Information Technology Reference
In-Depth Information
5. Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed
Systems. John Wiley & Sons, Inc., first edition (2001)
6. Anderson, R.: Security in Open versus Closed Systems - The Dance of Boltzmann,
CoaseandMoore,Conf.onOpenSourceSoftwareEconomics,Toulouse(France)(2002)
7. Anton, P.S., Anderson, R.H., Mesic, R., Scheiern, M.: Finding and fixing vul-
nerabilities in information systems: the vulnerability assessment and mitigation
methodology, MR-1601, Rand Corporation (2003)
8. Arbaugh, W.A., Fithen, W.L., McHugh, J.: Windows of Vulnerability: A Case
Study Analysis, IEEE Computer (2000) 52-59
9. Arora, A., Telang, R., Xu, H.: Optimal Policy for Software Vulnerability Disclosure.
Workshop on Economics of Information Security, University of Minnesota (2004)
10. Beattie, S., Arnold, S., Cowan, C., et al.: Timing the Application of Security Patches
for Optimal Uptime. 16th USENIX Sys. Administration Conf. (LISA 2002) (2002)
11. Burke, D.A.: Towards a game theory model of information warfare, Master Thesis,
Air Force Institute of Technology (1999)
12. Carini, B.: Dynamics and Equilibria of Information Security Investments, Work-
shop on Economics of Information Security, University of California, Berkley (2002)
13. Deraison,R.:TheNessusAttackScriptingLanguageReferenceGuide,www.nessus.org
14. Frey, B.S., Luechinger, S., Stulzer, A.: Calculating Tragedy: Assessing the Cost of
Terrorism,Inst. for Empirical Research in Economics, University of Zurich (2004)
15. Gordon, L.A., Loeb, M.P.: The Economics of Information Security Investment,
ACM Trans. on Information and System Security, Vol. 5. No. 4 (2002) 438-457
16. Hamilton, S.N., Miller, W.L., Ott, A., Saydjari, O.S.: The Role of Game Theory in
Information Warfare. 4th Information Survivability Workshop, Vancouver, B.C.,
Canada (2002)
17. Hoo, K.S.: How Much Is Enough? A Risk Management Approach to Computer
Security, Ph.D. Thesis, Standford University (2000)
18. Kannan, K., Telang, R.: An Economic Analysis of Market for Software Vulnerabilities.
Workshop on Economics of Information Security, University of Minnesota (2004)
19. Krsul, I.V.: Software Vulnerability Analysis, Ph.D. Thesis, Purdue University (1998)
20. Major, J.A.: Advanced Techniques for Modelling Terrorism Risk. Journal of Risk
Finance, Fall (2002)
21. Mercer, L.C.: Fraud detection via regression analysis. Computers & Security, Vol. 9,
no. 4 (1990)
22. Owen, G.: Game Theory, Academic Press, 1995, Third Edition (1995)
23. Rescorla, E.: Is Finding Security Holes a Good Idea?, Workshop on Economics of
Information Security, University of Minnesota (2004)
24. Schechter, S.E.: Quantitatively differentiating system security. Workshop on Eco-
nomics of Information Security, University of California, Berkley (2002)
25. Schechter, S.E.: Computer Security Strength & Risk: A Quantitative Approach,
Ph.D. thesis, Harvard University (2004)
26. Schneier, B.: Full disclosure and the window of vulnerability, Crypto-Gram
http://www.counterpane.com/crypto-gram-0009.html (2000)
27. Schneier, B.: Closing the Window of Exposure: Reflections on the Future of Secu-
rity, Securityfocus.com. http://www.securityfocus.com (2000)
28. Stoneburner, G., Goguen, A., Feringa, A.: Risk management guide for information
technology systems, NIST, Special Publication 800-30 (2001)
29. Schudel, G., Wood, B.: Adversary work factor as a metric for information assurance,
Workshop on New security paradigms, Ballycotton, County Cork, Ireland (2000)
23-30
