IS

Sun, Lili

Research Interests (4)

List of Topics (4)

Topic Weight Topic Terms
0.307 approach analysis application approaches new used paper methodology simulation traditional techniques systems process based using
0.136 risk risks management associated managing financial appropriate losses expected future literature reduce loss approach alternative
0.114 systems information management development presented function article discussed model personnel general organization described presents finally
0.100 theory theories theoretical paper new understanding work practical explain empirical contribution phenomenon literature second implications

Coauthor Network

Focal Researcher     Coauthors of Focal Researcher (1st degree)     Coauthors of Coauthors (2nd degree)

Note: click on a node to go to a researcher's profile page. Drag a node to reallocate. Number on the edge is the number of co-authorships.

List of Coauthors (2)

Mock, Theodore J. 1 Srivastava, Rajendra P. 1

Article Keywords (6)

belief function theory 1 cost-benefit analysis 1 evidential reasoning 1 information systems security 1
risk analysis 1 sensitivity analysis 1

Articles (1)

An Information Systems Security Risk Assessment Model Under the Dempster-Shafer Theory of Belief Functions. (Journal of Management Information Systems, 2006)
Authors: Abstract:
    This study develops an alternative methodology for the risk analysis of information systems security (ISS), an evidential reasoning approach under the Dempster-Shafer theory of belief functions. The approach has the following important dimensions. First, the evidential reasoning approach provides a rigorous, structured manner to incorporate relevant ISS risk factors, related countermeasures, and their interrelationships when estimating ISS risk. Second, the methodology employs the belief function definition of risk—that is, ISS risk is the plausibility of ISS failures. The proposed approach has other appealing features, such as facilitating cost-benefit analyses to help promote efficient ISS risk management. The paper elaborates the theoretical concepts and provides operational guidance for implementing the method. The method is illustrated using a hypothetical example from the perspective of management and a real-world example from the perspective of external assurance providers. Sensitivity analyses are performed to evaluate the impact of important parameters on the model's results.