Author
Bilge Karabacak
Other affiliations: Scientific and Technological Research Council of Turkey, Franklin University
Bio: Bilge Karabacak is an academic researcher from Middle East Technical University. The author has contributed to research in topics: Critical infrastructure protection & Information security management. The author has an hindex of 6, co-authored 12 publications receiving 357 citations. Previous affiliations of Bilge Karabacak include Scientific and Technological Research Council of Turkey & Franklin University.
Papers
More filters
TL;DR: A survey based quantitative approach is proposed to analyze security risks of information technologies by taking current necessities into consideration and it is shown that ISRAM yields consistent results in a reasonable time period.
254 citations
TL;DR: A quantitative survey method is proposed for evaluating ISO 17799 compliance and it is shown that the survey method gives accurate compliance results in a short time with minimized cost.
37 citations
TL;DR: In this case study, a collaborative risk method for information security management has been analyzed considering the common problems encountered during the implementation of ISO standards in eight Turkish public organizations.
31 citations
TL;DR: The results are realistic and intuitively appealing, demonstrating that the maturity model is useful for evaluating the national critical infrastructure protection preparedness of developing countries such as Turkey.
29 citations
Proceedings Article•
25 Jun 2012TL;DR: A hierarchy based asset valuation method is proposed that is intended to minimize the common mistakes that were done during Information Security Management Projects and can ease the processes and reduce the number of errors.
Abstract: The widespread use of information technology transforms businesses continuously and rapidly Information technology introduces new threats to organizations as well Risk analysis is an important tool in order to make correct decisions and to deal with cyber threats Identification and valuation of assets is a crucial process that must be performed in risk analyses Without properly identified and valued assets, the results of risk analyses lead to wrong decisions Wrong decisions on information security may directly affect corresponding business processes There are some finished and applied methods in literature for asset identification and valuation; however these methods are complicated and are not suitable for practical information security management projects In this paper, a hierarchy based asset valuation method is proposed Our method is intended to minimize the common mistakes that were done during Information Security Management Projects The application of the method has not been performed yet; however it is thought that it can ease the processes and reduce the number of errors
18 citations
Cited by
More filters
TL;DR: This paper reviews the state of the art in cyber security risk assessment of Supervisory Control and Data Acquisition (SCADA) systems and suggests an intuitive scheme for the categorisation of cyber securityrisk assessment methods for SCADA systems.
440 citations
TL;DR: An MCDM model combining VIKOR, DEMATEL, and ANP is proposed to solve the problem of conflicting criteria that show dependence and feedback and the results show that the proposed method can be effective in helping IT managers validate the effectiveness of their risk controls.
277 citations
TL;DR: A risk analysis applied on a smart home automation system developed in a research project involving leading industrial actors has been conducted and it is concluded that security and privacy should be integrated in the design phase.
219 citations
08 Sep 2009
TL;DR: This paper critically surveys previous work on quantitative representation and analysis of security with respect to security perspective, target of quantification, underlying assumptions and type of validation.
Abstract: This paper critically surveys previous work on quantitative representation and analysis of security. Such quantified security has been presented as a general approach to precisely assess and control security. We classify a significant part of the work between 1981 and 2008 with respect to security perspective, target of quantification, underlying assumptions and type of validation. The result shows how the validity of most methods is still strikingly unclear. Despite applying a number of techniques from fields such as computer science, economics and reliability theory to the problem it is unclear what valid results exist with respect to operational security. Quantified security is thus a weak hypothesis because a lack of validation and comparison between such methods against empirical data. Furthermore, many assumptions in formal treatments are not empirically well-supported in operational security and have been adopted from other fields. A number of risks are present with depending on quantitative methods with limited or no validation.
193 citations
TL;DR: A security risk analysis model (SRAM) is proposed, which enables organizations to establish proactive security risk management plans for information systems, which is validated via a case study.
153 citations