Information Security Risk Management: In Which Security Solutions Is It Worth Investing?

被引：0

作者：

Fenz, Stefan ^{[1
]}

Ekelhart, Andreas ^{[2
]}

Neubauer, Thomas ^{[3
]}

机构：

[1] Vienna Univ Technol, Vienna, Austria

[2] SBA Res, Vienna, Austria

[3] Vienna Univ Technol, Inst Software Technol & Interact Syst ISIS, Vienna, Austria

来源：

COMMUNICATIONS OF THE ASSOCIATION FOR INFORMATION SYSTEMS | 2011年 / 28卷

关键词：

risk management; cost benefit analysis; decision support system; expert system;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

As companies are increasingly exposed to information security threats, decision makers are permanently forced to pay attention to security issues. Information security risk management provides an approach for measuring the security through risk assessment, risk mitigation, and risk evaluation. Although a variety of approaches have been proposed, decision makers lack well-founded techniques that (1) show them what they are getting for their investment, (2) show them if their investment is efficient, and (3) do not demand in-depth knowledge of the IT security domain. This article defines a methodology for management decision makers that effectively addresses these problems. This work involves the conception, design, and implementation of the methodology into a software solution. The results from two qualitative case studies show the advantages of this methodology in comparison to established methodologies.

引用

页码：329 / 356

页数：28

共 50 条

[1] Information security matters: What is information security worth?
Ross, Steven J.
[J]. ISACA Journal, 2019, 2 : 4 - 6
[2] The Information Security Risk Management
Semin, Valeriy G.
Shmakova, Elena G.
Los, Lexei B.
[J]. PROCEEDINGS OF THE 2017 INTERNATIONAL CONFERENCE QUALITY MANAGEMENT,TRANSPORT AND INFORMATION SECURITY, INFORMATION TECHNOLOGIES (IT&QM&IS), 2017, : 106 - 109
[3] Information security and risk management
Bodin, Lawrence D.
Gordon, Lawrence A.
Loeb, Martin P.
[J]. COMMUNICATIONS OF THE ACM, 2008, 51 (04) : 64 - 68
[4] Quantifying the Benefits of Investing in Information Security
Khansa, Lara
Liginlal, Divakaran
[J]. COMMUNICATIONS OF THE ACM, 2009, 52 (11) : 113 - 117
[5] Security through Information Risk Management
Johnson, M. Eric
Goetz, Eric
Pfleeger, Shari Lawrence
[J]. IEEE SECURITY & PRIVACY, 2009, 7 (03) : 45 - 52
[6] The Quantification Management of Information Security Risk
Lao, Guoling
Wang, Liping
[J]. 2008 4TH INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, NETWORKING AND MOBILE COMPUTING, VOLS 1-31, 2008, : 10377 - 10380
[7] Problems and solutions of information security management in Latvia
Deruma, S.
[J]. 4TH INTERNATIONAL INTERDISCIPLINARY SCIENTIFIC CONFERENCE SOCIETY, HEALTH, WELFARE, 2014, 10
[8] Information security management standards: Problems and solutions
Siponen, Mikko
Willison, Robert
[J]. INFORMATION & MANAGEMENT, 2009, 46 (05) : 267 - 270
[9] From information security management to enterprise risk management
Stoll, Margareth
[J]. Lecture Notes in Electrical Engineering, 2015, 313 : 9 - 16
[10] Enterprise Risk Management and Information Systems Security Risk
Olson, David L.
Wu, Desheng
[J]. PROCEEDINGS OF THE 3RD INTERNATIONAL CONFERENCE ON RISK MANAGEMENT & GLOBAL E-BUSINESS, VOLS I AND II, 2009, : 1 - 5

← 1 2 3 4 5 →