Performance Metrics for Information Security Risk Management

  • Authors:

  • Julie J. C. H. Ryan;Daniel J. Ryan

  • Affiliations:

  • George Washington University;National Defense University

  • Venue:
  • IEEE Security and Privacy
  • Year:
  • 2008

Quantified Score

Hi-index 0.00

Visualization

Abstract

Qualitative methods are available for risk management, but better practice would use quantitative risk management based on expected losses and related metrics. Measuring the success of information security investments is best accomplished by measuring reductions in expected loss.