|
| This Article | ||
| ||
| Share | ||
| Bibliographic References | ||
| Add to: | ||
 Digg  Furl  Spurl  Blink  Simpy  Google  Del.icio.us  Y!MyWeb | ||
| Search | ||
| ||
| ASCII Text | x | ||
| Julie J.C.H. Ryan, Daniel J. Ryan, "Performance Metrics for Information Security Risk Management," IEEE Security & Privacy, vol. 6, no. 5, pp. 38-44, September/October, 2008. | |||
| BibTex | x | ||
| @article{ 10.1109/MSP.2008.125, author = {Julie J.C.H. Ryan and Daniel J. Ryan}, title = {Performance Metrics for Information Security Risk Management}, journal ={IEEE Security & Privacy}, volume = {6}, number = {5}, issn = {1540-7993}, year = {2008}, pages = {38-44}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2008.125}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, } | |||
| RefWorks Procite/RefMan/Endnote | x | ||
| TY - MGZN JO - IEEE Security & Privacy TI - Performance Metrics for Information Security Risk Management IS - 5 SN - 1540-7993 SP38 EP44 EPD - 38-44 A1 - Julie J.C.H. Ryan, A1 - Daniel J. Ryan, PY - 2008 KW - risk management KW - information security KW - security and protection KW - security metrics VL - 6 JA - IEEE Security & Privacy ER - | |||
1. T. DeMarco, Controlling Software Projects: Management, Measurement &Estimation, Yourdon Press, 1982, p. 3.
2. J.J.C.H. Ryan and T.I. Jefferson, "The Use, Misuse, and Abuse of Statistics in Information Security Research," Managing Technology in a Dynamic World: Proc. 2003 Am. Soc. for Eng. Management Conf., 2003, pp. 644–653.
3. W. Ozier, "Risk Metrics Needed for IT Security," ITAudit, vol. 6, 1 Apr. 2003; www.theiia.org/itauditindex.cfm?fuseaction=forum&fid=5396 .
4. A. Jaquith, Security Metrics: Replacing Fear, Uncertainty and Doubt, Addison-Wesley, 2007.
5. D.S. Herrmann, Complete Guide to Security and Privacy Metrics, Auerbach Publications, 2007.
6. L.A. Gordon and M.P. Loeb, "The Economics of Information Security Investment," ACM Trans. Information and System Security, vol. 5, no. 4, Nov. 2002, pp. 438–457.
7. J.D. Kalbfleish and R.L. Prentice, The Statistical Analysis of Failure-Time Data, 2nd ed., Wiley, 2002.
8. J.M. Lachin, Biostatistical Methods: The Assessment of Relative Risks, John Wiley &Sons, 2000, pp. 5–31.
9. J.J.C.H. Ryan and D. Ryan, "Proportional Hazards in Information Security," Risk Analysis, vol. 25, no. 1, 2005, pp. 139–147.
10. T.M. Therneau and P.M. Grambsch, Modeling Survival Data: Extending the Cox Model, Springer, 2000.
11. D. Collett, Modelling Survival Data in Medical Research, 2nd ed., Chapman &Hall/CRC, 2003, pp. 45–47.
12. N. Mantel and W. Haenszel, "Statistical Aspects of the analysis of Data from Retrospective Studies of Disease," J. Nat'l Cancer Inst., vol. 22, 1959, pp. 719–748.
13. J. Cornfield, "A Method of Estimating Comparative Rates from Clinical Data: Applications to Cancer of the Lung, Breast, and Cervix," J. Nat'l Cancer Inst., vol. 11, 1951, pp. 1269–1275.
14. J. Cornfield, "A Statistical Problem Arising from Retrospective Studies," Proc. 3rd Berkley Symp. Mathematical Statistical Probability, 1956, pp. 135–148.
15. C.J. Clopper and E.S. Pearson, "The Use of Confidence or Fiducial Limits Illustrated in the Case of the Binomial," Biometrika, vol. 26, Dec. 1934, pp. 404–413.
16. M. Swanson et al., Security Metrics Guide for Information Technology Systems: Special Publication 800-55, US Nat'l Inst. of Standards and Technology, July 2003, pp. 1–12.
1. National Defense Authorization Act for Fiscal Year 1996, Public Law No. 104–106, sections D and E, US Statutes at Large, 1996.
2. Omnibus Consolidated Appropriations Act, Public Law No. 104–208, US Statutes at Large, 1997.
3. Government Performance and Results Act, Public Law No. 103-62, US Statutes at Large, 1993.
4. E-Government Act, Public Law No. 107–347, Title III, US Statutes at Large, 2002.
5. M. Swanson et al., Security Metrics Guide for Information Technology Systems: Special Publication 800-55, US Nat'l Inst. of Standards and Technology, July 2003, pp. 1–12.