Strategy: A Model of Traditional, Electronic, and Mixed Distribution Choices
Source: Informa UK Limited
Preventive and deterrent controls for software piracy
Source: Informa UK Limited
Password security: an empirical study
Source: M.E. Sharpe. Inc.
The Influence of Risk Factors in Decision-Making Process for Open Source Software Adoption
Source: World Scientific Pub Co Pte Lt
The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers
Source: Informa UK Limited
Cybersecurity Investment Allocation for a Multi-Branch Firm: Modeling and Optimization
Source: MDPI AG
An Analytical Model for External Auditor Evaluation
Source: Wiley
Decision-making in cloud computing environments: A cost and risk based approach
Source: Springer Science and Business Media LLC
КЛАСИФІКАТОР КІБЕРЗАГРОЗ ІНФОРМАЦІЙНИХ РЕСУРСІВ АВТОМАТИЗОВАНИХ БАНКІВСЬКИХ СИСТЕМ
Source: Borys Grinchenko Kyiv University
Assessing IT availability risks in smart factory networks
Source: Heidelberg: Springer
Axioms for probability and belief-function propagation
Source: Elsevier
Business continuity-inspired fuzzy risk assessment framework for hospital information systems
Source: Informa UK Limited
The Security Hole in WAP: An Analysis of the Network and Business Rationales Underlying a Failure
Source: Informa UK Limited
The Impact of Customer Trust and Perception of Security Control on the Acceptance of Electronic Commerce
Source: Informa UK Limited
Decision analysis using belief functions
Source: Published by Elsevier Inc.
Evidential reasoning for WebTrust assurance services
Source: Informa UK Limited
Risk analysis for information technology
Source: Informa UK Limited
A belief-function based decision support system
Source: Elsevier
Integration Of Geophysical And Geological Data Using Evidential Belief Function
Source: Institute of Electrical and Electronics Engineers (IEEE)
An Overview of the Design and Analysis of Simulation Experiments for Sensitivity Analysis
Source: Elsevier BV
MODELING FINANCIAL PORTFOLIOS USING BELIEF FUNCTIONS
Source: Physica-Verlag HD
The Development of a Model for Information Systems Security Success
Source: IGI Global
Applications of Belief Functions in Business Decisions: A Review
Source: Springer Science and Business Media LLC
The combination of evidence in the transferable belief model
Source: Institute of Electrical and Electronics Engineers (IEEE)
A Modified TOPSIS Method Based onDNumbers and Its Applications in Human Resources Selection
Source: Hindawi Publishing Corporation
Constructing the Pignistic Probability Function in a Context of Uncertainty
Source: Elsevier
Perspectives on the theory and practice of belief functions
Source: Published by Elsevier Inc.

Linking provided by 

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.