Information security and risk management

被引：41

作者：

Bodin, Lawrence D. ^{[1
]}

Gordon, Lawrence A. ^{[1
,2
]}

Loeb, Martin P. ^{[2
]}

机构：

[1] Univ Maryland, Robert H Smith Sch Business, College Pk, MD 20742 USA

[2] Univ Maryland, Inst Adv Comp Studies, College Pk, MD 20742 USA

来源：

COMMUNICATIONS OF THE ACM | 2008年 / 51卷 / 04期

关键词：

D O I：

10.1145/1330311.1330325

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Some measures that consider various aspects of information security risk and propose a methodology that allows decision makers to combine them into a single composite metric, the perceived composite risk (PCR) are discussed. The Analytic Hierarchy Process (AHP) is recommended to determine the weighting factors needed to combine risk measures into the PCR. One of the measures, the expected loss, is calculated by adding together the product of each loss with its respective probability and is conceptually equivalent to the Annual Loss Expectancy (ALE) measure. Another measure, the expected severe loss, focuses on the breaches that would put the survivability of the organization at risks and is calculated by adding together the product of each loss that is greater or equal to the specified threshold loss with its respective probability. Another measure, the standard deviation of loss, represents the dispersion around the expected loss.

引用

页码：64 / 68

页数：5

共 50 条

[1] The Information Security Risk Management
Semin, Valeriy G.
Shmakova, Elena G.
Los, Lexei B.
[J]. PROCEEDINGS OF THE 2017 INTERNATIONAL CONFERENCE QUALITY MANAGEMENT,TRANSPORT AND INFORMATION SECURITY, INFORMATION TECHNOLOGIES (IT&QM&IS), 2017, : 106 - 109
[2] Security through Information Risk Management
Johnson, M. Eric
Goetz, Eric
Pfleeger, Shari Lawrence
[J]. IEEE SECURITY & PRIVACY, 2009, 7 (03) : 45 - 52
[3] The Quantification Management of Information Security Risk
Lao, Guoling
Wang, Liping
[J]. 2008 4TH INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, NETWORKING AND MOBILE COMPUTING, VOLS 1-31, 2008, : 10377 - 10380
[4] Enterprise Risk Management and Information Systems Security Risk
Olson, David L.
Wu, Desheng
[J]. PROCEEDINGS OF THE 3RD INTERNATIONAL CONFERENCE ON RISK MANAGEMENT & GLOBAL E-BUSINESS, VOLS I AND II, 2009, : 1 - 5
[5] Information security risk assessment model for risk management
Wawrzyniak, Dariusz
[J]. TRUST, PRIVACY, AND SECURITY IN DIGITAL BUSINESS, PROCEEDINGS, 2006, 4083 : 21 - 30
[6] The Case for improvisation in information Security Risk Management
Njenga, Kennedy
Brown, Irwin
[J]. E-GOVERNMENT, E-SERVICES AND GLOBAL PROCESSES, 2010, 334 : 220 - +
[7] A Dependency analysis for Information Security and Risk Management
Krishna, B. Chaitanya
Subrahmanyam, Kodukula
Kim, Tai-hoon
[J]. INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS, 2015, 9 (08): : 205 - 210
[8] Performance metrics for information security risk management
Ryan, Julie J. C. H.
Ryan, Daniel J.
[J]. IEEE SECURITY & PRIVACY, 2008, 6 (05) : 38 - 44
[9] Information technology, security and risk management (paperback)
Fitz-Gerald, S.
[J]. JOURNAL OF THE OPERATIONAL RESEARCH SOCIETY, 2008, 59 (08) : 1146 - 1147
[10] INFORMATION SECURITY ASPECT OF OPERATIONAL RISK MANAGEMENT
Zawila-Niedzwiecki, Janusz
Byczkowski, Maciej
[J]. FOUNDATIONS OF MANAGEMENT, 2009, 1 (02) : 45 - 60

← 1 2 3 4 5 →