|
[1]ICAT Matabase, At http://icat.nist.gov/ [2]Nessus, At http://www.nessus.org/ [3]Snort, At http://www.snort.org/ [4]BlackICE, At http://www.iss.net/ [5]P. A. Porras, M.W. Fong, and A. Valdes. "A mission-impact based approach to INFOSEC alarm correlation", Recent Advances in Intrusion Detection (RAID 2002), Zurich, Switzerland, Oct. 2002 [6]National Institute of Standards and Technology Special Publication 800-30, "Risk Management Guide for Information Technology Systems" (NIST SP 800-30), 2001 [7]CORAS, At http://www2.nr.no/coras/ [8]OCTAVESM (Operationally Critical Threat, Asset, and Vulnerability EvaluationSM), http://www.cert.org/octave/ [9]US Department of Commerce/National Bureau of Standards, "Guidelines For Automatic Data Processing Physical Security and Risk Management", 1974. [10]US Department of Commerce/National Institute of Standards and Technology, "'Guideline for the Analysis of Local Area Network Security", 1994. [11]US General Accounting Office, "Information Security Risk Assessment: Practices of Leading Organizations", 1999. [12]E.H. Mamdani and N. Baaklini, "Prescriptive method for deriving control policy in a fuzzy-logic controller", Electronics Letters, Vol. 11, pp. 625, 626. Dec. 1975 [13]T.P. Hong and J.B. Chen, "Finding relevant attributes and membership functions", Fuzz Sets and Systems, volume 103 p.389-404, 1999 [14]R. Ramakrishnan and C.J.M. Rao, "The fuzzy weighted additive rule", Fuzz Sets and Systems, volume 46 p.177-187, 1992
|