Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Open Access Guideline
Open Access Guideline
Postgraduate Thesis Guideline
Postgraduate Thesis Guideline
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
Attack Tree Based Information Security Risk Assessment Method Integrating Enterprise Objectives with Vulnerabilities
Date
2013-05-01
Author
Karabey, Bugra
Baykal, Nazife
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
140
views
0
downloads
Cite This
In order to perform the analysis and mitigation efforts related with the information security risks there exists quantitative and qualitative approaches, but the most critical shortcoming of these methods is the fact that the outcome mainly addresses the needs and priorities of the technical community rather than the management. For the enterprise management, this information is essentially required as a decision making aid for the asset allocation and the prioritization of mitigation efforts, so, ideally the outcome of an information security risk method must be in synchronization with the enterprise objectives to act as a useful decision tool for the management. also, in the modelling of the threat domain, attack trees are frequently utilized However the execution of attack tree modelling is costly from the effort and timing requirements and also, has inherent scalability issues. so, within this article our design-science research based work on an information security risk assessment method that addresses these two issues of enterprise objective inclusion and model scalability will be outlined
Subject Keywords
Enterprise information security
,
Enterprise modelling
,
Risk assessment
,
Risk assessment method
,
Resource based view
,
Attack trees
,
Risk management
URI
https://hdl.handle.net/11511/52819
Journal
INTERNATIONAL ARAB JOURNAL OF INFORMATION TECHNOLOGY
Collections
Graduate School of Informatics, Article
Suggestions
OpenMETU
Core
Optimal portfolio strategies under various risk measures
Meral, Alev; Uğur, Ömür; Department of Financial Mathematics (2013)
In this thesis, we search for optimal portfolio strategies in the presence of various risk measure that are common in financial applications. Particularly, we deal with the static optimization problem with respect to Value at Risk, Expected Loss and Expected Utility Loss measures. To do so, under the Black-Scholes model for the financial market, Martingale method is applied to give closed-form solutions for the optimal terminal wealths, then via representation problem the optimal portfolio strategies are ac...
ASSESSMENT OF SUPPLIER RISK FOR COPPER PROCUREMENT
Buzdogan-Lindenmayr, Ezgi; Kara, Guray; Kestel, Sevtap Ayşe (2019-01-01)
Procurement risk management (PRM) requires a good understanding and assessment of all potential risks. As the procurement industry mostly functions globally and the supply-demand chain forms a dependency structure among all interested parties, the quantification of risks related to the suppliers gain importance. This study presents a systematic PRM to evaluate and quantify the risks of a commodity associated to its suppliers. The probabilistic set up using total probability theorem on the information collec...
Stability advances in robust portfolio optimization under parallelepiped uncertainty
Kara, Guray; Ozmen, Ayse; Weber, Gerhard Wilhelm (2019-03-01)
In financial markets with high uncertainties, the trade-off between maximizing expected return and minimizing the risk is one of the main challenges in modeling and decision making. Since investors mostly shape their invested amounts towards certain assets and their risk aversion level according to their returns, scientists and practitioners have done studies on that subject since the beginning of the stock markets' establishment. In this study, we model a Robust Optimization problem based on data. We found...
Enterprise resource planning systems selection process
Kenaroğlu, Bahar; Erdil, Erkan; Department of Science and Technology Policy Studies (2004)
In this study, a research is developed to establish a comprehensive framework for ERP systems selection process and provide guidance for better ERP systems selection and evaluation by investigating all the aspects of the selection process. The research is conducted through a comprehensive study prior to key information systems journals, conferences, overall enterprise information systems materials in electronic databases, and also in practitioner journals. As a result, the study is able to present a compreh...
A risk management approach for acquisition of software intensive systems in the Turkish Army.
Saylan, Necip; Demirös, Elif; Demirös, Onur; Department of Information Systems (2002)
The current techniques of risk assessment rely on checklists and human expertise. This constitutes a rigorous approach only when the people are experts on risk assessment. This thesis introduces a formal method and addresses the necessity of the identification and analysis of the risk. During implementation of risk management process, risk assessment will be discussed within an acquisition of software intensive systems in the Turkish Army. This thesis includes a survey and comparison of other software risk ...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
B. Karabey and N. Baykal, “Attack Tree Based Information Security Risk Assessment Method Integrating Enterprise Objectives with Vulnerabilities,”
INTERNATIONAL ARAB JOURNAL OF INFORMATION TECHNOLOGY
, pp. 297–304, 2013, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/52819.