ReportDOI
Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology
About:
The article was published on 2002-01-01. It has received 1100 citations till now. The article focuses on the topics: Risk management & Risk assessment.read more
Citations
More filters
Journal ArticleDOI
Mobile cloud computing
TL;DR: This paper provides an extensive survey of mobile cloud computing research, while highlighting the specific concerns in mobile cloud Computing, and presents a taxonomy based on the key issues in this area, and discusses the different approaches taken to tackle these issues.
Journal ArticleDOI
Cyber–Physical System Security for the Electric Power Grid
TL;DR: The significance of cyber infrastructure security in conjunction with power application security to prevent, mitigate, and tolerate cyber attacks is highlighted and a layered approach is introduced to evaluating risk based on the security of both the physical power applications and the supporting cyber infrastructure.
Journal ArticleDOI
Cyber-Physical Systems Security—A Survey
TL;DR: In this paper, the authors study and systematize existing research on CPS security under a unified framework, which consists of three orthogonal coordinates: 1) from the security perspective, they follow the well-known taxonomy of threats, vulnerabilities, attacks and controls; 2) from CPS components, they focus on cyber, physical, and cyber-physical components.
Book
Guidelines on Security and Privacy in Public Cloud Computing
Wayne Jansen,Timothy Grance +1 more
TL;DR: This publication provides an overview of the security and privacy challenges pertinent to public cloud computing and points out considerations organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment.
Journal ArticleDOI
Dynamic Security Risk Management Using Bayesian Attack Graphs
TL;DR: This paper proposes a risk management framework using Bayesian networks that enable a system administrator to quantify the chances of network compromise at various levels and shows how to use this information to develop a security mitigation and management plan.
References
More filters
ReportDOI
Generally Accepted Principles and Practices for Securing Information Technology Systems
Marianne Swanson,Barbara Guttman +1 more
TL;DR: In this paper, the authors provide a baseline that organizations can use to establish and review their IT security programs and give a foundation that organisations can reference when conducting multi-organizational business as well as internal business.
ReportDOI
Security Self-Assessment Guide for Information Technology Systems
TL;DR: This guide provides guidance on applying the Federal IT Security Assessment Framework by identifying 17 control areas, such as those pertaining to identification and authentication and contingency planning, and provides control objectives and techniques that can be measured for each area.
ReportDOI
Sample Statement of Work for Federal Computer Security Services: For use In-House or Contracting Out
Dennis Gilbert,Nickilyn Lynch +1 more
TL;DR: This document supports the operational field with a set of Statements of Works (SOWs) describing significant computer security activities and can foster easier access to more consistent, high-quality computer security services.