Skip to main content
SpringerLink
Log in
Book cover

Innovations and Advances in Computer Sciences and Engineering pp 383–388Cite as

Information Handling in Security Solution Decisions

  • Conference paper
  • First Online:

Abstract

A security solution (SS) is a mechanism, process or procedure to handle security problems for an organization. The decision makers are responsible to choose and implement the SS for their organizations. For the selection of a decision, handling of information plays a very important role. The decision makers collect information both in explicit and implicit form, then take their decision based on trusting or distrusting that collected information. The way of collecting information and the way of using it are not well structured for them. Sometimes they do know how to collect information, but do not collect and analyze information in a structural way while making their security solution decisions (SSDs). Very often they collect information as knowledge, experience, and recommendation in both forms (explicit and implicit). This paper focuses on SSDs and in particular, how information is gathered and used in such decision processes. This paper also works on trust, how trust can reflect the status of a certain piece of information based on knowledge, experience, and recommendation. This paper conducts a survey to investigate how the decision makers (experienced and inexperienced participants in the survey) use empirical data (explicit information) and their knowledge and experience (implicit information) to deal with SSDs. The survey further studies the effect of implicit information in the answers provided by the experienced participates and observes that the variation in the answers provided by the experienced participants is larger than the answers provided by the inexperienced participants.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Siv Hilde Houmb, “Decision Support for Choice of Security Solution: The Aspect-Oriented Risk Driven Development (AORDD) Framework”, Trondheim, November 2007.

    Google Scholar 

  2. Indrajit Ray and Sudip Chakraborti, “A Vector Model for Developing trustworthy Systems”, Colorado State University, Fort Collins, CO 80523, USA.

    Google Scholar 

  3. Tetsuo Sawaragi, Liu Yuan, and Yajie Tian, “Human-Machine Collaborative Knowledge Creation: Capturing Tacit Knowledge by Observing Experts’ Demonstration of Load Allocation”, in CSM/KSS’05, Knowledge Creation and Integration for Solving Complex Problems, 29–31 August, 2005.

    Google Scholar 

  4. Simone Stumpf, and Janet McDonnell, “Data, information and Knowledge Quality in Retail Security Decision Making”, 3rd International Conference on Knowledge Management (IKNOW’03), Graz, 2-4 July, 2003.

    Google Scholar 

  5. Indrajit Ray, Sudip Chakraborti, and Indrakshi Ray, “VTrust: A Trust Management System Based on a Vector Model of Trust”, Colorado State University, Computer Science Department, Fort Collins, CO 80523, USA.

    Google Scholar 

  6. ISO 15408:2006 Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 1, CCMB-2006-09-001, CCMB-2006-09-002 and CCMB-2006-09-003, September 2006.

    Google Scholar 

  7. Department of Defense. DoD 5200.28-STD: Trusted Computer System Evaluation Criteria, August 15, 1985.

    Google Scholar 

  8. Department of Trade and Industry. The National Technical Authority for Information Assurance, June 2003. http://www.itsec.gov.uk/.

  9. Government of Canada. The Canadian Trusted Computer Product Evaluation Criteria, January 1993.

    Google Scholar 

  10. Australian/New Zealand Standards, AS/NZS 4360:2004 Risk Management, 2004.

    Google Scholar 

  11. ISO/IEC 17799:2000 Information Technology – Code of Practise for Information Security Management. http://www.iso.ch, 2000.

  12. ISO/IEC 13335: ‘’Information Technology Guidelines for the Management of IT Security’’. http://www.iso.ch/, 2001.

  13. Applying COSO’s ERM- Integrated Framework, http://www.coso.org, Access Date: September 29, 2007.

  14. IT Governance Institute, “COBIT 4.0 Exert”, http://www.cobit.org/, http://www.isaca.org/, Access Date: September 21, 2007.

  15. Information Technology Infrastructure Library, http://www.itilofficialssite.com/, Access Date: September 20, 2007.

  16. Christopher Alberts, Audrey Dorofee, “Managing Information Security Risks: The OCTAVE Approach”, Addison- Wesley Publication, ISBN-10: 0-321-11886-3.

    Google Scholar 

  17. B. Barber and J. Davey, “The use of the CCTA Risk Analysis and Management Methodology, CRAMM in Health information Systems”. In K. Lun, P. Degoulet, T. Piemme, and O. Rienhoff, editors, In Proceedings of MEDINFO’92, North Holland, 1992, pp. 1589–1593.

    Google Scholar 

  18. Australian/New Zealand Standard for Information Security Management, AS/NZS 4444:1999.

    Google Scholar 

  19. Australian/New Zealand Standard for Risk Management, AS/NZS 4360:1999.

    Google Scholar 

  20. R. Kazman, M. Klein, and P. Clements, ATAM: “Method for architecture evaluation”, Technical report CMU/SEI-2000-TR-004, CMU/SEI’’, http://www.sei.cmu.edu/pub/documents/00.reports/pdf/00tr004.pdf , 2000.

  21. S. H. Houmb, O.-A. Johnsen, and T. Stålhane, “Combining Disparate InformationSources when Quantifying Security Risks”, 1st Symposium on Risk Management and Cyber-Informatics (RMCI.04), Orlando, FL, pages 128.131. International Institute of Informatics and Systemics, July 2004.

    Google Scholar 

  22. Murray R. Spigel, Donna Difranco, “Schaum’s Electronic Tutor Statistics”, Second Edition.

    Google Scholar 

  23. Lukas menkhoff, Ulrich Schnidt, and torsten Brozynski, “The Impact of Experience on Risk Taking, Overconfidence, and Herding of Fund Managers: Complementary Survey Evidence”, University of Hannover, ISSN 0949-9962, April 2005.

    Google Scholar 

  24. Lichtenstein, S., B. Fischhoff, and L.D. Phillips, “Calibration of Probabilities: The State of the Art to 1980”, in D. Kahneman, P. Slovic, and A. Tversky (ed.), Judgment under Uncertainty: Heuristics and Biases, Cambridge University Press, 306–334, 1982.

    Google Scholar 

  25. Langer, E.J. and J. Roth, “The Illusion of Control”, Journal of Personality and Social Psychology, 32, 311–328, 1975.

    Article  Google Scholar 

  26. Locke, P.R., and S.C. Mann, “House Money and Overconfidence on the Trading Floor”, Working Paper, George Washington University, December 2001.

    Google Scholar 

  27. Christoffersen, S. and S. Sarkissian, “Location Overconfidence”, Working Paper, McGill University, November 2003.

    Google Scholar 

  28. Heath, C. and A. Tversky, “Preference and Belief: Ambiguity and Competence in Choice under Uncertainty”, Journal of Risk and Uncertainty, 4, 5–28, 1991.

    Article  MATH  Google Scholar 

  29. Frascara, J., “Cognition, Emotion and Other Inescapable Dimensions of Human Experience”, Visible Language, 33, 74–87, ISSN-0022-224, 1999.

    Google Scholar 

  30. Maciejovsky, B. and E. kirchler, “Simultaneous Over- and underconfidence: Evidence from Experimental Asset Markets”, Journal of Risk and Uncertainty, Springer, Volume 25, Pages 65–85, July 2002.

    MATH  Google Scholar 

  31. Glaser, M., T. Langer, and M. Weber, “On the Trend Recognition and Forecasting Ability of Professional Traders”, University of Mannheim, CEPR Discussion Paper DP 3904, May 2003.

    Google Scholar 

  32. Glaser, M., T. Langer, and M. Weber, “Overconfidence of Professionals and Lay Men: Individual Differences Within and Between Tasks”, Working Paper Series, University of Mannheim, April 26, 2005.

    Google Scholar 

  33. Erik Anger, “Economics as Experts: Overconfidence in theory and practice”, Journal of Economic Methodology, Volume 13, Pages 1–24, March 2006.

    Article  Google Scholar 

  34. Robin, Mathew, “Psychology and Economics”, Journal of Economic Literature 36: Volume 36, Pages 11–46, March 1998.

    Google Scholar 

  35. Fischhoff, Baruch, “Learning from Experience: Coping with hindsight bias and ambiguity”, in J. Scott Armstrong (ed.), Principles of Forecasting: A handbook for researchers and practitioners, Boston: Kluwer, pp. 543–54, 2001.

    Google Scholar 

  36. Claes Wohlin, Per Runeson, Martin Host, magnus C. Ohlsson, Bjorn Regnell, Anders Wesslen, “Experimentation in Software Engineering: An Introduction”, Kluwer Academic Publishers, Boston/Dordrecht/London.

    Google Scholar 

Download references

Acknowledgment

This work is carried out as part of the VRIEND (Valuebased security Risk Mitigation in Enterprise Networks that are Decentralized) project funded by Sentinels, a joint initiative of the Dutch Ministry of Economic Affairs, the Netherlands Organization for Scientific Research Governing Board (NOW-AB) and the Technology Foundation STW, and supported by Philips Electronics, AkzoNobel, Corus, DSM and Hoffmann Strategic Risk Management. I would like to thank Prof. Louise Yngström, Information and Communication System Security, Department of Computer and System Sciences, Royal Institute of Technology (KTH), Stockholm, Sweden and Dr. Siv Hilde Houmb, Information Systems Group, University of Twente, Enschede, Netherlands for their support and fruitful discussions.

Author information

Authors and Affiliations

  1. Department of Telematics, NTNU, Trondheim, Norway

    Md. Abdul Based

Authors
  1. Md. Abdul Based
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Md. Abdul Based .

Editor information

Editors and Affiliations

  1. School of Engineering, University of Bridgeport, University Avenue 221, Bridgeport, 06604, U.S.A.

    Tarek Sobh

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer Science+Business Media B.V.

About this paper

Cite this paper

Abdul Based, M. (2010). Information Handling in Security Solution Decisions. In: Sobh, T. (eds) Innovations and Advances in Computer Sciences and Engineering. Springer, Dordrecht. https://doi.org/10.1007/978-90-481-3658-2_67

Download citation

  • DOI: https://doi.org/10.1007/978-90-481-3658-2_67

  • Published:

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-90-481-3657-5

  • Online ISBN: 978-90-481-3658-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation